Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ED25519 implementation with SHA512 + support to calculate SHA512 directly on storage + PureEdDSA #325

Merged
merged 3 commits into from
Oct 1, 2024
Merged

ED25519 implementation with SHA512 + support to calculate SHA512 directly on storage + PureEdDSA #325

merged 3 commits into from
Oct 1, 2024
+196 −12

Commits on Sep 30, 2024

  1. [nrf noup] bootutil: Provide support for SHA512 with ED25519 

    Use SHA512 directly calculated over image with the ED25519 signature.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
    @de-nordic
    de-nordic committed Sep 30, 2024
    Configuration menu
    Copy the full SHA
    9ef93e7 View commit details
    Browse the repository at this point in the history

Commits on Oct 1, 2024

  1. [nrf noup] bootutil: Enable hash calculation directly on storage 

    The commit add support for passing storage device address space
to hash calculation functions, which allows to use hardware
accelerated hash calculation on storage.
This feature only works when image encryption is not enabled
and all slots are defined within internal storage of device.

The feature is enabled using Kconfig option
 CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
    @de-nordic
    de-nordic committed Oct 1, 2024
    Configuration menu
    Copy the full SHA
    95152da View commit details
    Browse the repository at this point in the history

  2. [nrf noup] bootutil: PureEdDSA using ED25519 

    The commit adds support for PureEdDSA, which validates signature
of image rather than hash. This is most secure, available, ED25519
usage in MCUboot, but due to requirement of PureEdDSA to be able
to calculate signature at whole message at once, here image,
it only works on setups where entire image can be mapped to
device address space, so that PSA functions calculating the
signature can see the whole image at once.

This option is enabled with Kconfig option:
 CONFIG_BOOT_SIGNATURE_TYPE_PURE
when the ED25519 signature type is already selected.

Note that the option will enable SHA512 for calculating public
key hash.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
    @de-nordic
    de-nordic committed Oct 1, 2024
    Configuration menu
    Copy the full SHA
    705739c View commit details
    Browse the repository at this point in the history