boot: Add cc310 options to CMakeLists, Kconfig and mcuboot config
Adds `CC310` define which wraps the generic CC310 interface adds
includes for using `NRF_CC310_BL` to CMakeLists. This requires `nrfxlib`
to be located outside of the mcuboot folder by 1 directory level. Also
add the Kconfig defines needed for this to build while trying to make it
generic enough to be used by other vendors that have implemented
`CC310`.
Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com>
diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index 76e26cc..fa7b03b 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt
@@ -6,6 +6,7 @@
cmake_minimum_required(VERSION 3.8.2)
+# Board-specific CONF_FILES should get merged into the build as well.
# Default to qemu_x86 if no board has been specified.
set(BOARD qemu_x86)
@@ -56,8 +57,18 @@
get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY)
# Path to tinycrypt library source subdirectory of MCUBOOT_DIR.
set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib")
+assert_exists(TINYCRYPT_DIR)
# Path to mbed-tls' asn1 parser library.
set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls")
+assert_exists(MBEDTLS_ASN1_DIR)
+set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf")
+
+if(CONFIG_BOOT_USE_NRF_CC310_BL)
+set(NRFXLIB_DIR ${MCUBOOT_DIR}/../nrfxlib)
+assert_exists(NRFXLIB_DIR)
+# Don't include this if we are using west
+ add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib)
+endif()
zephyr_library_include_directories(
include
@@ -94,11 +105,19 @@
)
if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256)
+ zephyr_library_include_directories(
+ ${MBEDTLS_ASN1_DIR}/include
+ )
+ zephyr_library_sources(
+ # Additionally pull in just the ASN.1 parser from mbedTLS.
+ ${MBEDTLS_ASN1_DIR}/src/asn1parse.c
+ ${MBEDTLS_ASN1_DIR}/src/platform_util.c
+ )
+ if(CONFIG_BOOT_USE_TINYCRYPT)
# When using ECDSA signatures, pull in our copy of the tinycrypt library.
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
- ${MBEDTLS_ASN1_DIR}/include
)
zephyr_library_sources(
@@ -106,11 +125,12 @@
${TINYCRYPT_DIR}/source/ecc_dsa.c
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
-
- # Additionally pull in just the ASN.1 parser from mbedTLS.
- ${MBEDTLS_ASN1_DIR}/src/asn1parse.c
- ${MBEDTLS_ASN1_DIR}/src/platform_util.c
- )
+ )
+ elseif(CONFIG_BOOT_USE_NRF_CC310_BL)
+ zephyr_library_sources(${NRF_DIR}/cc310_glue.c)
+ zephyr_library_include_directories(${NRF_DIR})
+ zephyr_link_libraries(nrfxlib_crypto)
+ endif()
# Since here we are not using Zephyr's mbedTLS but rather our own, we need
# to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this
@@ -163,3 +183,4 @@
)
zephyr_library_sources(${GENERATED_PUBKEY})
endif()
+
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index b44ca68..ac0176d 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -44,6 +44,29 @@
help
Use TinyCrypt for crypto primitives.
+config BOOT_USE_CC310
+ bool
+ # Hidden option
+ default n
+ # When building for ECDSA, we use our own copy of mbedTLS, so the
+ # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros
+ # will collide.
+ depends on ! MBEDTLS
+ help
+ Use cc310 for crypto primitives.
+
+config BOOT_USE_NRF_CC310_BL
+ bool
+ default n
+
+config NRFXLIB_CRYPTO
+ bool
+ default n
+
+config NRF_CC310_BL
+ bool
+ default n
+
menu "MCUBoot settings"
choice
@@ -57,8 +80,22 @@
config BOOT_SIGNATURE_TYPE_ECDSA_P256
bool "Elliptic curve digital signatures with curve P-256"
- select BOOT_USE_TINYCRYPT
+if BOOT_SIGNATURE_TYPE_ECDSA_P256
+choice
+ prompt "Ecdsa implementation"
+ default BOOT_TINYCRYPT
+config BOOT_TINYCRYPT
+ bool "Use tinycrypt"
+ select BOOT_USE_TINYCRYPT
+config BOOT_CC310
+ bool "Use CC310"
+ select BOOT_USE_NRF_CC310_BL if HAS_HW_NRF_CC310
+ select NRF_CC310_BL if HAS_HW_NRF_CC310
+ select NRFXLIB_CRYPTO if SOC_FAMILY_NRF
+ select BOOT_USE_CC310
+endchoice
+endif
endchoice
config BOOT_SIGNATURE_KEY_FILE
diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
index dc70614..406d7ba 100644
--- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h
+++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
@@ -28,6 +28,11 @@
#define MCUBOOT_USE_MBED_TLS
#elif defined(CONFIG_BOOT_USE_TINYCRYPT)
#define MCUBOOT_USE_TINYCRYPT
+#elif defined(CONFIG_BOOT_USE_CC310)
+#define MCUBOOT_USE_CC310
+#ifdef CONFIG_BOOT_USE_NRF_CC310_BL
+#define MCUBOOT_USE_NRF_CC310_BL
+#endif
#endif
#ifdef CONFIG_BOOT_VALIDATE_SLOT0