Skip to content

doc/../dfu/bootloader_keys: mark ed25519 as only supported #520

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

doc/../dfu/bootloader_keys: mark ed25519 as only supported #520

wants to merge 1 commit into from

Conversation

@nvlsianpu
Copy link
Contributor

@nvlsianpu nvlsianpu commented Nov 27, 2025

Specifies:
ed25519 signature type is only supported signature on nRF54l SoC's rest are for eveluation

@nvlsianpu nvlsianpu requested a review from a team as a code owner November 27, 2025 17:14
@nvlsianpu nvlsianpu added the doc-required PR must not be merged without tech writer approval. label Nov 27, 2025
@nvlsianpu nvlsianpu requested a review from a team as a code owner November 27, 2025 17:14
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 27, 2025
@github-actions
Copy link

github-actions bot commented Nov 27, 2025

You can find the documentation preview for this PR here.

@nvlsianpu nvlsianpu force-pushed the doc/boot_key_ed25519 branch from cdb1da3 to 2052b4f Compare November 27, 2025 19:11
peknis
peknis requested changes Nov 28, 2025
View reviewed changes
doc/nrf-bm/app_dev/dfu/bootloader_keys.rst Outdated

MCUboot in |BMshort| supports the following signature types:
MCUboot in |BMshort| allow a few signatures types.
The ed25519 signature type is recommended as supported for nRF54L Series devices with cryptographic hardware support (CRACEN and KMU).
Copy link

@peknis peknis Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The ed25519 signature type is recommended as supported for nRF54L Series devices with cryptographic hardware support (CRACEN and KMU).
The Ed25519 signature type is recommended as supported for nRF54L Series devices with cryptographic hardware support (CRACEN and KMU).

doc/nrf-bm/app_dev/dfu/bootloader_keys.rst Outdated
MCUboot in |BMshort| supports the following signature types:
MCUboot in |BMshort| allow a few signatures types.
The ed25519 signature type is recommended as supported for nRF54L Series devices with cryptographic hardware support (CRACEN and KMU).
It is recommended to use pure version of ed25519 signature (to enabled use :kconfig:option:`SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE``).
Copy link

@peknis peknis Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It is recommended to use pure version of ed25519 signature (to enabled use :kconfig:option:`SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE``).
It is recommended to use the pure version of the Ed25519 signature (:kconfig:option:`SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE``).

doc/nrf-bm/app_dev/dfu/bootloader_keys.rst Outdated
MCUboot in |BMshort| allow a few signatures types.
The ed25519 signature type is recommended as supported for nRF54L Series devices with cryptographic hardware support (CRACEN and KMU).
It is recommended to use pure version of ed25519 signature (to enabled use :kconfig:option:`SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE``).
Rest of the signature types are for evaluation purpose only and are inherited from the MCUboot project.
Copy link

@peknis peknis Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Rest of the signature types are for evaluation purpose only and are inherited from the MCUboot project.
The rest of the signature types are for evaluation purpose only and are inherited from the MCUboot project.

doc/nrf-bm/app_dev/dfu/bootloader_keys.rst Outdated
It is recommended to use pure version of ed25519 signature (to enabled use :kconfig:option:`SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE``).
Rest of the signature types are for evaluation purpose only and are inherited from the MCUboot project.

The available signature types are listed in the table below:
Copy link

@peknis peknis Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The available signature types are listed in the table below:
The available signature types are listed in the following table:

@eivindj-nordic
Copy link
Contributor

eivindj-nordic commented Nov 28, 2025

nit: Format looks a bit off in the commit title.

eivindj-nordic
eivindj-nordic reviewed Nov 28, 2025
View reviewed changes
doc/nrf-bm/app_dev/dfu/bootloader_keys.rst Outdated
| Type | Description | Sysbuild Kconfig |
+============+======================================================================+=============================================================================+
| None | No signature verification (insecure) | :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE` |
| None | No signature verification (insecure, development helper) | :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE` |
Copy link
Contributor

@eivindj-nordic eivindj-nordic Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find Development helper a bit unclear, is this what you mean?

Suggested change
| None | No signature verification (insecure, development helper) | :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE` |
| None | No signature verification (insecure, for development only) | :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE` |

@nvlsianpu
doc/../dfu/bootloader_keys: mark ed25519 as only supported
fa6e347 
ED25519 signature type is the only supported signature on nRF54l SoC's.
The Rest are for development purposes only.

Signed-off-by: Andrzej Puzdrowski <[email protected]>
@nvlsianpu nvlsianpu force-pushed the doc/boot_key_ed25519 branch from 2052b4f to fa6e347 Compare November 28, 2025 13:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eivindj-nordic eivindj-nordic eivindj-nordic left review comments

@peknis peknis peknis requested changes

@maciejpietras maciejpietras maciejpietras approved these changes

@michalek-no michalek-no Awaiting requested review from michalek-no

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. doc-required PR must not be merged without tech writer approval.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nvlsianpu @eivindj-nordic @peknis @maciejpietras