Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

suit: Decryption KEY ID validation #19433

Merged
merged 1 commit into from
Dec 13, 2024
Merged

suit: Decryption KEY ID validation #19433

merged 1 commit into from
Dec 13, 2024
+299 −21

Conversation

ahasztag
Copy link
Contributor

This commit adds validation of the key ID used for decryption - it is checked if the given manifest should be allowed to use the given key.

@ahasztag ahasztag requested review from a team as code owners December 11, 2024 13:07
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 11, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 11, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 5

Inputs:

Sources:

sdk-nrf: PR head: 0c4b6eb6fc18afd22e1a805261036d6749be31e3

more details

sdk-nrf:

PR head: 0c4b6eb6fc18afd22e1a805261036d6749be31e3
merge base: cabe5e5d26fe555fdc9851634bc5779d16faab6d
target head (main): c03a25425898bee90f44bd120d443ebe3def0a58
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (14) 
subsys
│  ├── suit
│  │  ├── mci
│  │  │  ├── include
│  │  │  │  │ suit_mci.h
│  │  │  ├── src
│  │  │  │  │ suit_mci_nrf54h20.c
│  │  ├── platform
│  │  │  ├── sdfw
│  │  │  │  ├── src
│  │  │  │  │  ├── suit_plat_copy.c
│  │  │  │  │  │ suit_plat_write.c
│  │  │  ├── src
│  │  │  │  │ suit_plat_fetch.c
│  │  ├── stream
│  │  │  ├── stream_filters
│  │  │  │  ├── CMakeLists.txt
│  │  │  │  ├── include
│  │  │  │  │  │ suit_decrypt_filter.h
│  │  │  │  ├── src
│  │  │  │  │  │ suit_decrypt_filter.c
tests
│  ├── subsys
│  │  ├── suit
│  │  │  ├── common
│  │  │  │  ├── mci_test
│  │  │  │  │  │ mci_test.c
│  │  │  ├── decrypt_filter
│  │  │  │  ├── CMakeLists.txt
│  │  │  │  ├── prj.conf
│  │  │  │  ├── src
│  │  │  │  │  │ main.c
│  │  │  ├── mci
│  │  │  │  ├── src
│  │  │  │  │  ├── api_positive_scenarios.c
│  │  │  │  │  │ sanity.c

Outputs:

Toolchain

Version: b77d8c1312
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:b77d8c1312_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister - Skipped: Skipping Build & Test as it succeeded in a previous run: 4
  • ✅ Integration tests
    • ✅ test-sdk-dfu
    • ⚠️ test-sdk-dfu
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread
    • test-fw-nrfconnect-zigbee
    • test-low-level
    • test-sdk-audio
    • test-sdk-find-my
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-sidewalk
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@ahasztag ahasztag force-pushed the NCSDK-28514_encryption_key_id_validate branch from 89a604f to 41d30bf Compare December 11, 2024 13:29
@ahasztag
suit: Decryption KEY ID validation
0c4b6eb 
This commit adds validation of the key ID used for
decryption - it is checked if the given manifest should
be allowed to use the given key.

Signed-off-by: Artur Hadasz <[email protected]>
@ahasztag ahasztag force-pushed the NCSDK-28514_encryption_key_id_validate branch from 41d30bf to 0c4b6eb Compare December 12, 2024 09:44
@jukkar jukkar merged commit b8a8b74 into nrfconnect:main Dec 13, 2024
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adsz-nordic adsz-nordic adsz-nordic approved these changes

@nordicjm nordicjm nordicjm approved these changes

@tomchy tomchy tomchy approved these changes

@SylwesterKonczyk SylwesterKonczyk Awaiting requested review from SylwesterKonczyk

@nordic-mik7 nordic-mik7 Awaiting requested review from nordic-mik7

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ahasztag @NordicBuilder @tomchy @nordicjm @adsz-nordic @jukkar