Skip to content

Commit b141056

Browse files
tomchytomchy
committed
[nrf noup] bootutil: Fix ITS support
The KMU support file now supports both ITS and KMU for signature verification. Ref: NCSDK-37700 Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
1 parent 117dff9 commit b141056

File tree

2 files changed

+10
-10
lines changed

2 files changed

+10
-10
lines changed

boot/bootutil/src/ed25519_psa_kmu.c renamed to boot/bootutil/src/ed25519_psa_kmu_its.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
#include <cracen_psa_kmu.h>
1919
#endif
2020

21-
BOOT_LOG_MODULE_REGISTER(ed25519_psa_kmu);
21+
BOOT_LOG_MODULE_REGISTER(ed25519_psa_kmu_its);
2222

2323
#define EDDSA_KEY_LENGTH 32
2424
#define EDDSA_SIGNAGURE_LENGTH 64
@@ -116,7 +116,7 @@ int exec_revoke(void)
116116
ret = BOOT_KEY_REVOKE_FAILED;
117117
goto out;
118118
}
119-
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; i++) {
119+
for (int i = 0; i < KEY_SLOTS_COUNT; i++) {
120120
if ( i == validated_with) {
121121
break;
122122
}
@@ -142,20 +142,20 @@ void nrf_crypto_keys_housekeeping(void)
142142
* processing any of it. Only doing BOOT_LOG_DBG, as we do not
143143
* really want to inform on failures to lock.
144144
*/
145-
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; ++i) {
145+
for (int i = 0; i < KEY_SLOTS_COUNT; ++i) {
146146
psa_key_attributes_t attr;
147147

148148
status = psa_get_key_attributes(key_ids[i], &attr);
149-
BOOT_LOG_DBG("KMU key 0x%x(%d) attr query status == %d",
150-
key_ids[i], i, status);
149+
BOOT_LOG_DBG("Key 0x%x(%d) attr query status == %d", key_ids[i], i, status);
151150

151+
#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
152152
if (status == PSA_SUCCESS) {
153153
status = cracen_kmu_block(&attr);
154-
BOOT_LOG_DBG("KMU key lock status == %d", status);
154+
BOOT_LOG_DBG("Key 0x%x(%d) lock status == %d", key_ids[i], i, status);
155155
}
156+
#endif /* CONFIG_BOOT_SIGNATURE_USING_KMU */
156157

157158
status = psa_purge_key(key_ids[i]);
158-
BOOT_LOG_DBG("KMU key 0x%x(%d) purge status == %d",
159-
key_ids[i], i, status);
159+
BOOT_LOG_DBG("Key 0x%x(%d) purge status == %d", key_ids[i], i, status);
160160
}
161161
}

boot/zephyr/CMakeLists.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -344,13 +344,13 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519)
344344
${MBEDTLS_ASN1_DIR}/src/asn1parse.c
345345
)
346346
endif()
347-
if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU)
347+
if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU AND NOT CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
348348
zephyr_library_sources(
349349
${BOOT_DIR}/bootutil/src/ed25519_psa.c
350350
)
351351
else()
352352
zephyr_library_sources(
353-
${BOOT_DIR}/bootutil/src/ed25519_psa_kmu.c
353+
${BOOT_DIR}/bootutil/src/ed25519_psa_kmu_its.c
354354
)
355355
endif()
356356
endif()

0 commit comments

Comments
 (0)