Skip to content

[nrf noup] bootutil: Add error log on KMU not provisioned #435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[nrf noup] bootutil: Add error log on KMU not provisioned #435

wants to merge 1 commit into from

Conversation

hellesvik-nordic
Copy link
Contributor

An unprovisioned KMU can cause confusion, so improve the logs for this case.

@NordicBuilder NordicBuilder mentioned this pull request May 14, 2025
Open
de-nordic
de-nordic reviewed May 15, 2025
View reviewed changes
de-nordic
de-nordic reviewed May 15, 2025
View reviewed changes
boot/bootutil/src/ed25519_psa.c Outdated
@@ -126,6 +126,9 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
}

BOOT_LOG_ERR("ED25519 signature verification failed %d", status);
if(status == PSA_ERROR_INVALID_HANDLE) {
BOOT_LOG_ERR("PSA_ERROR_INVALID_HANDLE(-136) could mean that the KMU slot is not provisioned.");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
BOOT_LOG_ERR("PSA_ERROR_INVALID_HANDLE(-136) could mean that the KMU slot is not provisioned.");
BOOT_LOG_ERR("PSA ED25519 signature failed (-136), unknown key ID");

Are you sure we want to be that verbose? Non KMU specific message could actually be brought upstream too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would argue that we want users to think "Oh I need to provision the KMU" when reading the message, so at the very least the KMU should be mentioned.
This function is also KMU specific (inside the elif) so I think it makes sense to mention the KMU in the log.

@de-nordic de-nordic requested a review from nvlsianpu May 15, 2025 08:33
@rlubos rlubos requested a review from nordicjm as a code owner May 15, 2025 09:57
@hellesvik-nordic hellesvik-nordic marked this pull request as draft May 16, 2025 06:39
@hellesvik-nordic
Copy link
Contributor Author

@de-nordic, I added CONFIG_MCUBOOT_SETUP_VALIDATION, which might be what we talked about. What do you think about this?

nordicjm
nordicjm requested changes May 19, 2025
View reviewed changes
Copy link
Contributor

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

4 space indent for C code in mcuboot
tab indent for Kconfigs
No default n in Kconfig, that is the default
1x tab followed by 2x spaces for Kconfig help text indent

de-nordic
de-nordic reviewed May 28, 2025
View reviewed changes
nvlsianpu
nvlsianpu reviewed May 28, 2025
View reviewed changes
@hellesvik-nordic
Copy link
Contributor Author

After discussing with @de-nordic directly, we concluded that this change will not need a Kconfig option, as this is a one-off extra log to catch a very common error case.

@hellesvik-nordic hellesvik-nordic marked this pull request as ready for review May 28, 2025 12:02
@hellesvik-nordic
[nrf noup] bootutil: Gives more logs on KMU not provisioned
3a6fbc1 
Checks if the KMU has been provisioned, and add extra log if it has not.
Error 136 could theoretically be caused by something else, so the
extra logs is not phrased in a absolute manner.

Fixes: NCSDK-33559

Signed-off-by: Sigurd Hellesvik <sigurd.hellesvik@nordicsemi.no>
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 3, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@de-nordic de-nordic de-nordic approved these changes

@nordicjm nordicjm Awaiting requested review from nordicjm

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hellesvik-nordic @nvlsianpu @nordicjm @de-nordic