• State Verified Answer
  • Replies 6 replies
  • Subscribers 86 subscribers
  • Views 683 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 352801
Options

[NRF54L15] NSIB (B0) Fatal Error when using prj_minimal.conf

jasr93

Hi,

I am developing an application with the latest available version of the nRF Connect SDK (v3.1.1) for the nRF54L15 SoC.


I want to develop an application with B0 + MCUboot + App (cpuapp).


In order for B0 and MCUboot to occupy the smallest possible flash size, I want to be able to build the minimal versions (prj_minimal.conf) of both of them.


If I build the project with the minimum version of B0 (-Db0_FILE_SUFFIX="minimal"), I get a fatal error during execution that occurs in the nrf_security_event_wait function.


If I build the project with the non-minimum version, the error does not occur and everything starts properly.

The Sysbuild configs are as follows:

SB_CONFIG_SECURE_BOOT_APPCORE=y
SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE=y
SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU=y
SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE="nsib_ed25519-1.pem"
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="mcuboot_ed25519-1.pem"

Thanks in advance

Parents
  • 0

    Hi,

    Could you post the fatal error you're referring to?

    Note that prj_minimal.conf is going/being removed https://github.com/nrfconnect/sdk-mcuboot/pull/523, and instead we recommend you use https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/samples/zephyr/smp_svr_mini_boot/README.html as a reference to create a small MCUboot

    Kind regards,
    Andreas

  • 0 in reply to AHaug 
    Okay. I'll keep that in mind.
However, the problem is with the minimum NSIB (B0) configuration , not MCUboot.

The error is as follows:

    *** Booting B0 ncs-v3.1.1 ***
    Fprotect disabled. No protection applied.
    Attempting to boot slot 0.
    Attempting to boot from address 0x8800.
    I: Trying to get Firmware version
    E: ***** USAGE FAULT *****
    E: Illegal use of the EPSR
    E: r0/a1: 0x2000117c r1/a2: 0x200017c8 r2/a3: 0x00000000
    E: r3/a4: 0x2000117c r12/ip: 0x00ffd55c r14/lr: 0xfffffffd
    E: xpsr: 0x28000058
    E: Faulting instruction address (r15/pc): 0x00000000
    E: >>> ZEPHYR FATAL ERROR 35: Unknown error on CPU 0
    E: Fault during interrupt handling

    E: Halting system
  • 0 in reply to jasr93

    Ah, my bad. I was a bit too quick with my assumptions there. Thank you for providing the logs. I'll have another look at it.

    While waiting, could you check the relevant addresses and see where the fault is triggered? For reference see https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-2-debugging/topic/exercise-2-11/ 

    Kind regards,
    Andreas

  • 0 in reply to AHaug

    Hi again,
    The complete backtrace of the problem is as follows:

