kconfig: zephyr: provide logic for setting key file, simplify prj.conf
Automate process of selecting correct .pem key file.
Zephyr users are familiar with using 'menuconfig' and similar tools
for seeing what options are available, so remove =n choices from
prj.conf which were used to show the available options.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 0cf133a..a52c7d6 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -126,6 +126,10 @@
config BOOT_SIGNATURE_KEY_FILE
string "PEM key file"
+ default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256
+ default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519
+ default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072
+ default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048
default ""
help
You can use either absolute or relative path.
diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index 17826db..7f15372 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf
@@ -14,22 +14,6 @@
CONFIG_BOOT_UPGRADE_ONLY=n
CONFIG_BOOT_BOOTSTRAP=n
-### Default to RSA
-CONFIG_BOOT_SIGNATURE_TYPE_NONE=n
-CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
-CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048
-CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
-CONFIG_BOOT_SIGNATURE_TYPE_ED25519=n
-
-### The bootloader generates its own signature verification based on a
-### key file which needs to be provided and needs to match the selected signing
-### algorithm (CONFIG_BOOT_SIGNATURE_TYPE_).
-### The PEM files below are provided as examples.
-CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem"
-#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-3072.pem"
-#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem"
-#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ed25519.pem"
-
### mbedTLS has its own heap
# CONFIG_HEAP_MEM_POOL_SIZE is not set