PSA implementation of ed25519 image verification and x25519 random key encryption/decryption #323
Commits on Sep 26, 2024
-
[nrf fromtree] boot: Fix ASN.1 for mbedtls >= 3.1
In Mbed TLS 3.1, the private fields in the ASN.1 structure were made private. This breaks code that accesses these private macros. Fix this by changing the ASN.1 specific code to use a new field accessor `ASN1_CONTEXT_MEMBER` that will be conditionally defined based on the version of Mbed TLS that is present. Signed-off-by: David Brown <david.brown@linaro.org> (cherry picked from commit 1d79ef3) Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf fromtree] bootutil: Keep image encrypted in scratch area
Currently, when swap using scratch is used with encrypted images, MCUboot is decrypting the images during the copy from the secondary slot to the scratch area. This means the scratch area contains plaintext image data and therefore that the scratch area must be placed in the MCU's internal flash memory. This commit makes the necessary changes to perform the decryption when copying from the scratch area to the primary slot instead, making possible to place the scratch area in an external flash memory since the scratch area is now encrypted. Note that BOOT_SWAP_SAVE_ENCTLV must be enabled if the scratch area is placed in external flash memory. Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com> (cherry picked from commit 08d2d94) Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf fromtree] boot: Remove pointless slot identification
In the boot_image_validate_encrypted there was call to flash_area_id_to_multi_image_slot, which tries to figure out slot index from flash area and image index, and the result of the call was not used for anything as slot index is hardcoded in the next call to be 1 (secondary). Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 4da4a72)
-
[nrf fromtree] boot: Rename boot_enc_decrypt to boot_decrypt_key
All of boot_enc_ function follow the same pattern where they take encryption context as the first parameter, and the boot_enc_decrypt stands out here as it does not work around the encryption context, but is rather single-part decryption function only used for decrypting of the image encryption key. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 2371c0a)
-
[nrf fromtree] boot: Move encryption context invalidation to boot_enc…
…_drop. The enc_key_data.valid had been set to true when key has been added to the encryption context, but in case when boot_enc_drop was called, on the same context, the flag remained true, even though the context may no longer hold any valid context nor key. The commit moves the enc_key_data invalidation to enc_key_drop. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 3355735)
-
[nrf fromtree] boot: Change boot_enc_load to take slot number instead…
… of image In all cases where boot_enc_load is called it is known what slot is addressed, so it is better to just pass the slot number instead of making the boot_enc_load figure out slot number from image index and provided flash area object. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 7f9ac97)
-
[nrf fromtree] boot: Reduce repeating code in boot_decrypt_and_copy_i…
…mage_to_sram There was not really needed repetition of code in if-else block; common code has been moved out and the block has been reduced. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit d09112a)
-
[nrf fromtree] Fix style issues
Convert tab to spaces; fix opening brace position. Signed-off-by: Fabio Utzig <utzig@apache.org> (cherry picked from commit d5e0e89)
-
[nrf fromtree] boot: Remove image_index from boot_encrypt
boot_encrypt required the image_index paired with flash area pointer to be able to figure out which slot it will operate on. Since in most calls the slot is known in advance it can be just passed to the function directly. The commit replaces both parameters with slot number. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 3f11286)
-
[nrf fromtree] boot: Simplify copy loop in boot_copy_region
Move checking of conditions, which remain the same for the whole loop run, outside of the loop. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 6fe259b)
-
[nrf fromtree] boot: Make boot_enc_valid take slot instead of image i…
…ndex There is no point for boot_enc_valid to take image index and flash area and use these to figure out slot number. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 956311d)
-
[nrf fromlist] boot: Replace boot_encrypt by boot_enc_encrypt and boo…
…t_enc_decrypt To be able to implement encryption with API that requires different calls for encryption and encryption, the boot_encrypt needs to be replaced with encryption/decryption specific functions. Upstream PR: mcu-tools/mcuboot#2017 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] PSA configuration required changes
Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] PSA implementation of x25519 and ed25519 verification
The commit provides implementation of image verification with ed25519 and encryption/decryption support where random key is encrypted using x25519. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.