samples: suit: Added first version of the recovery application

The recovery application can be built as a standalone application
and flashed with nrfutil.

Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no>

Author: ahasztag

cmake/sysbuild/suit.cmake

@@ -174,14 +174,23 @@ function(suit_create_package)
   )
 
   foreach(image ${IMAGES})
+    unset(target)
     sysbuild_get(BINARY_DIR IMAGE ${image} VAR APPLICATION_BINARY_DIR CACHE)
     sysbuild_get(BINARY_FILE IMAGE ${image} VAR CONFIG_KERNEL_BIN_NAME KCONFIG)
+    sysbuild_get(target IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TARGET KCONFIG)
 
     set(BINARY_FILE "${BINARY_FILE}.bin")
 
     list(APPEND CORE_ARGS
       --core ${image},${SUIT_ROOT_DIRECTORY}${image}.bin,${BINARY_DIR}/zephyr/edt.pickle,${BINARY_DIR}/zephyr/.config
     )
+
+    if(DEFINED target AND NOT target STREQUAL "")
+      list(APPEND CORE_ARGS
+      --core ${target},${SUIT_ROOT_DIRECTORY}${target}.bin,${BINARY_DIR}/zephyr/edt.pickle,${BINARY_DIR}/zephyr/.config
+      )
+      suit_copy_artifact_to_output_directory(${target} ${BINARY_DIR}/zephyr/${BINARY_FILE})
+    endif()
     suit_copy_artifact_to_output_directory(${image} ${BINARY_DIR}/zephyr/${BINARY_FILE})
   endforeach()
 
@@ -194,24 +203,18 @@ function(suit_create_package)
 
     sysbuild_get(INPUT_ENVELOPE_JINJA_FILE IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TEMPLATE KCONFIG)
     sysbuild_get(target IMAGE ${image} VAR CONFIG_SUIT_ENVELOPE_TARGET KCONFIG)
-    sysbuild_get(BINARY_DIR IMAGE ${image} VAR APPLICATION_BINARY_DIR CACHE)
-    sysbuild_get(BINARY_FILE IMAGE ${image} VAR CONFIG_KERNEL_BIN_NAME KCONFIG)
+    suit_set_absolute_or_relative_path(${INPUT_ENVELOPE_JINJA_FILE} ${PROJECT_BINARY_DIR} INPUT_ENVELOPE_JINJA_FILE)
+
     suit_copy_input_template(${INPUT_TEMPLATES_DIRECTORY} "${INPUT_ENVELOPE_JINJA_FILE}" ENVELOPE_JINJA_FILE)
     if(NOT DEFINED ENVELOPE_JINJA_FILE)
       message(SEND_ERROR "DFU: Creation of SUIT artifacts failed.")
       return()
     endif()
     suit_check_template_digest(${INPUT_TEMPLATES_DIRECTORY} "${INPUT_ENVELOPE_JINJA_FILE}")
-    set(BINARY_FILE "${BINARY_FILE}.bin")
-
-    list(APPEND CORE_ARGS
-      --core ${target},${SUIT_ROOT_DIRECTORY}${target}.bin,${BINARY_DIR}/zephyr/edt.pickle,${BINARY_DIR}/zephyr/.config
-    )
 
     set(ENVELOPE_YAML_FILE ${SUIT_ROOT_DIRECTORY}${target}.yaml)
     set(ENVELOPE_SUIT_FILE ${SUIT_ROOT_DIRECTORY}${target}.suit)
 
