zephyr: add option for saving enckey TLVs in swap status
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index 1bf3eb8..dd94696 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -147,6 +147,19 @@
primary slot to be initialized from a valid image in the secondary slot.
If unsure, leave at the default value.
+config BOOT_SWAP_SAVE_ENCTLV
+ bool "Save encrypted key TLVs instead of plaintext keys in swap metadata"
+ default n
+ help
+ If y, instead of saving the encrypted image keys in plaintext in the
+ swap resume metadata, save the encrypted image TLVs. This should be used
+ when there is no security mechanism protecting the data in the primary
+ slot from being dumped. If n is selected (default), the keys are written
+ after being decrypted from the image TLVs and could be read by an
+ attacker who has access to the flash contents of the primary slot (eg
+ JTAG/SWD or primary slot in external flash).
+ If unsure, leave at the default value.
+
config BOOT_ENCRYPT_RSA
bool "Support for encrypted upgrade images using RSA"
default n
diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
index a6ce574..0daecc7 100644
--- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h
+++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
@@ -61,6 +61,10 @@
#define MCUBOOT_HAVE_LOGGING 1
#endif
+#ifdef CONFIG_BOOT_SWAP_SAVE_ENCTLV
+#define MCUBOOT_SWAP_SAVE_ENCTLV 1
+#endif
+
#ifdef CONFIG_BOOT_ENCRYPT_RSA
#define MCUBOOT_ENC_IMAGES
#define MCUBOOT_ENCRYPT_RSA
diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index 30af1e4..4a5d1ec 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf
@@ -6,6 +6,7 @@
CONFIG_MAIN_STACK_SIZE=10240
CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
+CONFIG_BOOT_SWAP_SAVE_ENCTLV=n
CONFIG_BOOT_ENCRYPT_RSA=n
CONFIG_BOOT_ENCRYPT_EC256=n