bootutil: Remove P224 curve
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I49fad7ede202de4e3c710bf4aa1df195a310b037
diff --git a/boot/bootutil/CMakeLists.txt b/boot/bootutil/CMakeLists.txt
index b23131e..534ca11 100644
--- a/boot/bootutil/CMakeLists.txt
+++ b/boot/bootutil/CMakeLists.txt
@@ -1,5 +1,5 @@
#------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
@@ -23,7 +23,6 @@
src/encrypted.c
src/fault_injection_hardening.c
src/fault_injection_hardening_delay_rng_mbedtls.c
- src/image_ec.c
src/image_ec256.c
src/image_ed25519.c
src/image_rsa.c
diff --git a/boot/bootutil/include/bootutil/caps.h b/boot/bootutil/include/bootutil/caps.h
index 4452897..3c0ffb3 100644
--- a/boot/bootutil/include/bootutil/caps.h
+++ b/boot/bootutil/include/bootutil/caps.h
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2017 Linaro Limited
- * Copyright (c) 2021 Arm Limited
+ * Copyright (c) 2021-2023 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -34,23 +34,22 @@
uint32_t bootutil_get_caps(void);
#define BOOTUTIL_CAP_RSA2048 (1<<0)
-#define BOOTUTIL_CAP_ECDSA_P224 (1<<1)
-#define BOOTUTIL_CAP_ECDSA_P256 (1<<2)
-#define BOOTUTIL_CAP_SWAP_USING_SCRATCH (1<<3)
-#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<4)
-#define BOOTUTIL_CAP_ENC_RSA (1<<5)
-#define BOOTUTIL_CAP_ENC_KW (1<<6)
-#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<7)
-#define BOOTUTIL_CAP_RSA3072 (1<<8)
-#define BOOTUTIL_CAP_ED25519 (1<<9)
-#define BOOTUTIL_CAP_ENC_EC256 (1<<10)
-#define BOOTUTIL_CAP_SWAP_USING_MOVE (1<<11)
-#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION (1<<12)
-#define BOOTUTIL_CAP_ENC_X25519 (1<<13)
-#define BOOTUTIL_CAP_BOOTSTRAP (1<<14)
-#define BOOTUTIL_CAP_AES256 (1<<15)
-#define BOOTUTIL_CAP_RAM_LOAD (1<<16)
-#define BOOTUTIL_CAP_DIRECT_XIP (1<<17)
+#define BOOTUTIL_CAP_ECDSA_P256 (1<<1)
+#define BOOTUTIL_CAP_SWAP_USING_SCRATCH (1<<2)
+#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<3)
+#define BOOTUTIL_CAP_ENC_RSA (1<<4)
+#define BOOTUTIL_CAP_ENC_KW (1<<5)
+#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<6)
+#define BOOTUTIL_CAP_RSA3072 (1<<7)
+#define BOOTUTIL_CAP_ED25519 (1<<8)
+#define BOOTUTIL_CAP_ENC_EC256 (1<<9)
+#define BOOTUTIL_CAP_SWAP_USING_MOVE (1<<10)
+#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION (1<<11)
+#define BOOTUTIL_CAP_ENC_X25519 (1<<12)
+#define BOOTUTIL_CAP_BOOTSTRAP (1<<13)
+#define BOOTUTIL_CAP_AES256 (1<<14)
+#define BOOTUTIL_CAP_RAM_LOAD (1<<15)
+#define BOOTUTIL_CAP_DIRECT_XIP (1<<16)
/*
* Query the number of images this bootloader is configured for. This
diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
index fa33732..95692fb 100644
--- a/boot/bootutil/include/bootutil/image.h
+++ b/boot/bootutil/include/bootutil/image.h
@@ -3,7 +3,7 @@
*
* Copyright (c) 2016-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
- * Copyright (c) 2019-2021 Arm Limited
+ * Copyright (c) 2019-2023 Arm Limited
*
* Original license:
*
@@ -85,7 +85,7 @@
#define IMAGE_TLV_PUBKEY 0x02 /* public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
-#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */
+#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */
#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */
#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */
diff --git a/boot/bootutil/src/caps.c b/boot/bootutil/src/caps.c
index f44ab02..63bcd64 100644
--- a/boot/bootutil/src/caps.c
+++ b/boot/bootutil/src/caps.c
@@ -2,7 +2,7 @@
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017 Linaro Limited
- * Copyright (c) 2021 Arm Limited
+ * Copyright (c) 2021-2023 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -32,9 +32,6 @@
res |= BOOTUTIL_CAP_RSA3072;
#endif
#endif
-#if defined(MCUBOOT_SIGN_EC)
- res |= BOOTUTIL_CAP_ECDSA_P224;
-#endif
#if defined(MCUBOOT_SIGN_EC256)
res |= BOOTUTIL_CAP_ECDSA_P256;
#endif
diff --git a/boot/bootutil/src/image_ec.c b/boot/bootutil/src/image_ec.c
deleted file mode 100644
index 2d92afb..0000000
--- a/boot/bootutil/src/image_ec.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2016-2018 JUUL Labs
- * Copyright (C) 2021 Arm Limited
- *
- * Original license:
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <string.h>
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#ifdef MCUBOOT_SIGN_EC
-#include "bootutil/sign_key.h"
-
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/asn1.h"
-
-#include "bootutil/crypto/common.h"
-#include "bootutil_priv.h"
-
-/*
- * Declaring these like this adds NULL termination.