-    suit_copy_artifact_to_output_directory(${target} ${BINARY_DIR}/zephyr/${BINARY_FILE})
     suit_render_template(${ENVELOPE_JINJA_FILE} ${ENVELOPE_YAML_FILE} "${CORE_ARGS}")
     suit_create_envelope(${ENVELOPE_YAML_FILE} ${ENVELOPE_SUIT_FILE} ${ENVELOPE_SHALL_BE_SIGNED})
     list(APPEND STORAGE_BOOT_ARGS
@@ -224,6 +227,7 @@ function(suit_create_package)
   # create root envelope if defined
   if(DEFINED INPUT_ROOT_ENVELOPE_JINJA_FILE AND NOT INPUT_ROOT_ENVELOPE_JINJA_FILE STREQUAL "")
     set(ROOT_NAME ${SB_CONFIG_SUIT_ENVELOPE_ROOT_ARTIFACT_NAME})
+    suit_set_absolute_or_relative_path(${INPUT_ROOT_ENVELOPE_JINJA_FILE} ${PROJECT_BINARY_DIR} INPUT_ROOT_ENVELOPE_JINJA_FILE)
     suit_copy_input_template(${INPUT_TEMPLATES_DIRECTORY} "${INPUT_ROOT_ENVELOPE_JINJA_FILE}" ROOT_ENVELOPE_JINJA_FILE)
     suit_check_template_digest(${INPUT_TEMPLATES_DIRECTORY} "${INPUT_ROOT_ENVELOPE_JINJA_FILE}")
     set(ROOT_ENVELOPE_YAML_FILE ${SUIT_ROOT_DIRECTORY}${ROOT_NAME}.yaml)

samples/suit/flash_companion/prj.conf

@@ -54,6 +54,7 @@ CONFIG_SSF_EXTMEM_SERVICE_ENABLED=y
 CONFIG_USE_DT_CODE_PARTITION=y
 
 CONFIG_SUIT_LOCAL_ENVELOPE_GENERATE=n
+CONFIG_SUIT_ENVELOPE_TARGET=""
 CONFIG_NRF_REGTOOL_GENERATE_UICR=n
 
 # Enable canonical zcbor encoding

samples/suit/recovery/CMakeLists.txt

@@ -0,0 +1,17 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+cmake_minimum_required(VERSION 3.20.0)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+
+project(suit_recovery)
+
+target_sources(app PRIVATE src/main.c)
+
+# This project uses orginal sdk-zephyr C source code
+target_include_directories(app PRIVATE $ENV{ZEPHYR_BASE}/samples/subsys/mgmt/mcumgr/smp_svr/src)
+target_sources_ifdef(CONFIG_MCUMGR_TRANSPORT_BT app PRIVATE $ENV{ZEPHYR_BASE}/samples/subsys/mgmt/mcumgr/smp_svr/src/bluetooth.c)

samples/suit/recovery/README.rst

@@ -0,0 +1,50 @@
+:orphan:
+
+.. _suit_recovery:
+
+SUIT recovery application
+#########################
+
+.. contents::
+   :local:
+   :depth: 2
+
+The SUIT recovery application is a minimal application that allows recovering the device firmware if the original firmware is damaged.
+It is to be used as a additional companion firmware to the main application using SUIT rather than a standalone application.
+
+The application uses the SMP protocol via BLE and SUIT to perform the recovery.
+
+Building
+********
+
+The recovery application needs to be compatible with the main application in terms of hardware configuration.
+To achieve this, appropriate devicetree overlay files from the main application must be passed when building the recovery application as ``EXTRA_DTC_OVERLAY_FILE``
+.
+These devicetree also need to specify a partition for the recovery application.
+See the overlay files for the smp_transfer sample as an example.
+
+For example, to build the recovery application as a recovery image for the smp transfer sample, run:
+
+``west build -p --sysbuild -b nrf54h20dk/nrf54h20/cpuapp -- -DEXTRA_DTC_OVERLAY_FILE='../smp_transfer/sysbuild/recovery.overlay' -Dhci_ipc_EXTRA_DTC_OVERLAY_FILE='<absolute_path_to_smp_transfer_sample>/sysbuild/recovery_hci_ipc.overlay'``
+
+Flashing
+********
+
+Currently it is not possible to flash the application using ``west flash`` .
+Instead, ``nrfutil`` should be used to flash the hex files for the application core image, radio core image and SUIT storage:
+
+``nrfutil device program --options chip_erase_mode=ERASE_NONE --firmware build/recovery/zephyr/suit_installed_envelopes_application_merged.hex``
+
+``nrfutil device program --options chip_erase_mode=ERASE_NONE --firmware build/recovery/zephyr/suit_installed_envelopes_radio_merged.hex``
+
+``nrfutil device program --options chip_erase_mode=ERASE_NONE --firmware build/recovery/zephyr/zephyr.hex``
+
+``nrfutil device program --options chip_erase_mode=ERASE_NONE --firmware build/hci_ipc/zephyr/zephyr.hex``
+
+It is also possible to install recovery application by performing an update using the recovery application envelope found in ``DFU/application.suit``
+
+Updating
+********
+
+Note that in order to update the recovery application the ``DFU/application.suit`` file found in the recovery application build directory should be used.
+This is different than in case of the main application, where usually ``DFU/root.suit`` should be used.

