Skip to content

applications: nrf5340_audio: Automatic SIRK generation#27992

Open
alexsven wants to merge 1 commit intonrfconnect:mainfrom
alexsven:OCT-3666-move-sirk-warning-to-compile-time-instead-of-runtime-wrn
Open

applications: nrf5340_audio: Automatic SIRK generation#27992
alexsven wants to merge 1 commit intonrfconnect:mainfrom
alexsven:OCT-3666-move-sirk-warning-to-compile-time-instead-of-runtime-wrn

Conversation

@alexsven
Copy link
Copy Markdown
Contributor

@alexsven alexsven commented Apr 9, 2026

  • Generate SIRK based on username when using buildprog
  • OCT-3666

@alexsven alexsven added this to the 3.3.0 milestone Apr 9, 2026
@alexsven alexsven requested review from a team as code owners April 9, 2026 10:08
@NordicBuilder NordicBuilder added the doc-required PR must not be merged without tech writer approval. label Apr 9, 2026
@NordicBuilder
Copy link
Copy Markdown
Contributor

NordicBuilder commented Apr 9, 2026
edited
Loading

CI Information

To view the history of this post, click the 'edited' button above
Build number: 2

Inputs:

Sources:

more details

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (0)

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain
  • ◻️ Build twister
  • ◻️ Integration tests

Note: This message is automatically posted and updated by the CI

divipillai
divipillai reviewed Apr 9, 2026
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
-------------

|no_changes_yet_note|
* Added SIRK generation based on the username when using the :file:`buildprog.py` Python script for the nRF5340 Audio unicast client sample.
Copy link
Copy Markdown
Contributor

@divipillai divipillai Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please remove the entry from here and add a comment on PR #27915, if this is part of the 3.3.0 release.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 9, 2026
edited
Loading

You can find the documentation preview for this PR here.

koffes
koffes requested changes Apr 9, 2026
View reviewed changes
applications/nrf5340_audio/tools/buildprog/buildprog.py Outdated
"""

user_name = getpass.getuser()
# encrypt username using sha256 to get a unique but consistent SIRK across runs
Copy link
Copy Markdown
Contributor

@koffes koffes Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do a try: catch: here to check that the user name is not 0 len / empty

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated

|no_changes_yet_note|
* Added SIRK generation based on the username when using the :file:`buildprog.py` Python script for the nRF5340 Audio unicast client sample.
The SIRK is generated using the SHA-256 hash of the username, ensuring a unique but consistent SIRK across runs for the same username.
Copy link
Copy Markdown
Contributor

@koffes koffes Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The SIRK is generated using the SHA-256 hash of the username, ensuring a unique but consistent SIRK across runs for the same username.
The SIRK is generated using parts of the SHA-256 hash of the username, aiming to obtain a unique but consistent SIRK across runs for the same username.

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
|no_changes_yet_note|
* Added SIRK generation based on the username when using the :file:`buildprog.py` Python script for the nRF5340 Audio unicast client sample.
The SIRK is generated using the SHA-256 hash of the username, ensuring a unique but consistent SIRK across runs for the same username.
This change allows users to have a unique SIRK without needing to manually generate and input it, simplifying the setup process for the unicast client sample.
Copy link
Copy Markdown
Contributor

@koffes koffes Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is good, but please also add a note on this in the user guide.

applications/nrf5340_audio/tools/buildprog/buildprog.py
This is the same every time this script is run, but unique across different machines
"""

user_name = getpass.getuser()
Copy link
Copy Markdown
Contributor

@koffes koffes Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is may be troubling as getuser can be of very low entropy.
Would like to have someone with more experience to have a look.

Alternatively, we can add a field to the .json file which is read out. If this is default, buildprog stops.

@koffes koffes requested a review from Copilot April 9, 2026 11:31
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds automatic generation of a CSIP SIRK when using the nRF5340 Audio buildprog.py script, aiming to avoid manual SIRK setup and keep the generated value consistent per user.

Changes:

  • Add SHA-256(username)-based SIRK generation to buildprog.py.
  • Inject the generated SIRK into the west build via CONFIG_BT_SET_IDENTITY_RESOLVING_KEY for the unicast headset/server build.
  • Update nRF5340 Audio release notes to mention the new behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File Description
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Adds a release note entry describing automatic SIRK generation in the build script.
applications/nrf5340_audio/tools/buildprog/buildprog.py Generates a deterministic SIRK from the local username and passes it as a Kconfig define during build.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@alexsven alexsven force-pushed the OCT-3666-move-sirk-warning-to-compile-time-instead-of-runtime-wrn branch from 1d92cba to 5927d83 Compare April 9, 2026 12:20
@NordicBuilder NordicBuilder removed doc-required PR must not be merged without tech writer approval. changelog labels Apr 9, 2026
@alexsven alexsven mentioned this pull request Apr 9, 2026
Open
4 tasks
@alexsven
applications: nrf5340_audio: Automatic SIRK generation
230e336 
- Generate SIRK based on username when using buildprog
- OCT-3666

Signed-off-by: Alexander Svensen <alexander.svensen@nordicsemi.no>
@alexsven alexsven force-pushed the OCT-3666-move-sirk-warning-to-compile-time-instead-of-runtime-wrn branch from 5927d83 to 230e336 Compare April 9, 2026 12:22
@alexsven alexsven requested a review from koffes April 9, 2026 12:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@divipillai divipillai divipillai approved these changes

@koffes koffes Awaiting requested review from koffes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

backport v3.3-branch CI-disable Disable CI for this PR

Projects

None yet

Milestone

3.3.0

Development

Successfully merging this pull request may close these issues.

5 participants

@alexsven @NordicBuilder @koffes @divipillai