| From 66f6f44bcea43ac991aa025d634fb98de964be05 Mon Sep 17 00:00:00 2001 |
| From: David Brown <david.brown@linaro.org> |
| Date: Thu, 27 Jul 2017 10:05:47 -0600 |
| Subject: [PATCH] bad: ECDSA P256 bootloader, not in images |
| |
| This configures the bootloader to require an ECDSA P256 signature, but |
| does not sign the images with it. Neither should boot. |
| --- |
| Makefile | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| diff --git a/Makefile b/Makefile |
| index 1e9ec42..b0adf05 100644 |
| --- a/Makefile |
| +++ b/Makefile |
| @@ -9,16 +9,16 @@ |
| # lines there, and comment out any other blocks. |
| |
| # RSA |
| -CONF_FILE = boot/zephyr/prj.conf |
| -CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS |
| +#CONF_FILE = boot/zephyr/prj.conf |
| +#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS |
| |
| # Newer uses should use the RSA-PSS signature algorithm. This define |
| # enables (and requires) this type of signature. |
| #CFLAGS += -DMCUBOOT_RSA_PKCS1_15 |
| |
| # ECDSA P-256 |
| -#CONF_FILE = boot/zephyr/prj-p256.conf |
| -#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT |
| +CONF_FILE = boot/zephyr/prj-p256.conf |
| +CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT |
| |
| # Enable this option to have the bootloader verify the signature of |
| # the primary image upon every boot. Without it, signature |
| -- |
| 2.11.0 |
| |