suit: add editable manifests and rework directory layout

Add build system mechanism for adding editable manifest templates into the application. Add west script for initializing and maintaining editable manifest templates. Signed-off-by: Rafał Kuźnia <[email protected]>
Sriant · Aug 21, 2024 · 0bb1b0b · 0bb1b0b
1 parent 05954fc
commit 0bb1b0b
Show file tree

Hide file tree

Showing 28 changed files with 959 additions and 36 deletions.
diff --git a/applications/matter_bridge/boards/nrf54h20dk_nrf54h20_cpuapp.conf b/applications/matter_bridge/boards/nrf54h20dk_nrf54h20_cpuapp.conf
@@ -20,6 +20,3 @@ CONFIG_CHIP_FACTORY_DATA=n
 
 # TODO: Workaround to be removed once Zephyr's CONFIG_FPROTECT is supported on nRF54H20.
 CONFIG_CHIP_FACTORY_DATA_WRITE_PROTECT=n
-
-# Use common SUIT envelope templates prepared for Matter purpose
-CONFIG_SUIT_ENVELOPE_TEMPLATE="${ZEPHYR_NRF_MODULE_DIR}/samples/matter/common/suit_templates/app_envelope.yaml.jinja2"
diff --git a/applications/matter_bridge/sysbuild/ipc_radio/boards/nrf54h20dk_nrf54h20_cpurad.conf b/applications/matter_bridge/sysbuild/ipc_radio/boards/nrf54h20dk_nrf54h20_cpurad.conf
diff --git a/cmake/sysbuild/suit.cmake b/cmake/sysbuild/suit.cmake
@@ -99,6 +99,56 @@ function(suit_generate_dfu_zip)
   )
 endfunction()
 
+# Get path to the manifest template in the base manifest template directory.
+#
+# Usage:
+#   suit_make_base_manifest_path(template_name output_variable)
+#
+# Parameters:
+#   template_name - Name of the base manifest template
+#   output_variable - CMake variable where the path to the base manifest template will be stored.
+#
+function(suit_make_base_manifest_path template_name output_variable)
+  set(${output_variable} "${SB_CONFIG_SUIT_BASE_MANIFEST_TEMPLATE_DIR}/${SB_CONFIG_SOC}/${SB_CONFIG_SUIT_BASE_MANIFEST_VARIANT}/${template_name}" PARENT_SCOPE)
+endfunction()
+
+# Get path to the manifest template in the application manifest template directory.
+#
+# Usage:
+#   suit_make_custom_manifest_path(template_name output_variable)
+#
+# Parameters:
+#   template_name - Name of the base manifest template
+#   output_variable - CMake variable where the path to the base manifest template will be stored.
+#
+function(suit_make_custom_manifest_path template_name output_variable)
+  sysbuild_get(app_config_dir IMAGE ${DEFAULT_IMAGE} VAR APPLICATION_CONFIG_DIR CACHE)
+  set(${output_variable} "${app_config_dir}/suit/${SB_CONFIG_SOC}/${template_name}" PARENT_SCOPE)
+endfunction()
+
+# Get the path to the manifest template.
+#
+# The function searches for the manifest templates in the application manifest template directory.
+# If such template does not exist, it searches for the template in the base manifest template
+# directory.
+#
+# Usage:
+#   suit_get_manifest(template_name output_variable)
+#
+# Parameters:
+#   template_name - Name of the base manifest template
+#   output_variable - CMake variable where the path to the base manifest template will be stored.
+#
+function(suit_get_manifest template_name output_variable)
+  suit_make_custom_manifest_path(${template_name} custom_path)
+  suit_make_base_manifest_path(${template_name} base_path)
+  if(EXISTS ${custom_path})
+    set(${output_variable} ${custom_path} PARENT_SCOPE)
+  else()
+    set(${output_variable} ${base_path} PARENT_SCOPE)
+  endif()
+endfunction()
+
 # Create DFU package/main envelope.
 #
 # Usage:
@@ -153,8 +203,12 @@ function(suit_create_package)
       continue()
     endif()
 
