Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "boot: Add MCUBOOT_HW_KEY support for image encryption" #1996

Merged
merged 1 commit into from
Jul 9, 2024
Merged

Revert "boot: Add MCUBOOT_HW_KEY support for image encryption" #1996

merged 1 commit into from
Jul 9, 2024

Conversation

d3zd3z
Copy link
Member

@d3zd3z d3zd3z commented Jul 9, 2024

This reverts commit 0fa4627.

This breaks:

samples/synchronization/sample.kernel.synchronization on
b_u585i_iot02a/stm32u585xx/ns error

as this TF-M configuration uses its own keys. This change is an API change that needs to be coordinated with TF-M changes.

Before this revert, compiling this test results in:

.../encrypted.c:447: undefined reference to
`boot_enc_retrieve_private_key`

@d3zd3z
Revert "boot: Add MCUBOOT_HW_KEY support for image encryption"
df48bc0 
This reverts commit 0fa4627.

This breaks:

    samples/synchronization/sample.kernel.synchronization on
    b_u585i_iot02a/stm32u585xx/ns error

as this TF-M configuration uses its own keys.  This change is an API
change that needs to be coordinated with TF-M changes.

Before this revert, compiling this test results in:

    .../encrypted.c:447: undefined reference to
    `boot_enc_retrieve_private_key`

Signed-off-by: David Brown <david.brown@linaro.org>
@d3zd3z d3zd3z added the Hotfix Somebody has messed up label Jul 9, 2024
@d3zd3z d3zd3z merged commit c06f7bb into mcu-tools:main Jul 9, 2024
58 checks passed
@d3zd3z
Copy link
Member Author

d3zd3z commented Jul 9, 2024

@DineshDK03 just a heads up that we had to revert this, as it was breaking TF-M. If we need to get this in, we will have to figure out some way to coordinate the API change with TF-M.

@d3zd3z
Copy link
Member Author

d3zd3z commented Jul 11, 2024

BTW, a simple fix for this is to re-apply the patch, but move the definition boot_enc_retrieve_private_key into encrypted.c instead of each platform. That way, any external platforms that don't define hardware keys will just work without modification. It also reduces duplication of the code.

@davidvincze davidvincze mentioned this pull request Jul 26, 2024
Merged
@davidvincze
Copy link
Collaborator

Reapplying commit 0fa4627 in #2022 with the requested modifications. @d3zd3z could you please review?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nordicjm nordicjm nordicjm approved these changes

@de-nordic de-nordic de-nordic approved these changes

@carlescufi carlescufi Awaiting requested review from carlescufi

Assignees
No one assigned
Labels
Hotfix Somebody has messed up
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@d3zd3z @davidvincze @nordicjm @de-nordic