manifest: Add PSA ed25519 image encryption/verification to MCUboot

[de-nordic]

Update MCUboot version to birng in PSA encryption support.

Note that at this point MCUboot partition > 76k is needed.
To build MCUboot only:

west build --no-sysbuild -d builds/mcuboot_x25519_54_encrypt -b nrf54l15pdk/nrf54l15/cpuapp bootloader/mcuboot/boot/zephyr/ -DDTC_OVERLAY_FILE=app.overlay -DCONFIG_BOOT_SIGNATURE_TYPE_ED25519=y -DCONFIG_BOOT_ENCRYPT_IMAGE=y -DCONFIG_BOOT_ED25519_PSA=y  -DCONFIG_MBEDTLS=n -DCONFIG_MULTITHREADING=y -DCONFIG_NRF_SECURITY=y  -DCONFIG_NRF_OBERON=y

or for nrf52840

west build --no-sysbuild -d builds/mcuboot_x25519_52_encrypt -b nrf52840dk/nrf52840 bootloader/mcuboot/boot/zephyr/ -DDTC_OVERLAY_FILE=app.overlay -DCONFIG_BOOT_SIGNATURE_TYPE_ED25519=y -DCONFIG_BOOT_ENCRYPT_IMAGE=y -DCONFIG_BOOT_ED25519_PSA=y  -DCONFIG_MBEDTLS=n -DCONFIG_MULTITHREADING=y -DCONFIG_NRF_SECURITY=y  -DCONFIG_NRF_OBERON=y

Above gives both encryption and verification.
The --no-sysbuild has been added to make life easier and note that you have to modify the partition layout to allow MCUboot to fit.

[NordicBuilder]

The following west manifest projects have been modified in this Pull Request:

Name	Old Revision	New Revision	Diff
mcuboot	nrfconnect/sdk-mcuboot@7aaeb63 (main)	nrfconnect/sdk-mcuboot#323	nrfconnect/sdk-mcuboot#323/files
zephyr	nrfconnect/sdk-zephyr@4322f51 (main)	nrfconnect/sdk-zephyr#2028	nrfconnect/sdk-zephyr#2028/files

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[NordicBuilder]

Test specification

CI/Jenkins/NRF

• Integration Platforms

CI/Jenkins/integration

Test Module	File based changes	Manually selected	West overwrite
test-fw-nrfconnect-boot	X
test-sdk-mcuboot	X

test-fw-nrfconnect-boot: added because there was no .github/test-spec.yml in 'mcuboot'
test-sdk-mcuboot: added because there was no .github/test-spec.yml in 'mcuboot'

Detailed information of selected test modules

Note: This message is automatically posted and updated by the CI

[NordicBuilder]

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publishing GitHub Action.

[NordicBuilder]

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 6

Inputs:

Sources:

sdk-nrf: PR head: c263ec333908456709e02fe1dc236118b01c7a6b
mcuboot: PR head: 0d4c91e327347b1a7b98d3e69150af50a5600863
zephyr: PR head: 7ab076d9290901254538bcd1809a01a2a1ad8909

more details

sdk-nrf:

PR head: c263ec333908456709e02fe1dc236118b01c7a6b
merge base: 1a56b7a984c267e9b598e2882fb663b96282ac2b
target head (main): 1a56b7a984c267e9b598e2882fb663b96282ac2b
Diff

mcuboot:

PR head: 0d4c91e327347b1a7b98d3e69150af50a5600863
merge base: 7aaeb636812f7e5b0b901a1894916dbfd5334f3a
target head (main): 7aaeb636812f7e5b0b901a1894916dbfd5334f3a
Diff

zephyr:

PR head: 7ab076d9290901254538bcd1809a01a2a1ad8909
merge base: 4322f5169f4c0f24e3712de061a2fec5a29098a7
target head (main): 4322f5169f4c0f24e3712de061a2fec5a29098a7
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (19)

bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── boot_serial
│  │  │  │  ├── src
│  │  │  │  │  │ boot_serial_encryption.c
│  │  │  ├── bootutil
│  │  │  │  ├── include
│  │  │  │  │  ├── bootutil
│  │  │  │  │  │  ├── crypto
│  │  │  │  │  │  │  ├── aes_ctr.h
│  │  │  │  │  │  │  ├── common.h
│  │  │  │  │  │  │  │ ecdsa.h
│  │  │  │  │  │  │ enc_key.h
│  │  │  │  ├── src
│  │  │  │  │  ├── bootutil_misc.c
│  │  │  │  │  ├── ed25519_psa.c
│  │  │  │  │  ├── encrypted.c
│  │  │  │  │  ├── encrypted_psa.c
│  │  │  │  │  ├── image_ed25519.c
│  │  │  │  │  ├── image_validate.c
│  │  │  │  │  ├── loader.c
│  │  │  │  │  │ swap_move.c
│  │  │  │  ├── zephyr
│  │  │  │  │  │ CMakeLists.txt
│  │  │  ├── zephyr
│  │  │  │  ├── CMakeLists.txt
│  │  │  │  ├── Kconfig
│  │  │  │  ├── include
│  │  │  │  │  │ mcuboot-mbedtls-cfg.h
west.yml
zephyr
│  ├── boards
│  │  ├── nordic
│  │  │  ├── nrf54l15pdk
│  │  │  │  │ Kconfig.defconfig

Outputs:

Toolchain

Version: 9583beca34
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:9583beca34_81ed5a52d6

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain - Skipped: existing toolchain is used
• 🟡 Build twister
• 🟠 Integration tests
  • 🟠 test-fw-nrfconnect-boot
  • 🟠 test-fw-nrfconnect-rs
  • 🟠 test-fw-nrfconnect-fem
  • 🟠 test-sdk-find-my
  • 🟠 test-low-level
  • 🟠 test-sdk-mcuboot

Disabled integration tests

• • desktop52_verification
  • doc-internal
  • test_ble_nrf_config
  • test-fw-nrfconnect-apps
  • test-fw-nrfconnect-ble_mesh
  • test-fw-nrfconnect-ble_samples
  • test-fw-nrfconnect-chip
  • test-fw-nrfconnect-nfc
  • test-fw-nrfconnect-nrf-iot_cloud
  • test-fw-nrfconnect-nrf-iot_libmodem-nrf
  • test-fw-nrfconnect-nrf-iot_lwm2m
  • test-fw-nrfconnect-nrf-iot_mosh
  • test-fw-nrfconnect-nrf-iot_nrf_provisioning
  • test-fw-nrfconnect-nrf-iot_positioning
  • test-fw-nrfconnect-nrf-iot_samples
  • test-fw-nrfconnect-nrf-iot_serial_lte_modem
  • test-fw-nrfconnect-nrf-iot_thingy91
  • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
  • test-fw-nrfconnect-nrf_crypto
  • test-fw-nrfconnect-proprietary_esb
  • test-fw-nrfconnect-ps
  • test-fw-nrfconnect-rpc
  • test-fw-nrfconnect-tfm
  • test-fw-nrfconnect-thread
  • test-fw-nrfconnect-zigbee
  • test-sdk-audio
  • test-sdk-dfu
  • test-sdk-pmic-samples
  • test-sdk-sidewalk
  • test-sdk-wifi

Note: This message is automatically posted and updated by the CI