testplan/zephyr/0001-good-ECDSA-P256-bootloader-images-signed.patch - mirror/mcuboot - TrustedFirmware Git Browser

 From 5c9fd9690623165c3d1be4d3d219bb0d0c57647d Mon Sep 17 00:00:00 2001
 From: David Brown <david.brown@linaro.org>
 Date: Thu, 27 Jul 2017 10:05:47 -0600
 Subject: [PATCH] good: ECDSA P256 bootloader, images signed

 This configures the bootloader to require an ECDSA P256 signature, and
 both images signed properly.  Both should work.
 ---
  Makefile                | 8 ++++----
  samples/zephyr/Makefile | 4 ++--
  2 files changed, 6 insertions(+), 6 deletions(-)

 diff --git a/Makefile b/Makefile
 index 1e9ec42..b0adf05 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -9,16 +9,16 @@
  # lines there, and comment out any other blocks.

  # RSA
 -CONF_FILE = boot/zephyr/prj.conf
 -CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
 +#CONF_FILE = boot/zephyr/prj.conf
 +#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS

  # Newer uses should use the RSA-PSS signature algorithm.  This define
  # enables (and requires) this type of signature.
  #CFLAGS += -DMCUBOOT_RSA_PKCS1_15

  # ECDSA P-256
 -#CONF_FILE = boot/zephyr/prj-p256.conf
 -#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
 +CONF_FILE = boot/zephyr/prj-p256.conf
 +CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT

  # Enable this option to have the bootloader verify the signature of
  # the primary image upon every boot.  Without it, signature
 diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
 index 7678615..1b90b7e 100644
 --- a/samples/zephyr/Makefile
 +++ b/samples/zephyr/Makefile
 @@ -102,7 +102,7 @@ clean_boot: check
  hello1: check
  	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
  	$(IMGTOOL) sign \
 -		--key $(SIGNING_KEY) \
 +		--key ../../root-ec-p256.pem \
  		--header-size $(BOOT_HEADER_LEN) \
  		--align $(FLASH_ALIGNMENT) \
  		--version 1.2 \
 @@ -121,7 +121,7 @@ clean_hello1: check
  hello2: check
  	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
  	$(IMGTOOL) sign \
 -		--key $(SIGNING_KEY) \
 +		--key ../../root-ec-p256.pem \
  		--header-size $(BOOT_HEADER_LEN) \
  		--align $(FLASH_ALIGNMENT) \
  		--version 1.2 \
 --
 2.11.0
	From 5c9fd9690623165c3d1be4d3d219bb0d0c57647d Mon Sep 17 00:00:00 2001
	From: David Brown <david.brown@linaro.org>
	Date: Thu, 27 Jul 2017 10:05:47 -0600
	Subject: [PATCH] good: ECDSA P256 bootloader, images signed

	This configures the bootloader to require an ECDSA P256 signature, and
	both images signed properly. Both should work.
	---
	Makefile \| 8 ++++----
	samples/zephyr/Makefile \| 4 ++--
	2 files changed, 6 insertions(+), 6 deletions(-)

	diff --git a/Makefile b/Makefile
	index 1e9ec42..b0adf05 100644
	--- a/Makefile
	+++ b/Makefile
	@@ -9,16 +9,16 @@
	# lines there, and comment out any other blocks.

	# RSA
	-CONF_FILE = boot/zephyr/prj.conf
	-CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
	+#CONF_FILE = boot/zephyr/prj.conf
	+#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS

	# Newer uses should use the RSA-PSS signature algorithm. This define
	# enables (and requires) this type of signature.
	#CFLAGS += -DMCUBOOT_RSA_PKCS1_15

	# ECDSA P-256
	-#CONF_FILE = boot/zephyr/prj-p256.conf
	-#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
	+CONF_FILE = boot/zephyr/prj-p256.conf
	+CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT

	# Enable this option to have the bootloader verify the signature of
	# the primary image upon every boot. Without it, signature
	diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile
	index 7678615..1b90b7e 100644
	--- a/samples/zephyr/Makefile
	+++ b/samples/zephyr/Makefile
	@@ -102,7 +102,7 @@ clean_boot: check
	hello1: check
	$(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc)
	$(IMGTOOL) sign \
	- --key $(SIGNING_KEY) \
	+ --key ../../root-ec-p256.pem \
	--header-size $(BOOT_HEADER_LEN) \
	--align $(FLASH_ALIGNMENT) \
	--version 1.2 \
	@@ -121,7 +121,7 @@ clean_hello1: check
	hello2: check
	$(MAKE) -C hello2 BOARD=$(BOARD) -j$(nproc)
	$(IMGTOOL) sign \
	- --key $(SIGNING_KEY) \
	+ --key ../../root-ec-p256.pem \
	--header-size $(BOOT_HEADER_LEN) \
	--align $(FLASH_ALIGNMENT) \
	--version 1.2 \
	--
	2.11.0