-    sysbuild_get(INPUT_ENVELOPE_JINJA_FILE IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TEMPLATE KCONFIG)
+    sysbuild_get(INPUT_ENVELOPE_JINJA_FILE IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TEMPLATE_FILENAME KCONFIG)
     string(CONFIGURE "${INPUT_ENVELOPE_JINJA_FILE}" INPUT_ENVELOPE_JINJA_FILE)
+    suit_get_manifest(${INPUT_ENVELOPE_JINJA_FILE} INPUT_ENVELOPE_JINJA_FILE)
+
+    message(STATUS "Found ${image} manifest template: ${INPUT_ENVELOPE_JINJA_FILE}")
+
     suit_set_absolute_or_relative_path(${INPUT_ENVELOPE_JINJA_FILE} ${app_config_dir} INPUT_ENVELOPE_JINJA_FILE)
     sysbuild_get(target IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TARGET KCONFIG)
     sysbuild_get(BINARY_DIR IMAGE ${image} VAR APPLICATION_BINARY_DIR CACHE)
@@ -178,7 +232,8 @@ function(suit_create_package)
     )
   endforeach()
 
-  set(INPUT_ROOT_ENVELOPE_JINJA_FILE ${SB_CONFIG_SUIT_ENVELOPE_ROOT_TEMPLATE})
+  suit_get_manifest(${SB_CONFIG_SUIT_ENVELOPE_ROOT_TEMPLATE_FILENAME} INPUT_ROOT_ENVELOPE_JINJA_FILE)
+  message(STATUS "Found root manifest template: ${INPUT_ROOT_ENVELOPE_JINJA_FILE}")
 
   # create root envelope if defined
   if(DEFINED INPUT_ROOT_ENVELOPE_JINJA_FILE AND NOT INPUT_ROOT_ENVELOPE_JINJA_FILE STREQUAL "")
@@ -313,8 +368,6 @@ function(suit_build_recovery)
       "-DBOARD:STRING=${board_target}"
       "-DEXTRA_DTC_OVERLAY_FILE:STRING=${APP_DIR}/sysbuild/recovery.overlay"
       "-Dhci_ipc_EXTRA_DTC_OVERLAY_FILE:STRING=${APP_DIR}/sysbuild/recovery_hci_ipc.overlay"
-      "-DSB_CONFIG_SUIT_ENVELOPE_ROOT_TEMPLATE:STRING=\\\"${ZEPHYR_NRF_MODULE_DIR}/samples/suit/recovery/app_recovery_envelope.yaml.jinja2\\\""
-      "-Dhci_ipc_CONFIG_SUIT_ENVELOPE_TEMPLATE:STRING=\\\"${ZEPHYR_NRF_MODULE_DIR}/samples/suit/recovery/rad_recovery_envelope.yaml.jinja2\\\""
       "-DCONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME:STRING=\\\"${APP_RECOVERY_VENDOR_NAME}\\\""
       "-DCONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME:STRING=\\\"${APP_RECOVERY_CLASS_NAME}\\\""
       "-DCONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME:STRING=\\\"${RAD_RECOVERY_VENDOR_NAME}\\\""