samples/suit/recovery/app_recovery_envelope.yaml.jinja2

@@ -0,0 +1,195 @@
+{%- set component_index = 0 %}
+{%- set component_list = [] %}
+{%- set dependencies_list = [] %}
+{%- set mpi_app_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %}
+{%- set mpi_app_recovery_class_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME']|default('nRF54H20_sample_app_recovery') %}
+{%- set mpi_rad_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %}
+{%- set mpi_rad_recovery_class_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF54H20_sample_rad_recovery') %}
+{%- set sequence_number = sysbuild['config']['SB_CONFIG_SUIT_ENVELOPE_SEQUENCE_NUM'] %}
+SUIT_Envelope_Tagged:
+  suit-authentication-wrapper:
+    SuitDigest:
+      suit-digest-algorithm-id: cose-alg-sha-256
+  suit-manifest:
+    suit-manifest-version: 1
+    suit-manifest-sequence-number: {{ sequence_number }}
+    suit-common:
+      suit-components:
+      - - CAND_IMG
+        - 0
+      - - CAND_MFST
+        - 0
+      {%- set component_index = 2 %}
+{%- if application is defined %}
+    {%- set app_img_component_index = component_index %}
+    {{- component_list.append( app_img_component_index ) or ""}}
+      - - MEM
+        - {{ application['dt'].label2node['cpu'].unit_addr }}
+        - {{ get_absolute_address(application['dt'].chosen_nodes['zephyr,code-partition']) }}
+        - {{ application['dt'].chosen_nodes['zephyr,code-partition'].regs[0].size }}
+    {%- set component_index = component_index + 1 %}
+{%- endif %}
+{%- if radio is defined %}
+    {%- set rad_instld_mfst_component_index = component_index %}
+    {{- component_list.append( rad_instld_mfst_component_index ) or ""}}
+    {{- dependencies_list.append( rad_instld_mfst_component_index ) or ""}}
+      - - INSTLD_MFST
+        - RFC4122_UUID:
+            namespace: {{ mpi_rad_recovery_vendor_name }}
+            name: {{ mpi_rad_recovery_class_name }}
+    {%- set component_index = component_index + 1 %}
+{%- endif %}
+
+      suit-shared-sequence:
+{%- if radio is defined %}
+      - suit-directive-set-component-index: {{ rad_instld_mfst_component_index }}
+      - suit-directive-override-parameters:
+          suit-parameter-vendor-identifier:
+            RFC4122_UUID: {{ mpi_app_recovery_vendor_name }}
+          suit-parameter-class-identifier:
+            RFC4122_UUID:
+              namespace: {{ mpi_app_recovery_vendor_name }}
+              name: {{ mpi_app_recovery_class_name }}
+{%- endif %}
+{%- if application is defined %}
+      - suit-directive-set-component-index: {{ app_img_component_index }}
+      - suit-directive-override-parameters:
+          suit-parameter-vendor-identifier:
+            RFC4122_UUID: {{ mpi_app_recovery_vendor_name }}
+          suit-parameter-class-identifier:
+            RFC4122_UUID:
+              namespace: {{ mpi_app_recovery_vendor_name }}
+              name: {{ mpi_app_recovery_class_name }}
+          suit-parameter-image-digest:
+            suit-digest-algorithm-id: cose-alg-sha-256
+            suit-digest-bytes:
+              file: {{ application['binary'] }}
+          suit-parameter-image-size:
+            file: {{ application['binary'] }}
+{%- endif %}
+      - suit-directive-set-component-index: [{{ component_list|join(',') }}]
+      - suit-condition-vendor-identifier:
+        - suit-send-record-success
+        - suit-send-record-failure
+        - suit-send-sysinfo-success
+        - suit-send-sysinfo-failure
+      - suit-condition-class-identifier:
+        - suit-send-record-success
+        - suit-send-record-failure
+        - suit-send-sysinfo-success
+        - suit-send-sysinfo-failure
