modules: mcuboot: enable support for RAMLOAD mode with revert

cmake/mcuboot.cmake

@@ -102,7 +102,7 @@ function(zephyr_mcuboot_tasks)
   if(CONFIG_MCUBOOT_IMGTOOL_OVERWRITE_ONLY)
     # Use overwrite-only instead of swap upgrades.
     set(imgtool_args --overwrite-only --align 1 ${imgtool_args})
-  elseif(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD)
+  elseif(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
     # RAM load requires setting the location of where to load the image to
     dt_chosen(chosen_ram PROPERTY "zephyr,sram")
     dt_reg_addr(chosen_ram_address PATH ${chosen_ram})
@@ -111,7 +111,7 @@ function(zephyr_mcuboot_tasks)
     dt_nodelabel(slot1_partition NODELABEL "slot1_partition" REQUIRED)
     dt_reg_addr(slot1_partition_address PATH ${slot1_partition})
 
-    set(imgtool_args --align 1 --load-addr ${chosen_ram_address} ${imgtool_args})
+    set(imgtool_args --align ${write_block_size} --load-addr ${chosen_ram_address} ${imgtool_args})
     set(imgtool_args_alt_slot ${imgtool_args} --hex-addr ${slot1_partition_address})
     set(imgtool_args ${imgtool_args} --hex-addr ${slot0_partition_address})
   else()
@@ -142,6 +142,7 @@ function(zephyr_mcuboot_tasks)
       set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
                    ${imgtool_sign} ${imgtool_args} --pad --confirm ${output}.bin
                    ${output}.signed.confirmed.bin)
+      zephyr_runner_file(bin ${output}.signed.confirmed.bin)
     endif()
 
     if(NOT "${keyfile_enc}" STREQUAL "")
@@ -154,7 +155,7 @@ function(zephyr_mcuboot_tasks)
                    ${output}.signed.encrypted.bin)
     endif()
 
-    if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD)
+    if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
       list(APPEND byproducts ${output}.slot1.signed.encrypted.bin)
       set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
                    ${imgtool_sign} ${imgtool_args_alt_slot} ${output}.bin
@@ -194,6 +195,7 @@ function(zephyr_mcuboot_tasks)
       set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
                    ${imgtool_sign} ${imgtool_args} --pad --confirm ${output}.hex
                    ${output}.signed.confirmed.hex)
+      zephyr_runner_file(hex ${output}.signed.confirmed.hex)
     endif()
 
     if(NOT "${keyfile_enc}" STREQUAL "")
@@ -206,7 +208,7 @@ function(zephyr_mcuboot_tasks)
                    ${output}.signed.encrypted.hex)
     endif()
 
-    if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD)
+    if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
       list(APPEND byproducts ${output}.slot1.signed.hex)
       set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
                    ${imgtool_sign} ${imgtool_args_alt_slot} ${output}.hex

modules/Kconfig.mcuboot

@@ -195,6 +195,26 @@ config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
 	  This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
 	  to swap back to older version of the application.
 
+config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT
+	bool "MCUboot has been configured for RAM LOAD with revert"
+	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE
+	select MCUBOOT_BOOTLOADER_NO_DOWNGRADE
+	help
+	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot
+	  will select the image with the higher version number, copy it to RAM and begin execution
+	  from there. The image must be linked to execute from RAM, the address that it is copied
+	  to is specified using the load-addr argument when running imgtool.
+	  This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible
+	  to swap back to older version of the application.
+	  In this mode MCUboot will boot the application with the higher
+	  version from either slot, as long as it has been marked to be boot
+	  next time for test or permanently. In case when application is marked
+	  for test it needs to confirm itself, on the first boot, or it will be
+	  removed and MCUboot will revert to booting previously approved
+	  application. Note that in this mode MCUboot will not boot an
+	  application if it does not have an image header, so if an application
+	  is flashed manually it should be marked as confirmed
+
 config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
 	bool "MCUboot has been configured for DirectXIP operation"
 	select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE

samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.conf

@@ -0,0 +1,4 @@
+CONFIG_USE_DT_CODE_PARTITION=y
+# Force the slot size- imgtool will try to use the smaller slot size, but
+# we want to add a trailing on the primary slot (which is larger)
+CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS="--slot-size=3670016"

samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.overlay

@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2025 Tenstorrent AI ULC
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/*
+ * Layout must match the hyperflash_ram_load overlay file within mcuboot
+ * application configuration directory
+ */
+
+/delete-node/ &sdram0;
+
+/ {
+	sram@80007F00 {
+		compatible = "zephyr,memory-region", "mmio-sram";
+		reg = <0x80007F00 0x100>;
+		zephyr,memory-region = "RetainedMem";
+		status = "okay";
+
+		retainedmem {
+			compatible = "zephyr,retained-ram";
+			status = "okay";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			boot_info0: boot_info@0 {
+				compatible = "zephyr,retention";
+				status = "okay";
+				reg = <0x0 0x100>;
+			};
+		};
+	};
+
+	chosen {
+		zephyr,bootloader-info = &boot_info0;
+		zephyr,sram = &sdram_split;
+	};
+
+	/*
+	 * Adjust sdram0 to reserve first 30KB for MCUBoot, and
+	 * remaining 2KB for retained memory
+	 */
+	sdram_split: sdram_split@80008000 {
+		reg = <0x80008000 (0x2000000 - DT_SIZE_K(32))>;
+	};
+
+};

samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52840dk_nrf52840_ram_load.overlay

@@ -1,6 +1,35 @@
 /delete-node/ &sram0;
 
-#include "../sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay"
+/*
+ * Layout must match the nrf52840dk_nrf52840_ram_load overlay file within mcuboot
+ * application configuration directory
+ */
+
+/ {
+	sram@2003FF00 {
+		compatible = "zephyr,memory-region", "mmio-sram";
+		reg = <0x2003FF00 0x100>;
+		zephyr,memory-region = "RetainedMem";
+		status = "okay";
+
+		retainedmem {
+			compatible = "zephyr,retained-ram";
+			status = "okay";
+			#address-cells = <1>;
+			#size-cells = <1>;
+
+			boot_info0: boot_info@0 {
+				compatible = "zephyr,retention";
+				status = "okay";
+				reg = <0x0 0x100>;
+			};
+		};
+	};
+
+	chosen {
+		zephyr,bootloader-info = &boot_info0;
+	};
+};
 
 / {
 	chosen {

samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml

@@ -177,8 +177,18 @@ tests:
       - EXTRA_CONF_FILE="overlay-serial.conf"
     platform_allow:
       - nrf52840dk/nrf52840
+      - mimxrt1050_evk/mimxrt1052/hyperflash
+  sample.mcumgr.smp_svr.ram_load_revert.serial:
+    extra_args:
+      - FILE_SUFFIX="ram_load"
+      - EXTRA_CONF_FILE="overlay-serial.conf"
+      - SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT=y
+      - smp_svr_CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE=y
+      - mcuboot_CONFIG_MCUBOOT_LOG_LEVEL_DBG=y # Required for RT1050- likely a flash bug?
+    platform_allow:
+      - mimxrt1050_evk/mimxrt1052/hyperflash
     integration_platforms:
-      - nrf52840dk/nrf52840
+      - mimxrt1050_evk/mimxrt1052/hyperflash
   sample.mcumgr.smp_svr.ram_load.serial.fs.shell:
     extra_args:
       - FILE_SUFFIX="ram_load"

samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/CMakeLists.txt

@@ -1,9 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
 
-if("${FILE_SUFFIX}" STREQUAL "ram_load")
-  set(mcuboot_EXTRA_DTC_OVERLAY_FILE "${CMAKE_CURRENT_LIST_DIR}/nrf52840dk_nrf52840_mcuboot_ram_load.overlay" CACHE INTERNAL "" FORCE)
-endif()
-
 find_package(Sysbuild REQUIRED HINTS $ENV{ZEPHYR_BASE})
 
 project(sysbuild LANGUAGES)

