commit a4818a556524ebb21c12fc3527061db3fcfdad51
author Marti Bolivar <marti@opensourcefoundries.com> Thu Apr 12 13:02:38 2018 -0400
committer Fabio Utzig <utzig@utzig.org> Wed Apr 25 18:44:03 2018 -0300
tree b3d3a1beb43d67db273c44576a4460471f31e4d0
parent f91bca51a635bba90e92df00d829abeb6b6f6949

zephyr: migrate signature type to Kconfig

Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.

This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.

Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)

We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.

To move to a single prj.conf:

- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
  the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
  depending on the case

This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.

Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>

sim/mcuboot-sys/build.rs

diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index ebff3c5..599d501 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -31,7 +31,7 @@
         conf.define("MCUBOOT_SIGN_RSA", None);
         conf.define("MCUBOOT_USE_MBED_TLS", None);
 
-        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
+        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-rsa.h>"));
         conf.include("mbedtls/include");
         conf.file("mbedtls/library/sha256.c");
         conf.file("../../boot/zephyr/keys.c");
@@ -43,7 +43,7 @@
         conf.define("MCUBOOT_SIGN_EC256", None);
         conf.define("MCUBOOT_USE_TINYCRYPT", None);
 
-        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
+        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-asn1.h>"));
         conf.include("../../ext/mbedtls/include");
         conf.include("../../ext/tinycrypt/lib/include");
 
@@ -57,9 +57,9 @@
 
         conf.file("../../ext/mbedtls/src/asn1parse.c");
     } else {
-        // Neither signature type, only verify sha256.
+        // Neither signature type, only verify sha256. The default
+        // configuration file bundled with mbedTLS is sufficient.
         conf.define("MCUBOOT_USE_MBED_TLS", None);
-        conf.define("MBEDTLS_CONFIG_FILE", Some("<config-boot.h>"));
         conf.include("mbedtls/include");
         conf.file("mbedtls/library/sha256.c");
     }