diff --git a/cmake/sysbuild/bootconf.cmake b/cmake/sysbuild/bootconf.cmake new file mode 100644 index 0000000000..ab428c819c --- /dev/null +++ b/cmake/sysbuild/bootconf.cmake @@ -0,0 +1,30 @@ +# +# Copyright (c) 2025 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +function(setup_bootconf_data) + add_custom_target(bootconf_target + ALL + DEPENDS ${CMAKE_BINARY_DIR}/bootconf.hex + ) + + dt_nodelabel(boot_partition_node_full_path NODELABEL "boot_partition") + dt_reg_size(boot_partition_node_size PATH "${boot_partition_node_full_path}") + if(${boot_partition_node_size} GREATER 0x7c00) + message(WARNING "boot_partition doesn't fit into protection region. +Protection will be applied over maximum allowed span.") + endif() + + add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/bootconf.hex + COMMAND ${Python3_EXECUTABLE} + ${ZEPHYR_NRF_MODULE_DIR}/scripts/reglock.py + --output ${CMAKE_BINARY_DIR}/bootconf.hex + --size ${boot_partition_node_size} + VERBATIM + ) + +endfunction() + +setup_bootconf_data() diff --git a/modules/mcuboot/CMakeLists.txt b/modules/mcuboot/CMakeLists.txt index eac122c617..87c08d30a4 100644 --- a/modules/mcuboot/CMakeLists.txt +++ b/modules/mcuboot/CMakeLists.txt @@ -9,4 +9,5 @@ include(${ZEPHYR_NRF_MODULE_DIR}/modules/mcuboot/CMakeLists.txt) if(CONFIG_MCUBOOT AND CONFIG_NCS_BM) include(${ZEPHYR_NRF_BM_MODULE_DIR}/cmake/image_signing_softdevice.cmake) include(${ZEPHYR_NRF_BM_MODULE_DIR}/cmake/flash_metadata.cmake) + include(${ZEPHYR_NRF_BM_MODULE_DIR}/cmake/sysbuild/bootconf.cmake) endif() diff --git a/sysbuild/Kconfig.bm b/sysbuild/Kconfig.bm index 4fa16e3557..7802aeb551 100644 --- a/sysbuild/Kconfig.bm +++ b/sysbuild/Kconfig.bm @@ -84,6 +84,13 @@ config BM_BOOT_IMG_HASH_ALG_PURE endchoice +config BM_BOOT_BOOTCONF_LOCK_WRITES + bool "Protect bootloader's NVM from writes" + depends on SOC_NRF54L15_CPUAPP || SOC_NRF54L05_CPUAPP || SOC_NRF54L10_CPUAPP + default y + help + Sets RRAMC's BOOTCONF region protection to disable writes. + endmenu endif # BM_BOOTLOADER_MCUBOOT