+      suit-dependencies:
+        # Key is the index of suit-components that describe the dependency manifest
+        "1": {}
+{%- for component_element in dependencies_list %}
+        "{{ component_element }}": {}
+{%- endfor %}
+
+    suit-validate:
+{% if dependencies_list|length > 0 %}
+    - suit-directive-set-component-index: [{{ dependencies_list|join(',') }}]
+    - suit-condition-dependency-integrity:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+    - suit-directive-process-dependency:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+{% endif %}
+{%- if application is defined %}
+    - suit-directive-set-component-index: {{ app_img_component_index }}
+    - suit-condition-image-match:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+{%- endif %}
+
+    suit-invoke:
+{% if dependencies_list|length > 0 %}
+    - suit-directive-set-component-index: [{{ dependencies_list|join(',') }}]
+    - suit-condition-dependency-integrity:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+    - suit-directive-process-dependency:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+{% endif %}
+{%- if application is defined %}
+    - suit-directive-set-component-index: {{ app_img_component_index }}
+    - suit-directive-invoke:
+      - suit-send-record-failure
+{%- endif %}
+
+    suit-install:
+{%- if radio is defined %}
+    - suit-directive-set-component-index: 1
+    - suit-directive-override-parameters:
+        suit-parameter-uri: '#{{ radio['name'] }}'
+        suit-parameter-image-digest:
+          suit-digest-algorithm-id: cose-alg-sha-256
+          suit-digest-bytes:
+            envelope: {{ artifacts_folder ~ radio['name'] }}.suit
+    - suit-directive-fetch:
+      - suit-send-record-failure
+    - suit-condition-image-match:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+    - suit-condition-dependency-integrity:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+    - suit-directive-process-dependency:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+{%- endif %}
+{%- if application is defined %}
+    - suit-directive-set-component-index: 0
+    - suit-directive-override-parameters:
+        suit-parameter-uri: '#{{ application['name'] }}'
+        suit-parameter-image-digest:
+          suit-digest-algorithm-id: cose-alg-sha-256
+          suit-digest-bytes:
+            file: {{ application['binary'] }}
+    - suit-directive-fetch:
+      - suit-send-record-failure
+    - suit-condition-image-match:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+    - suit-directive-set-component-index: {{ app_img_component_index }}
+    - suit-directive-override-parameters:
+        suit-parameter-source-component: 0
+    - suit-directive-copy:
+      - suit-send-record-failure
+    - suit-condition-image-match:
+      - suit-send-record-success
+      - suit-send-record-failure
+      - suit-send-sysinfo-success
+      - suit-send-sysinfo-failure
+{%- endif %}
+    suit-manifest-component-id:
+    - INSTLD_MFST
+    - RFC4122_UUID:
+        namespace: {{ mpi_app_recovery_vendor_name }}
+        name: {{ mpi_app_recovery_class_name }}
+  suit-integrated-dependencies:
+{%- if radio is defined %}
+    '#{{ radio['name'] }}': {{ artifacts_folder ~ radio['name'] }}.suit
+{%- endif %}
+{%- if application is defined %}
+    '#{{ application['name'] }}': {{ application['binary'] }}
+{%- endif %}

samples/suit/recovery/boards/nrf54h20dk_nrf54h20_cpuapp.overlay

@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+ / {
+	chosen {
+		zephyr,code-partition = &cpuapp_recovery_partition;
+		nrf,tz-secure-image = &cpuapp_recovery_partition;
+	};
+};