- */
-static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
-static const uint8_t ec_secp224r1_oid[] = MBEDTLS_OID_EC_GRP_SECP224R1;
-
-/*
- * Parse the public key used for signing.
- */
-static int
-bootutil_parse_eckey(mbedtls_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
-{
- size_t len;
- mbedtls_asn1_buf alg;
- mbedtls_asn1_buf param;
-
- if (mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
- return -1;
- }
- end = *p + len;
-
- if (mbedtls_asn1_get_alg(p, end, &alg, ¶m)) {
- return -2;
- }
- if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
- memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
- return -3;
- }
- if (param.len != sizeof(ec_secp224r1_oid) - 1||
- memcmp(param.p, ec_secp224r1_oid, sizeof(ec_secp224r1_oid) - 1)) {
- return -4;
- }
-
- if (mbedtls_ecp_group_load(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), MBEDTLS_ECP_DP_SECP224R1)) {
- return -5;
- }
-
- if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
- return -6;
- }
- if (*p + len != end) {
- return -7;
- }
-
- if (mbedtls_ecp_point_read_binary(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q), *p, end - *p)) {
- return -8;
- }
-
- if (mbedtls_ecp_check_pubkey(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q))) {
- return -9;
- }
- return 0;
-}
-
-static int
-bootutil_cmp_sig(mbedtls_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
- uint8_t *sig, size_t slen)
-{
- return mbedtls_ecdsa_read_signature(ctx, hash, hlen, sig, slen);
-}
-
-int
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
- uint8_t key_id)
-{
- int rc;
- uint8_t *cp;
- uint8_t *end;
- mbedtls_ecdsa_context ctx;
-
- mbedtls_ecdsa_init(&ctx);
-
- cp = (uint8_t *)bootutil_keys[key_id].key;
- end = cp + *bootutil_keys[key_id].len;
-
- rc = bootutil_parse_eckey(&ctx, &cp, end);
- if (rc) {
- return -1;
- }
-
- while (sig[slen - 1] == '\0') {
- slen--;
- }
- rc = bootutil_cmp_sig(&ctx, hash, hlen, sig, slen);
- mbedtls_ecdsa_free(&ctx);
-
- return rc;
-}
-#endif /* MCUBOOT_SIGN_EC */
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index a866281..07e0e85 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -3,7 +3,7 @@
*
* Copyright (c) 2017-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
- * Copyright (c) 2019-2020 Arm Limited
+ * Copyright (c) 2019-2023 Arm Limited
*
* Original license:
*
@@ -46,11 +46,11 @@
#if defined(MCUBOOT_SIGN_RSA)
#include "mbedtls/rsa.h"
#endif
-#if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
+#if defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/ecdsa.h"
#endif
#if defined(MCUBOOT_ENC_IMAGES) || defined(MCUBOOT_SIGN_RSA) || \
- defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
+ defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/asn1.h"
#endif
@@ -169,7 +169,6 @@
* configured for any signature, don't define this macro.
*/
#if (defined(MCUBOOT_SIGN_RSA) + \
- defined(MCUBOOT_SIGN_EC) + \
defined(MCUBOOT_SIGN_EC256) + \
defined(MCUBOOT_SIGN_ED25519)) > 1
#error "Only a single signature type is supported!"
