Commit 64ecac69 authored by Ioannis Glaropoulos's avatar Ioannis Glaropoulos
Browse files

modules: trusted-firmware-m: update default RSA keys 



Update the default paths to private keys used
for signing the Secure and the Non-Secure firmware,
when building Zephyr together with TF-M. The update
is done to match the default configuration in
the upstream TF-M project.

Signed-off-by: default avatarIoannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
parent 2354f055

modules/Kconfig.tfm

+2 −2
Original line number Diff line number Diff line
@@ -26,7 +26,7 @@ if BUILD_WITH_TFM 
config TFM_KEY_FILE_S

	string "Path to private key used to sign secure firmware images."

	depends on BUILD_WITH_TFM

	default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-rsa-3072.pem"

	default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072.pem"

	help

	  The path and filename for the .pem file containing the private key

	  that should be used by the BL2 bootloader when signing secure
@@ -35,7 +35,7 @@ config TFM_KEY_FILE_S 
config TFM_KEY_FILE_NS

	string "Path to private key used to sign non-secure firmware images."

	depends on BUILD_WITH_TFM

	default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-rsa-3072_1.pem"

	default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072_1.pem"

	help

	  The path and filename for the .pem file containing the private key

	  that should be used by the BL2 bootloader when signing non-secure

CRA Git | Maintained and supported by SUSTech CRA and CCSE