Describe the bug

Output files generated with CONFIG_TFM_MCUBOOT_IMAGE_NUMBER=1 have a number of issues (from #94470).

tfm_s_zephyr_ns_confirmed.hex is not actually a confirmed file, it is just the merge of tfm_s.hex and zephyr.hex. It is generated identically to tfm_s_zephyr_ns.hex.

The mergehex.py argument --output-bin incorrectly consumes the first trailing argument, instead of behaving as a boolean flag. This leads into the following issues:

tfm_merged.bin and tfm_merged.hex have different file contents. The .hex file is merged from bl2.hex and tfm_s_zephyr_ns_confirmed_signed.hex. The .bin file is merged from only tfm_s_zephyr_ns_signed.hex (because --output-bin gobbles up the bl2.hex).

Fixing the --output-bin problem means that tfm_merged.bin would contain the bl2.hex file, which makes the file invalid for OTA upgrades. Leaving the current behaviour means that tfm_merged.hex and tfm_merged.bin are fundamentally different files, which no user can discover without diving into the cmake.

Regression

• This is a regression.

Steps to reproduce

1. west build -b nrf9151dk/nrf9151/ns zephyr/samples/hello_world/ -p -- -DCONFIG_TFM_MCUBOOT_IMAGE_NUMBER=1
2. diff ./build/zephyr/tfm_s_zephyr_ns_confirmed.hex ./build/zephyr/tfm_s_zephyr_ns.hex

Relevant log output

Impact

Functional Limitation – Some features not working as expected, but system usable.

Environment

• Zephyr v4.3-rc2

Additional Context

No response