mcu-tools · nordicjm · Aug 21, 2024 · Aug 15, 2024
@@ -336,20 +336,20 @@ hkdf(uint8_t *ikm, uint16_t ikm_len, uint8_t *info, uint16_t info_len,
 }
 #endif /* MCUBOOT_ENCRYPT_EC256 || MCUBOOT_ENCRYPT_X25519 */
 
-#if !defined(MCUBOOT_HW_KEY)
+#if !defined(MCUBOOT_ENC_BUILTIN_KEY)
 extern const struct bootutil_key bootutil_enc_key;
 
 /*
  * Default implementation to retrieve the private encryption key which is
- * embedded in the bootloader code (when MCUBOOT_HW_KEY is not defined).
+ * embedded in the bootloader code (when MCUBOOT_ENC_BUILTIN_KEY is not defined).
  */
 int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
 {
     *private_key = (struct bootutil_key *)&bootutil_enc_key;
 
     return 0;
 }
-#endif /* !MCUBOOT_HW_KEY */
+#endif /* !MCUBOOT_ENC_BUILTIN_KEY */
 
 int
 boot_enc_init(struct enc_key_data *enc_state, uint8_t slot)

@@ -88,6 +88,33 @@
 /* Uncomment to use Tinycrypt's. */
 /* #define MCUBOOT_USE_TINYCRYPT */
 
+/*
+ * Encrypted images
+ *
+ * Uncomment one of the below options (MCUBOOT_ENCRYPT_x) to enable
+ * encrypted image upgrades.
+ */
+
+/* Uncomment to use RSA-OAEP for key encryption */
+/* #define MCUBOOT_ENCRYPT_RSA */
+/* Uncomment to use AES-KW for key encryption */
+/* #define MCUBOOT_ENCRYPT_KW */
+/* Uncomment to use ECIES-P256 for key encryption */
+/* #define MCUBOOT_ENCRYPT_EC256 */
+/* Uncomment to use ECIES-X25519 for key encryption */
+/* #define MCUBOOT_ENCRYPT_X25519 */
+
+/* Uncomment to use a builtin key-encryption key (retrieved from a trusted
+ * source - if implemented) instead of a key embedded in the bootloader. */
+/* #define MCUBOOT_ENC_BUILTIN_KEY */
+
+#if defined(MCUBOOT_ENCRYPT_RSA)    || \
+    defined(MCUBOOT_ENCRYPT_KW)     || \
+    defined(MCUBOOT_ENCRYPT_EC256)  || \
+    defined(MCUBOOT_ENCRYPT_X25519)
+#define MCUBOOT_ENC_IMAGES
+#endif
+
 /*
  * Always check the signature of the image in the primary slot before booting,
  * even if no upgrade was performed. This is recommended if the boot