| From 86f857cafbdd40d1ba158028e142c8cdf5c56e0d Mon Sep 17 00:00:00 2001 |
| From: David Brown <david.brown@linaro.org> |
| Date: Thu, 27 Jul 2017 10:05:47 -0600 |
| Subject: [PATCH] partial: ECDSA P256 bootloader, slot0 ok slot1 bad |
| |
| This configures the bootloader to require an ECDSA P256 signature, and |
| the slot 0 image as good. This should boot slot 0, but not perform the |
| upgrade in slot 1. |
| --- |
| Makefile | 8 ++++---- |
| samples/zephyr/Makefile | 2 +- |
| 2 files changed, 5 insertions(+), 5 deletions(-) |
| |
| diff --git a/Makefile b/Makefile |
| index 1e9ec42..b0adf05 100644 |
| --- a/Makefile |
| +++ b/Makefile |
| @@ -9,16 +9,16 @@ |
| # lines there, and comment out any other blocks. |
| |
| # RSA |
| -CONF_FILE = boot/zephyr/prj.conf |
| -CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS |
| +#CONF_FILE = boot/zephyr/prj.conf |
| +#CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS |
| |
| # Newer uses should use the RSA-PSS signature algorithm. This define |
| # enables (and requires) this type of signature. |
| #CFLAGS += -DMCUBOOT_RSA_PKCS1_15 |
| |
| # ECDSA P-256 |
| -#CONF_FILE = boot/zephyr/prj-p256.conf |
| -#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT |
| +CONF_FILE = boot/zephyr/prj-p256.conf |
| +CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT |
| |
| # Enable this option to have the bootloader verify the signature of |
| # the primary image upon every boot. Without it, signature |
| diff --git a/samples/zephyr/Makefile b/samples/zephyr/Makefile |
| index 7678615..b62e966 100644 |
| --- a/samples/zephyr/Makefile |
| +++ b/samples/zephyr/Makefile |
| @@ -102,7 +102,7 @@ clean_boot: check |
| hello1: check |
| $(MAKE) -C hello1 BOARD=$(BOARD) -j$(nproc) |
| $(IMGTOOL) sign \ |
| - --key $(SIGNING_KEY) \ |
| + --key ../../root-ec-p256.pem \ |
| --header-size $(BOOT_HEADER_LEN) \ |
| --align $(FLASH_ALIGNMENT) \ |
| --version 1.2 \ |
| -- |
| 2.11.0 |
| |