Commit b475adf7 authored by Dominik Ermel's avatar Dominik Ermel Committed by Dominik Ermel
Browse files

zephyr: Add CONFIG_BOOT_BYPASS_KEY_MATCH 



Add Zephyr support for MCUBOOT_BYPASS_KEY_MATCH

Signed-off-by: default avatarDominik Ermel <dominik.ermel@nordicsemi.no>
parent 6d943d68

boot/zephyr/Kconfig

+13 −0
Original line number Diff line number Diff line
@@ -375,6 +375,19 @@ endif 


endchoice



config BOOT_BYPASS_KEY_MATCH

	bool "Do not match TLV key hash against built in key"

	depends on !BOOT_SIGNATURE_TYPE_NONE

	depends on !BOOT_HW_KEY

	help

	  MCUboot reads, from TLV, hash of a key that should be used to verify

	  a signature and uses it to find a builtin key.

	  This action is pointless when there is single key compiled in,

	  as the signature verification process will just fail if that is not

	  the right key.

	  Enabling this option turns off key matching, slightly reducing

	  MCUboot code and boot time.



config BOOT_SIGNATURE_KEY_FILE

	string "PEM key file"

	default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256

boot/zephyr/include/mcuboot_config/mcuboot_config.h

+9 −0
Original line number Diff line number Diff line
@@ -172,6 +172,15 @@ 
#define MCUBOOT_HMAC_SHA512

#endif



/* Turn off check of public key hash against compiled in key

 * before attempting signature verification. When there is only

 * one key, matching is pointless, the signature may just be

 * verified with the only key that there is.

 */

#ifdef CONFIG_BOOT_BYPASS_KEY_MATCH

#define MCUBOOT_BYPASS_KEY_MATCH

#endif



#ifdef CONFIG_BOOT_DECOMPRESSION

#define MCUBOOT_DECOMPRESS_IMAGES

#endif

CRA Git | Maintained and supported by SUSTech CRA and CCSE