bootutil: Fix PureEdDSA when flash base is not 0x0

This commit introduces fix for PureEdDSA signature verification
when the flash base address is not 0x0. The issue was that the
flash base address was not taken into account when passing the
image address to the signature verification function.

Signed-off-by: Michal Kozikowski <[email protected]>

Author: nordic-mik7

boot/bootutil/src/image_validate.c

@@ -227,6 +227,9 @@ bootutil_img_validate(struct boot_loader_state *state,
 #endif
     int rc = 0;
     FIH_DECLARE(fih_rc, FIH_FAILURE);
+#if defined(MCUBOOT_SIGN_PURE)
+    uintptr_t base = 0;
+#endif
 #ifdef MCUBOOT_HW_ROLLBACK_PROT
     fih_int security_cnt = fih_int_encode(INT_MAX);
     uint32_t img_security_cnt = 0;
@@ -388,11 +391,16 @@ bootutil_img_validate(struct boot_loader_state *state,
             FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash),
                                                            buf, len, key_id);
 #else
+            rc = flash_device_base(flash_area_get_device_id(fap), &base);
+            if (rc != 0) {
+                goto out;
+            }
+
             /* Directly check signature on the image, by using the mapping of
              * a device to memory. The pointer is beginning of image in flash,
              * so offset of area, the range is header + image + protected tlvs.
              */
-            FIH_CALL(bootutil_verify_img, valid_signature, (void *)flash_area_get_off(fap),
+            FIH_CALL(bootutil_verify_img, valid_signature, (void *)(base + flash_area_get_off(fap)),
                      hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size,
                      buf, len, key_id);
 #endif

docs/release-notes.d/fix-pure-eddsa-base-address.md

@@ -0,0 +1,2 @@
+ - Fixed issue in image_validate when `BOOT_SIGNATURE_TYPE_PURE` is enabled
+   for platforms with NVM memory that does not start at 0x00.