@@ -185,10 +184,6 @@
# endif
# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
-#elif defined(MCUBOOT_SIGN_EC)
-# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
-# define SIG_BUF_SIZE 128
-# define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
#elif defined(MCUBOOT_SIGN_EC256)
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
# define SIG_BUF_SIZE 128
diff --git a/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h b/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h
index e925717..7f8472b 100644
--- a/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h
+++ b/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h
@@ -37,8 +37,6 @@
/* Uncomment for ECDSA signatures using curve P-256. */
#define MCUBOOT_SIGN_EC256
-// #define MCUBOOT_SIGN_EC
-
/*
* Upgrade mode
*
diff --git a/boot/cypress/MCUBootApp/keys.c b/boot/cypress/MCUBootApp/keys.c
index 4dbd5af..20c0332 100644
--- a/boot/cypress/MCUBootApp/keys.c
+++ b/boot/cypress/MCUBootApp/keys.c
@@ -85,31 +85,6 @@
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
};
const unsigned int rsa_pub_key_len = 270;
-#elif defined(MCUBOOT_SIGN_EC)
-/* Format of PEM :
- * -----BEGIN PUBLIC KEY-----
- * base64encode(DER)
- * -----END PUBLIC KEY----- */
-#if defined(ECC224_KEY_FILE)
-#include ECC224_KEY_FILE
-#else
-#warning "Used default ECC224 ecdsa_pub_key"
-/* It is OEM_PUB_KEY at this moment for debug purposes */
-/* Autogenerated by imgtool.py, do not edit. */
-const unsigned char ecdsa_pub_key[] = {
- 0x30, 0x4e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
- 0x81, 0x04, 0x00, 0x21, 0x03, 0x3a, 0x00, 0x04,
- 0xa5, 0x8b, 0x18, 0xa4, 0x60, 0x37, 0xf7, 0x0d,
- 0x2b, 0x06, 0xba, 0x4b, 0x4c, 0xd7, 0x8d, 0xec,
- 0x2a, 0x32, 0x5a, 0x0e, 0x52, 0xf4, 0x1b, 0x7c,
- 0x99, 0xec, 0x68, 0x5d, 0x05, 0xc3, 0x6b, 0x7b,
- 0x40, 0x9c, 0xaa, 0xac, 0x90, 0xf4, 0xfc, 0xbe,
- 0x98, 0xe5, 0x3e, 0x86, 0x3d, 0x37, 0xbf, 0x45,
- 0x78, 0x92, 0x27, 0xca, 0x69, 0xe6, 0xf2, 0xc5,
-};
-const unsigned int ecdsa_pub_key_len = 80;
-#endif
#elif defined(MCUBOOT_SIGN_EC256)
/* Format of PEM :
* -----BEGIN PUBLIC KEY-----
@@ -141,7 +116,6 @@
#endif
#if defined(MCUBOOT_SIGN_RSA) || \
- defined(MCUBOOT_SIGN_EC) || \
defined(MCUBOOT_SIGN_EC256)
const struct bootutil_key bootutil_keys[] = {
#if defined(MCUBOOT_SIGN_RSA)
@@ -149,8 +123,7 @@
.key = rsa_pub_key,
.len = &rsa_pub_key_len,
},
-#elif defined(MCUBOOT_SIGN_EC) || \
- defined(MCUBOOT_SIGN_EC256)
+#elif defined(MCUBOOT_SIGN_EC256)
{
.key = ecdsa_pub_key,
.len = &ecdsa_pub_key_len,
diff --git a/boot/espressif/CMakeLists.txt b/boot/espressif/CMakeLists.txt
index 5f79d32..a235e00 100644
--- a/boot/espressif/CMakeLists.txt
+++ b/boot/espressif/CMakeLists.txt
@@ -134,7 +134,6 @@
${BOOTUTIL_DIR}/src/encrypted.c
${BOOTUTIL_DIR}/src/fault_injection_hardening.c
${BOOTUTIL_DIR}/src/fault_injection_hardening_delay_rng_mbedtls.c
- ${BOOTUTIL_DIR}/src/image_ec.c
${BOOTUTIL_DIR}/src/image_ec256.c
${BOOTUTIL_DIR}/src/image_ed25519.c
${BOOTUTIL_DIR}/src/image_rsa.c
diff --git a/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h b/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h
index f02e40d..7bf42ca 100644
--- a/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h
+++ b/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h
@@ -48,9 +48,6 @@
#if MYNEWT_VAL(BOOTUTIL_SIGN_ED25519)
#define MCUBOOT_SIGN_ED25519 1
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
-#define MCUBOOT_SIGN_EC 1
-#endif
#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_RSA)
#define MCUBOOT_ENCRYPT_RSA 1
#endif
diff --git a/boot/mynewt/mcuboot_config/syscfg.yml b/boot/mynewt/mcuboot_config/syscfg.yml
index b2e5868..a6c9714 100644
--- a/boot/mynewt/mcuboot_config/syscfg.yml
+++ b/boot/mynewt/mcuboot_config/syscfg.yml
@@ -31,9 +31,6 @@
BOOTUTIL_SIGN_RSA_LEN:
description: 'Key size for RSA keys (2048 or 3072).'
value: 2048
- BOOTUTIL_SIGN_EC:
- description: 'Images are signed using ECDSA NIST P-224.'
