[nrf noup] bootutil: Remove bootutil_find_key from code

de-nordic · jukkar · commit 0d5b49de2308 · 2025-09-23T13:04:33.000+03:00
nrf-squash! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key

It is now only provided by bootutil_find_key.c.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
@@ -118,76 +118,7 @@ BOOT_LOG_MODULE_DECLARE(mcuboot);
 #   define KEY_BUF_SIZE         (SIG_BUF_SIZE + 24)
 #endif /* !MCUBOOT_HW_KEY */
 
-#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
-#if !defined(MCUBOOT_HW_KEY)
-static int
-bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
-{
-    bootutil_sha_context sha_ctx;
-    int i;
-    const struct bootutil_key *key;
-    uint8_t hash[IMAGE_HASH_SIZE];
-
-    BOOT_LOG_DBG("bootutil_find_key");
-
-    if (keyhash_len > IMAGE_HASH_SIZE) {
-        return -1;
-    }
-
-    for (i = 0; i < bootutil_key_cnt; i++) {
-        key = &bootutil_keys[i];
-        bootutil_sha_init(&sha_ctx);
-        bootutil_sha_update(&sha_ctx, key->key, *key->len);
-        bootutil_sha_finish(&sha_ctx, hash);
-        bootutil_sha_drop(&sha_ctx);
-        if (!memcmp(hash, keyhash, keyhash_len)) {
-            return i;
-        }
-    }
-    return -1;
-}
-#else /* !MCUBOOT_HW_KEY */
-extern unsigned int pub_key_len;
-static int
-bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
-{
-    bootutil_sha_context sha_ctx;
-    uint8_t hash[IMAGE_HASH_SIZE];
-    uint8_t key_hash[IMAGE_HASH_SIZE];
-    size_t key_hash_size = sizeof(key_hash);
-    int rc;
-    FIH_DECLARE(fih_rc, FIH_FAILURE);
-
-    BOOT_LOG_DBG("bootutil_find_key: image_index %d", image_index);
-
-    bootutil_sha_init(&sha_ctx);
-    bootutil_sha_update(&sha_ctx, key, key_len);
-    bootutil_sha_finish(&sha_ctx, hash);
-    bootutil_sha_drop(&sha_ctx);
-
-    rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
-    if (rc) {
-        return -1;
-    }
-
-    /* Adding hardening to avoid this potential attack:
-     *  - Image is signed with an arbitrary key and the corresponding public
-     *    key is added as a TLV field.
-     * - During public key validation (comparing against key-hash read from
-     *   HW) a fault is injected to accept the public key as valid one.
-     */
-    FIH_CALL(boot_fih_memequal, fih_rc, hash, key_hash, key_hash_size);
-    if (FIH_EQ(fih_rc, FIH_SUCCESS)) {
-        bootutil_keys[0].key = key;
-        pub_key_len = key_len;
-        return 0;
-    }
-
-    return -1;
-}
-#endif /* !MCUBOOT_HW_KEY */
 #endif /* !MCUBOOT_BUILTIN_KEY */
-#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */
 #endif /* EXPECTED_SIG_TLV */
 
 #if defined(MCUBOOT_SIGN_PURE)
