[NRF54L15-KMU] Clarification on KMU slot-id

Hi Alessandro, 

It seems that we changed the slot used for MCUBoot from SDK v3.2.0 
You can take a look here: https://docs.nordicsemi.com/bundle/ncs-3.2.1/page/nrf/releases_and_maturity/releases/release-notes-3.2.0.html#mcuboot

"Updated KMU mapping to BL_PUBKEY when MCUboot is used as the immutable bootloader for nRF54L Series devices. You can restore the previous KMU mapping (UROT_PUBKEY) with the SB_CONFIG_MCUBOOT_SIGNATURE_KMU_UROT_MAPPING Kconfig option."

Btw, could you let me know by which west -v command do you see the west ncs-provision upload \ --keyname BL_PUBKEY \ --key <path>/bootloader/mcuboot/root-ed25519.pem \ --build-dir <path>/samples/dfu/single  script ? 

I was not to be able to see it when I tried west -v build or west -v flash. 

Thank you for the details.

I am developing in VSCode using the nRF Connect extension.

By enabling the verbose mode in the extension ("nrf-connect.west.verbose": "-v" – very useful for understanding what is happening), you can see all the commands used during the build process. This is how I was able to see the west ncs-provision command mentioned.

I think that the VScode GUI build command do a sequence of commands (not only west build).

Hi Alessandro, 

Thanks for the tip. I have enabled the option and can see more log. 
But still it's hard to catch the exact command. Could you please may be take a screenshot or show more on the log when you see the command ?

If you want to see a cleaner output, after build,

1. delete the keyfile.json in build directory,
2. then triggers build from the GUI command: this should triggers only commands for missing files.

Thanks for the trick that helps . Learned something today
Now I can see the script.
I wasn't paying attention to the --dry-run argument in west ncs-provision upload, thought that it's the actual command to write the key to the KMU which should happen when we flash the chip not when building. 

All good now. Let us know if you have any follow up question. 

Thanks for the trick that helps . Learned something today
Now I can see the script.
I wasn't paying attention to the --dry-run argument in west ncs-provision upload, thought that it's the actual command to write the key to the KMU which should happen when we flash the chip not when building. 

All good now. Let us know if you have any follow up question. 

Could you align https://docs.nordicsemi.com/bundle/ncs-3.2.1/page/nrf/app_dev/device_guides/nrf54l/kmu_provision.html with how is written in https://docs.nordicsemi.com/bundle/ncs-3.2.1/page/nrf/releases_and_maturity/releases/release-notes-3.2.0.html#mcuboot, still the following (wrong) sentence:

• "For MCUboot, take note of the following:

  • UROT_PUBKEY is the key name used by MCUboot."

Hi Alessandro, Hung is OOO for a few days.

Are you able to wait with this reply until he is back, or is this matter more urgent for you?

Regards,

Elfving

Don't worry, no emergency stuff :)