scripts/ci/check_compliance.py

@@ -937,6 +937,7 @@ def check_no_undef_outside_kconfig(self, kconf):
         "BOOT_FIRMWARE_LOADER", # Used in sysbuild for MCUboot configuration
         "BOOT_MAX_IMG_SECTORS_AUTO", # Used in sysbuild
         "BOOT_RAM_LOAD", # Used in sysbuild for MCUboot configuration
+        "BOOT_RAM_LOAD_REVERT", # Used in sysbuild for MCUboot configuration
         "BOOT_SERIAL_BOOT_MODE",     # Used in (sysbuild-based) test/
                                      # documentation
         "BOOT_SERIAL_CDC_ACM",       # Used in (sysbuild-based) test

share/sysbuild/image_configurations/BOOTLOADER_image_default.cmake

@@ -23,7 +23,7 @@ elseif(SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY)
   set(bootmode CONFIG_BOOT_UPGRADE_ONLY)
 elseif(SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP OR SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT)
   set(bootmode CONFIG_BOOT_DIRECT_XIP)
-elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD)
+elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD OR SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT)
   set(bootmode CONFIG_BOOT_RAM_LOAD)
 elseif(SB_CONFIG_MCUBOOT_MODE_FIRMWARE_UPDATER)
   set(bootmode CONFIG_BOOT_FIRMWARE_LOADER)
@@ -43,6 +43,12 @@ else()
   set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_DIRECT_XIP_REVERT n)
 endif()
 
+if(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT)
+  set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_RAM_LOAD_REVERT y)
+else()
+  set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_RAM_LOAD_REVERT n)
+endif()
+
 set(keytypes CONFIG_BOOT_SIGNATURE_TYPE_NONE
              CONFIG_BOOT_SIGNATURE_TYPE_RSA
              CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256

share/sysbuild/image_configurations/MAIN_image_default.cmake

@@ -37,6 +37,11 @@ if(SB_CONFIG_BOOTLOADER_MCUBOOT)
     set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD y)
     set_config_bool(${ZCMAKE_APPLICATION} CONFIG_XIP n)
     set_config_int(${ZCMAKE_APPLICATION} CONFIG_FLASH_SIZE 0)
+  elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT)
+    # RAM load mode requires XIP be disabled and flash size be set to 0
+    set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT y)
+    set_config_bool(${ZCMAKE_APPLICATION} CONFIG_XIP n)
+    set_config_int(${ZCMAKE_APPLICATION} CONFIG_FLASH_SIZE 0)
   elseif(SB_CONFIG_MCUBOOT_MODE_FIRMWARE_UPDATER)
     set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER y)
   endif()

share/sysbuild/images/bootloader/Kconfig

@@ -105,6 +105,20 @@ config MCUBOOT_MODE_RAM_LOAD
 	  Note: RAM must be assigned to the bootloader that is not used by the application in this
 	  mode so that the bootloader is able to function until the application has booted.
 
+config MCUBOOT_MODE_RAM_LOAD_WITH_REVERT
+	bool "RAM load with revert"
+	help
+	  MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot
+	  will select the image with the higher version number, copy it to RAM and begin execution
+	  from there. MCUBoot will only boot an image if it has been marked to be boot next time
+	  for test or permanently. In case when application is marked for test it needs to confirm
+	  itself, on the first boot, or it will be removed and MCUboot will revert to booting
+	  previously approved application. The image must be linked to execute from RAM, the address
+	  that it is copied to is specified using the load-addr argument when running imgtool.
+
+	  Note: RAM must be assigned to the bootloader that is not used by the application in this
+	  mode so that the bootloader is able to function until the application has booted.
+
 config MCUBOOT_MODE_FIRMWARE_UPDATER
 	bool "Firmware updater"
 	help

soc/nxp/common/Kconfig.flexspi_xip

@@ -23,6 +23,8 @@ config FLASH_SIZE
 config FLASH_MCUX_FLEXSPI_XIP
 	bool
 	default $(DT_FLASH_PARENT_IS_FLEXSPI)
+	depends on !(MCUBOOT_BOOTLOADER_MODE_RAM_LOAD || \
+		     MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
 	select XIP
 	help
 	  Allows REfor the soc to safely initialize the clocks for the