TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / fb5ec1877d7d176e2a36358eebb2d02e0f51e698^! / .
commitfb5ec1877d7d176e2a36358eebb2d02e0f51e698[log] [tgz]
authorArvin Farahmand <arvinf@ip-logix.com>Tue May 05 11:44:12 2020 -0400
committerDavid Brown <davidb@davidb.org>Fri May 15 12:07:20 2020 -0600
tree03a8449075cd5e0557ca9af8b05bc16c64d5e814
parentf8240199562f8d2af11939343a71a0169f345ad3 [diff]
zephyr: add option to disable cryptographic check of the image

- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
  The bootloader will not verify the cryptographic signature of the image
  at boot or prior to upgrade. Image integrity check is retained.

  Images would still need to be processed using `imgtool` however no key
  should be provided to skip cryptographic signature generation.

Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>

diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index c382c52..cda5a48 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt

@@ -141,6 +141,16 @@
   zephyr_library_compile_definitions(
     MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
     )
+elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE)
+  zephyr_library_include_directories(
+    ${BOOT_DIR}/zephyr/include
+    ${TINYCRYPT_DIR}/include
+    )
+
+  zephyr_library_sources(
+    ${TINYCRYPT_DIR}/source/sha256.c
+    ${TINYCRYPT_DIR}/source/utils.c
+    )
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
   # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file
   # is set using Kconfig.)

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index b196952..3b5f91f 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig

@@ -62,6 +62,10 @@
 	prompt "Signature type"
 	default BOOT_SIGNATURE_TYPE_RSA
 
+config BOOT_SIGNATURE_TYPE_NONE
+	bool "No signature; use only hash check"
+	select BOOT_USE_TINYCRYPT
+
 config BOOT_SIGNATURE_TYPE_RSA
 	bool "RSA signatures"
 	select BOOT_USE_MBEDTLS

diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c
index 5dd0ca2..7214748 100644
--- a/boot/zephyr/keys.c
+++ b/boot/zephyr/keys.c

@@ -41,8 +41,6 @@
 #define HAVE_KEYS
 extern const unsigned char ed25519_pub_key[];
 extern unsigned int ed25519_pub_key_len;
-#else
-#error "No public key available for given signing algorithm."
 #endif
 
 /*

diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index 71e9a2a..17826db 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf

@@ -15,6 +15,7 @@
 CONFIG_BOOT_BOOTSTRAP=n
 
 ### Default to RSA
+CONFIG_BOOT_SIGNATURE_TYPE_NONE=n
 CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
 CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048
 CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n