Cypress: add encryption with mbedTLS

# Set build directory for BOOT and UPGRADE images

ifeq ($(IMG_TYPE), UPGRADE)

	ifeq ($(ENC_IMG), 1)

		SIGN_ARGS += --encrypt ../../$(ENC_KEY_FILE).pem

	endif

	SIGN_ARGS += --pad

	UPGRADE_SUFFIX :=_upgrade

	OUT_CFG := $(OUT_CFG)/upgrade

To prepare MCUBootApp for work with external memory please refer to `MCUBootApp/ExternalMemory.md`.

For build BlinkyApp upgarde image for external memory use command:

For build BlinkyApp upgrade image for external memory use command:

    make app APP_NAME=BlinkyApp PLATFORM=PSOC_062_2M IMG_TYPE=UPGRADE HEADER_OFFSET=0x7FE8000 ERASED_VALUE=0xff

    Note: for S25FL512S block address shuld be mutiple by 0x40000

**How to build encrypted upgrade image :**

To prepare MCUBootApp for work with encrypted upgrade image please refer to `MCUBootApp/Readme.md`.

To obtain encrypted upgrade image of BlinkyApp extra flag `ENC_IMG=1` should be passed in command line, for example:

    make app APP_NAME=BlinkyApp PLATFORM=PSOC_062_2M IMG_TYPE=UPGRADE HEADER_OFFSET=0x20000 ENC_IMG=1

This also suggests user already placed corresponing `*.pem` key in `\keys` folder. The key variables are defined in root `Makefile` as `SIGN_KEY_FILE` and `ENC_KEY_FILE`

### Post-Build

Post build action is executed at compile time for `BlinkyApp`. In case of build for `PSOC_062_2M` platform it calls `imgtool` from `MCUBoot` scripts and adds signature to compiled image.

USE_CRYPTO_HW ?= 1

USE_EXTERNAL_FLASH ?= 0

MCUBOOT_IMAGE_NUMBER ?= 1

ENC_IMG ?= 0

ifneq ($(COMPILER), GCC_ARM)

$(error Only GCC ARM is supported at this moment)

DEFINES_APP += -DCY_BOOT_USE_EXTERNAL_FLASH

endif

DEFINES_APP += -DMCUBOOT_MAX_IMG_SECTORS=$(MAX_IMG_SECTORS)

# Hardrware acceleration support

ifeq ($(USE_CRYPTO_HW), 1)

DEFINES_APP += -DMBEDTLS_USER_CONFIG_FILE="\"mcuboot_crypto_acc_config.h\""

DEFINES_APP += -DCY_CRYPTO_HAL_DISABLE

DEFINES_APP += -DCY_MBEDTLS_HW_ACCELERATION

endif

# Encrypted image support

ifeq ($(ENC_IMG), 1)

DEFINES_APP += -DENC_IMG=1

endif

# Collect MCUBoot sourses

SOURCES_MCUBOOT := $(wildcard $(CURDIR)/../bootutil/src/*.c)

# Collect MCUBoot Application sources

Root directory for build is **boot/cypress.**

**Encrypted Image Support**

To protect user image from unwanted read Upgrade Image Encryption can be applied. The ECDH/HKDF with EC256 scheme is used in a given solution as well as mbedTLS as a crypto provider.

To enable image encryption support `MCUBOOT_ENC_IMAGES` and `MCUBOOT_ENCRYPT_EC256` have to be defined (can be done by uncommenting in `mcuboot_config.h`).

User is also responsible on providing corresponding binary key data in `enc_priv_key[]` (file `\MCUBootApp\keys.c`). The public part will be used by imgtool when signing and encrypting upgrade image. Signing image with encryption is described in `\BlinkyApp\readme.md`.

After MCUBootApp is built with these settings unencrypted and encrypted images will be accepted in secondary (upgrade) slot.

**Programming solution**

There are couple ways of programming hex of MCUBootApp and BlinkyApp. Following instructions assume one of Cypress development kits, for example `CY8CPROTO_062_4343W`.

        /* TODO: to be implemented */   \

    } while (0)

/* Uncomment these if support of encrypted upgrade image is needed */

#ifdef ENC_IMG

#define MCUBOOT_ENC_IMAGES

#define MCUBOOT_ENCRYPT_EC256

#define NUM_ECC_BYTES (256 / 8)

#endif /* ENC_IMG */

#endif /* MCUBOOT_CONFIG_H */