doc: Consolidate Ironside update docs

[kyberdin]

Overview

• Keeps update-related information consolidated in a single location.
• Moving the information into its own page prevents further expansions and/or diagrams from bloating the general Ironside SE docs so that it is easier to navigate.
• Programming steps are discussed in the update docs, as that process is either part of the manual update or provisioning; the latter being documented in provisioning.
• Describing the ZIP archive is expanded into a release deliverable section and moved into the update context.
• Default configurations aren't strictly related to either but are still important to discuss in general ISE.

Relates to

• zephyrproject-rtos/zephyr@main...kyberdin:zephyr:ironside-update-sample-doc
  • Ironside update sample doc changes
  • To be opened in PR after changes here.

[SebastianBoe]

A quick comment.

I don't think upstream Zephyr can reference NCS docs.

[NordicBuilder]

CI Information

^{To view the history of this post, click the 'edited' button above}
Build number: 4

Inputs:

Sources:

sdk-nrf: PR head: a9646aede0302723b2f4deec0f1016299d5277df

more details

sdk-nrf:

PR head: a9646aede0302723b2f4deec0f1016299d5277df
merge base: 6756485f1f0184a6420ffc90bfd228fc533335ab
target head (main): 6756485f1f0184a6420ffc90bfd228fc533335ab
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (3)

doc
│  ├── nrf
│  │  ├── app_dev
│  │  │  ├── device_guides
│  │  │  │  ├── nrf54h
│  │  │  │  │  ├── images
│  │  │  │  │  │  │ nrf54h20_ironside_update.svg
│  │  │  │  │  ├── ug_nrf54h20_ironside.rst
│  │  │  │  │  │ ug_nrf54h20_ironside_update.rst

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain
• ◻️ Build twister
• ◻️ Integration tests

Disabled integration tests

• • test-fw-nrfconnect-nrf_lrcs_mosh
  • test-fw-nrfconnect-nrf_lrcs_positioning
  • desktop52_verification
  • test_ble_nrf_config
  • test-fw-nrfconnect-apps
  • test-fw-nrfconnect-ble_mesh
  • test-fw-nrfconnect-ble_samples
  • test-fw-nrfconnect-chip
  • test-fw-nrfconnect-fem
  • test-fw-nrfconnect-nfc
  • test-fw-nrfconnect-nrf-iot_cloud
  • test-fw-nrfconnect-nrf-iot_libmodem-nrf
  • test-fw-nrfconnect-nrf-iot_lwm2m
  • test-fw-nrfconnect-nrf-iot_samples
  • test-fw-nrfconnect-nrf-iot_thingy91
  • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
  • test-fw-nrfconnect-nrf_crypto
  • test-fw-nrfconnect-ps-main
  • test-fw-nrfconnect-rpc
  • test-fw-nrfconnect-rs
  • test-fw-nrfconnect-tfm
  • test-fw-nrfconnect-thread-main
  • test-low-level
  • test-sdk-audio
  • test-sdk-dfu
  • test-sdk-find-my
  • test-sdk-mcuboot
  • test-sdk-wifi
  • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

[SebastianBoe]

This is inaccurate.

Global domain memory may have it's integrity checked on boot.

Protectedmem doesn't block writes in any way.

Note that this is different from how UICR is protected. UICR is both protected by blocking writes and
by checking integrity.

[kyberdin]

You're right, I conflated it with MPCCONF.

That isn't supported yet but the statement here comes from our current docs (without noting PROTECTEDMEM specifically). I'll remove the line altogether to avoid referencing functionality that isn't implementated yet as of it does.

[SebastianBoe]

Suggested change

	Restricting default memory access
	Restricting memory access

I think this conveys the same thing.

[kyberdin]

Removed as noted here.

[SebastianBoe]

Suggested change

	Performing an ``ERASEALL`` operation will remove the memory protections and disable all other protection mechanisms enforced through default UICR settings.
	Performing an ``ERASEALL`` operation will remove the memory protections and disable all other protection mechanisms enforced through UICR settings.

ERASEALL erases UICR and disables all UICR protections, not just default UICR settings right?

[kyberdin]

Yes - if there is no UICR then there are no UICR protections in place.

This has been moved to the "Global Resource Configuration" section and clarified as you noted. Until we add more documentation about memory access configurations, I think this applies more generally there.

[SebastianBoe]

Maybe we could add a reference here to the section that describes how ERASEALL can be performed?

[kyberdin]

Added to the moved text mentioned above.

[github-actions]

You can find the documentation preview for this PR here.

Preview links for modified nRF Connect SDK documents:

https://ncsdoc.z6.web.core.windows.net/PR-25951/nrf/app_dev/device_guides/nrf54h/ug_nrf54h20_ironside.html
https://ncsdoc.z6.web.core.windows.net/PR-25951/nrf/app_dev/device_guides/nrf54h/ug_nrf54h20_ironside_update.html

[SebastianBoe]

A nice improvement :)

[kyberdin]

A quick comment.

I don't think upstream Zephyr can reference NCS docs.

Not through restructuredtext syntax, no. General hyperlinks work to NCS site pages though.

The description notes the branch with that change.

[kyberdin]

Updated for feedback and added new Architecture section.

[kyberdin]

Removed as noted here.

[kyberdin]

Yes - if there is no UICR then there are no UICR protections in place.

This has been moved to the "Global Resource Configuration" section and clarified as you noted. Until we add more documentation about memory access configurations, I think this applies more generally there.

[kyberdin]

Added to the moved text mentioned above.

[FrancescoSer]

Please hold off from merging this PR before another update heavily reorganizing ironside docs goes in.