diff --git a/config/suit/templates/nrf54h20/default/v1/app_envelope.yaml.jinja2 b/config/suit/templates/nrf54h20/default/v1/app_envelope.yaml.jinja2
@@ -0,0 +1,150 @@
+{%- set mpi_application_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %}
+{%- set mpi_application_class_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF54H20_sample_app') %}
+{%- set sequence_number = sysbuild['config']['SB_CONFIG_SUIT_ENVELOPE_SEQUENCE_NUM'] %}
+SUIT_Envelope_Tagged:
+  suit-authentication-wrapper:
+    SuitDigest:
+      suit-digest-algorithm-id: cose-alg-sha-256
+  suit-manifest:
+    suit-manifest-version: 1
+    suit-manifest-sequence-number: {{ sequence_number }}
+    suit-common:
+      suit-components:
+      - - MEM
+        - {{ application['dt'].label2node['cpu'].unit_addr }}
+        - {{ get_absolute_address(application['dt'].chosen_nodes['zephyr,code-partition']) }}
+        - {{ application['dt'].chosen_nodes['zephyr,code-partition'].regs[0].size }}
+      - - CAND_IMG
+        - 0
+      suit-shared-sequence:
+      - suit-directive-set-component-index: 0
+      - suit-directive-override-parameters:
+          suit-parameter-vendor-identifier:
+            RFC4122_UUID: {{ mpi_application_vendor_name }}
+          suit-parameter-class-identifier:
+            RFC4122_UUID:
+              namespace: {{ mpi_application_vendor_name }}
+              name: {{ mpi_application_class_name }}
+          suit-parameter-image-digest:
+            suit-digest-algorithm-id: cose-alg-sha-256
+            suit-digest-bytes:
+              file: {{ application['binary'] }}
+          suit-parameter-image-size:
+            file: {{ application['binary'] }}
+      - suit-condition-vendor-identifier:
+        - suit-send-record-success
+        - suit-send-record-failure
+        - suit-send-sysinfo-success
+        - suit-send-sysinfo-failure
+      - suit-condition-class-identifier:
+        - suit-send-record-success
+        - suit-send-record-failure
+        - suit-send-sysinfo-success
+        - suit-send-sysinfo-failure
+    suit-validate:
+    - suit-directive-set-component-index: 0
+    # In the case of streaming operations it is worth to retry them at least once.
+    # This increases the robustness against bit flips on the transport,
+    # for example when storing the data on an external memory device.
+    # The suit-directive-try-each will complete on the first successful subsequence.
+    - suit-directive-try-each:
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+    suit-invoke:
+    - suit-directive-set-component-index: 0
+    - suit-directive-invoke:
+      - suit-send-record-failure
+    suit-install:
+    - suit-directive-set-component-index: 1
+    - suit-directive-override-parameters:
+        suit-parameter-uri: '#{{ application['name'] }}'
+        suit-parameter-image-digest:
+          suit-digest-algorithm-id: cose-alg-sha-256
+          suit-digest-bytes:
+            file: {{ application['binary'] }}
+    - suit-directive-fetch:
+      - suit-send-record-failure
+    - suit-directive-try-each:
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+    - suit-directive-set-component-index: 0
+    - suit-directive-override-parameters:
+        suit-parameter-source-component: 1
+    # When copying the data it is worth to retry the sequence of
+    # suit-directive-copy and suit-condition-image-match at least once.
+    # If a bit flip occurs, it might be due to a transport issue, not
+    # a corrupted candidate image. In this case the bit flip is recoverable
+    # and it is worth retrying the operation.
+    # The suit-directive-try-each will complete on the first successful subsequence.
+    - suit-directive-try-each:
+      - - suit-directive-copy:
+          - suit-send-record-failure
+        - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+      - - suit-directive-copy:
+          - suit-send-record-failure
+        - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+    suit-text:
+      suit-digest-algorithm-id: cose-alg-sha-256
+
+    suit-candidate-verification:
+    - suit-directive-set-component-index: 1
+    - suit-directive-override-parameters:
+        suit-parameter-uri: '#{{ application['name'] }}'
+        suit-parameter-image-digest:
+          suit-digest-algorithm-id: cose-alg-sha-256
+          suit-digest-bytes:
+            file: {{ application['binary'] }}
+    - suit-directive-fetch:
+      - suit-send-record-failure
+    - suit-directive-try-each:
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+      - - suit-condition-image-match:
+          - suit-send-record-success
+          - suit-send-record-failure
+          - suit-send-sysinfo-success
+          - suit-send-sysinfo-failure
+
+    suit-manifest-component-id:
+    - INSTLD_MFST
+    - RFC4122_UUID:
+        namespace: {{ mpi_application_vendor_name }}
+        name: {{ mpi_application_class_name }}
+  suit-text:
+    en:
+      '["MEM", {{ application['dt'].label2node['cpu'].unit_addr }}, {{ get_absolute_address(application['dt'].chosen_nodes['zephyr,code-partition']) }}, {{ application['dt'].chosen_nodes['zephyr,code-partition'].regs[0].size }}]':
+        suit-text-vendor-name: Nordic Semiconductor ASA
+        suit-text-model-name: nRF54H20_cpuapp
+        suit-text-vendor-domain: nordicsemi.com
+        suit-text-model-info: The nRF54H20 application core
+        suit-text-component-description: Sample application core FW
+        suit-text-component-version: v1.0.0
+  suit-integrated-payloads:
+    '#{{ application['name'] }}': {{ application['binary'] }}