nrf/doc/mcuboot_main_confi: key storage record

Added paragraph on Public key storage solutions.

Signed-off-by: Andrzej Puzdrowski <[email protected]>

Author: nvlsianpu

doc/nrf/app_dev/bootloaders_dfu/mcuboot_nsib/bootloader_main_config.rst

@@ -119,6 +119,18 @@ Notably, the Ed25519 signature can also be directly calculated on the image itse
     - :kconfig:option:`SB_CONFIG_BOOT_SIGNATURE_TYPE_NONE`
     - Not applicable
 
+Public key storage
+******************
+
+MCUboot supports two methods for storing the public key used for image verification:
+
+* Embedded in the image - The public key is compiled in the MCUboot instance.
+  For this method, no additional configuration is required.
+* Stored in the KMU - The public key is stored in the Key Management Unit (KMU) of the nRF54L devices.
+  You can enable it using the :kconfig:option:`SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU` sysbuild Kconfig option.
+  This implementation supports up to three keys and includes a key revocation scheme.
+  You can manage these features through the ``CONFIG_BOOT_SIGNATURE_KMU_SLOTS`` and ``CONFIG_BOOT_SIGNATURE_KMU_SLOTS`` MCUboot Kconfig options.
+
 MCUboot image hash algorithms
 *****************************