Add public/private key file option to Kconfig Also adds instrutions and defaults to prj.conf. Signed-off-by: Fabio Utzig <utzig@apache.org>

commit: c690c761207f57c321ba97f29640802cffbab2ed [log] [tgz]
author: Fabio Utzig <utzig@apache.org> Thu Apr 26 10:51:09 2018 -0300
committer: Fabio Utzig <utzig@utzig.org> Wed Jun 06 11:07:06 2018 -0300
tree: 83aaef775b194de091319a4d8bac7855c041b5a6
parent: 69c61d0e912cba03c87236ecb7f37d481a864785 [diff]
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 10eb22d..96b5268 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig

@@ -38,6 +38,14 @@
 
 endchoice
 
+config BOOT_SIGNATURE_KEY_FILE
+	string "PEM key file"
+	default ""
+	help
+	  The key file will be parsed by imgtool's getpub command and a .c source
+	  with the public key information will be written in a format expected by
+	  MCUboot.
+
 config MBEDTLS_CFG_FILE
 	default "mcuboot-mbedtls-cfg.h"
 

diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index 50c721f..72047c0 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf

@@ -6,6 +6,16 @@
 CONFIG_MAIN_STACK_SIZE=10240
 CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
 
+### Default to RSA
+CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
+CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
+
+### The bootloader generates its own signature verification based on an
+### key file which needs to be provided and match the selected sign algo.
+### The PEM files below are provided as examples.
+#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem"
+#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem"
+
 ### mbedTLS has its own heap
 # CONFIG_HEAP_MEM_POOL_SIZE is not set
commit	c690c761207f57c321ba97f29640802cffbab2ed	[log] [tgz]
author	Fabio Utzig <utzig@apache.org>	Thu Apr 26 10:51:09 2018 -0300
committer	Fabio Utzig <utzig@utzig.org>	Wed Jun 06 11:07:06 2018 -0300
tree	83aaef775b194de091319a4d8bac7855c041b5a6
parent	69c61d0e912cba03c87236ecb7f37d481a864785 [diff]