    #0 0x0000288e in __ISB () at C:/ncs/external/modules/hal/cmsis/CMSIS/Core/Include/cmsis_gcc.h:260
    #1 arch_irq_lock () at C:/ncs/external/zephyr/include/zephyr/arch/arm/asm_inline_gcc.h:58
    #2 arch_system_halt (reason=35) at C:/ncs/external/zephyr/kernel/fatal.c:29
    #3 k_sys_fatal_error_handler (esf=0x20001138 <z_interrupt_stacks+1960>, reason=35) at C:/ncs/external/zephyr/kernel/fatal.c:44
    #4 z_fatal_error (esf=0x20001138 <z_interrupt_stacks+1960>, reason=35) at C:/ncs/external/zephyr/kernel/fatal.c:119
    #5 z_arm_fatal_error (reason=reason@entry=35, esf=esf@entry=0x20001138 <z_interrupt_stacks+1960>) at C:/ncs/external/zephyr/arch/arm/core/fatal.c:86
    #6 0x00002450 in z_arm_fault at C:/ncs/external/zephyr/arch/arm/core/cortex_m/fault.c:1080
    #7 0x00002774 in z_arm_usage_fault () at C:/ncs/external/zephyr/arch/arm/core/cortex_m\fault_s.S:102
    #8 <signal handler called>
    #9 0x00000000 in _vector_table ()
    #10 <signal handler called>
    #11 0x00002994 in nrf_security_event_wait at C:/ncs/external/nrf/subsys/nrf_security/src/utils/nrf_security_events.c:54
    #12 cracen_wait_for_interrupt at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/interrupts.c:74
    #13 0x00000cb2 in cracen_wait_for_cm_interrupt () at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/interrupts.c:96
    #14 cracen_wait_for_cm_interrupt () at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/platform/baremetal/interrupts.c:85
    #15 sx_cmdma_check_with_interrupts () at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/cmdma.c:90
    #16 0x00001b14 in sx_cmdma_check () at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/cmdma.c:112
    #17 sx_hash_status at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/hash.c:242
    #18 sx_hash_wait (c=<optimized out>) at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/sxsymcrypt/src/hash.c:261
    #19 cracen_hash_all_inputs_with_context at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.c:985
    #20 cracen_hash_all_inputs_with_context at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.c:963
    #21 cracen_hash_all_inputs at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/common.c:995
    #22 ed25519_verify_internal at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c:188
    #23 0x000022ea in cracen_ed25519_verify at C:/ncs/external/nrf/subsys/nrf_security/src/drivers/cracen/cracenpsa/src/ed25519.c:204
    #24 psa_verify_message at C:/ncs/external/nrf/subsys/nrf_security/src/core/lite/psa_core_lite.c:142
    #25 bl_ed25519_validate at C:/ncs/external/nrf/subsys/bootloader/bl_crypto/bl_crypto_ed25519.c:55
    #26 bl_ed25519_validate at C:/ncs/external/nrf/subsys/bootloader/bl_crypto/bl_crypto_ed25519.c:31
    #27 0x00001350 in validate_signature at C:/ncs/external/nrf/subsys/bootloader/bl_validation/bl_validation.c:306
    #28 validate_firmware at C:/ncs/external/nrf/subsys/bootloader/bl_validation/bl_validation.c:505
    #29 0x00001458 in bl_validate_firmware_local at C:/ncs/external/nrf/subsys/bootloader/bl_validation/bl_validation.c:525
    #30 validate_and_boot at C:/ncs/external/nrf/samples/bootloader/src/main.c:81
    #31 0x0000163e in main () at C:/ncs/external/nrf/samples/bootloader/src/main.c:151
    #32 bg_thread_main at C:/ncs/external/zephyr/kernel/init.c:586
    #33 0x000025ea in z_arm_switch_to_main_no_multithreading at C:/ncs/external/zephyr/arch/arm/core/cortex_m/thread.c:609
    #34 z_cstart () at C:/ncs/external/zephyr/kernel/init.c:823
    #35 z_prep_c () at C:/ncs/external/zephyr/arch/arm/core/cortex_m/prep_c.c:220
    #36 0x200017e8 in ?? ()

  • +1 in reply to jasr93

    Hi, 

    Took some time to get back here. Thank you for your patience. Following up to sync my findings with potentially yours.

    As you probably expect Db0_FILE_SUFFIX=minimal doesn't include the necessary configurations that KMU and private keys require for the nRF54L15. I made a sample attempting what you describe and it works with a non-minimal b0, and doesn't boot with minimal b0. 

    I've not isolated which config(s) in the diff between https://github.com/nrfconnect/sdk-nrf/blob/main/samples/bootloader/prj_minimal.conf and https://github.com/nrfconnect/sdk-nrf/blob/main/samples/bootloader/prj.conf thats the issue. For now it has to be one of these

    Descriptions in the sample I've made can be seen in the Readme.Link https://github.com/aHaugl/samples_for_NCS/tree/main/bootloader/sysbuild/4_dfu_uart/2_54l15_chain_priv_key 

    How's progress been on your end?

    Kind regards,
    Andreas

Reply Children
Related
Terms of service