zephyr: migrate signature type to Kconfig
Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.
This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.
Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)
We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.
To move to a single prj.conf:
- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
depending on the case
This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.
Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h
new file mode 100644
index 0000000..14cd9eb
--- /dev/null
+++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2018 Open Source Foundries Limited
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef _MCUBOOT_MBEDTLS_CONFIG_
+#define _MCUBOOT_MBEDTLS_CONFIG_
+
+/**
+ * @file
+ *
+ * This is the top-level mbedTLS configuration file for MCUboot. The
+ * configuration depends on the signature type, so this file just
+ * pulls in the right header depending on that setting.
+ */
+
+/*
+ * IMPORTANT:
+ *
+ * If you put any "generic" definitions in here, make sure to update
+ * the simulator build.rs accordingly.
+ */
+
+#ifdef CONFIG_BOOT_SIGNATURE_TYPE_RSA
+#include "config-rsa.h"
+#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
+#include "config-asn1.h"
+#else
+#error "Cannot configure mbedTLS; signature type is unknown."
+#endif
+
+#endif