- value: 0
BOOTUTIL_SIGN_EC256:
description: 'Images are signed using ECDSA NIST P-256.'
value: 0
diff --git a/docs/design.md b/docs/design.md
index d1b7038..7a192cd 100755
--- a/docs/design.md
+++ b/docs/design.md
@@ -3,7 +3,7 @@
- Copyright (c) 2017-2020 Linaro LTD
- Copyright (c) 2017-2019 JUUL Labs
- - Copyright (c) 2019-2021 Arm Limited
+ - Copyright (c) 2019-2023 Arm Limited
- Original license:
@@ -107,7 +107,7 @@
#define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
-#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */
+#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */
#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */
#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_ED25519 0x24 /* ED25519 of hash output */
diff --git a/docs/ecdsa.md b/docs/ecdsa.md
index 50ca961..d3a5a25 100644
--- a/docs/ecdsa.md
+++ b/docs/ecdsa.md
@@ -5,10 +5,6 @@
always a fixed length. Unfortunately, this padding was done in a way
that is not easily reversible. Some crypto libraries (specifically, Mbed
TLS) are fairly strict about the formatting of the ECDSA signature.
-This currently means that the ECDSA SECP224R1 (EC) signature
-checking code will fail to boot about 1 out of every 256 images,
-because the signature itself will end in a 0x00 byte, and the code
-will remove too much data, invalidating the signature.
There are two ways to fix this:
diff --git a/docs/signed_images.md b/docs/signed_images.md
index c1edcfb..bcc201b 100644
--- a/docs/signed_images.md
+++ b/docs/signed_images.md
@@ -53,12 +53,7 @@
Now the public key is in file called image_sign_pub.der.
-For ECDSA224 these commands are similar.
-
-openssl ecparam -name secp224r1 -genkey -noout -out image_sign.pem
-openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
-
-And then the ECDSA256.
+For ECDSA256 these commands are similar.
openssl ecparam -name prime256v1 -genkey -noout -out image_sign.pem
openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
@@ -102,5 +97,4 @@
After you've created the key package, you must include it in the build
for bootloader. So modify the pkg.yml for apps/boot to include it.
-The syscfg variable to enable ECDSA224 is BOOTUTIL_SIGN_EC, and
-BOOTUTIL_SIGN_EC256 for ECDS256.
+The syscfg variable to enable ECDSA256 is BOOTUTIL_SIGN_EC256.
diff --git a/testplan/mynewt/keys/ec/pkg.yml b/testplan/mynewt/keys/ec/pkg.yml
deleted file mode 100644
index 2b3256b..0000000
--- a/testplan/mynewt/keys/ec/pkg.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-pkg.name: keys/ec
-pkg.author: "Apache Mynewt <dev@mynewt.apache.org>"
-pkg.homepage: "http://mynewt.apache.org/"
diff --git a/testplan/mynewt/keys/ec/src/keys.c b/testplan/mynewt/keys/ec/src/keys.c
deleted file mode 100644
index 81505eb..0000000
--- a/testplan/mynewt/keys/ec/src/keys.c
+++ /dev/null
@@ -1,18 +0,0 @@
-#include <bootutil/sign_key.h>
-static unsigned char key[] = {
- 0x30, 0x4e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, 0x03, 0x3a, 0x00, 0x04,
- 0xa0, 0x8c, 0x5a, 0xd6, 0x98, 0x20, 0x1a, 0xd5, 0xb9, 0xc4, 0xfd, 0x7f,
- 0xa5, 0xd3, 0x08, 0xca, 0x00, 0x91, 0x5e, 0xc6, 0x92, 0x49, 0xce, 0x18,
- 0xc5, 0x64, 0x17, 0xed, 0xbf, 0x63, 0xd0, 0xcd, 0xb8, 0xf7, 0xff, 0x29,
- 0x25, 0x35, 0x5a, 0x7a, 0x20, 0x30, 0xc9, 0x26, 0x95, 0xb2, 0x57, 0xd1,
- 0x46, 0x0d, 0x69, 0x18, 0x13, 0xc9, 0x7d, 0xb3
-};
-static unsigned int key_len = 80;
-const struct bootutil_key bootutil_keys[] = {
- [0] = {
- .key = key,
- .len = &key_len,
- },
-};
-const int bootutil_key_cnt = 1;
diff --git a/testplan/mynewt/keys/pkg.yml b/testplan/mynewt/keys/pkg.yml
index e7e73e3..82d0e84 100644
--- a/testplan/mynewt/keys/pkg.yml
+++ b/testplan/mynewt/keys/pkg.yml
@@ -5,8 +5,5 @@
pkg.deps.BOOTUTIL_SIGN_RSA:
- keys/rsa
-pkg.deps.BOOTUTIL_SIGN_EC:
- - keys/ec
-
pkg.deps.BOOTUTIL_SIGN_EC256:
- keys/ec256