-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
boot: Add MCUBOOT_HW_KEY support for image encryption #1722
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea of this change. I'd like to see if we can do this without introducing more ifdefs throughout the code. Perhaps we make the main code so that it always calls this function, and then, depending on the feature (ifdefs around whole functions are better than ones sprinkled through the code), we could just return a copy of the compiled in one. This could be conditionalized out if a given developer wishes to provide their own implementation.
f38075b
to
b557325
Compare
@d3zd3z please revisit. |
@d3zd3z Ping |
b557325
to
c30ac0e
Compare
c30ac0e
to
4b7128b
Compare
Any update on this ? We have similar solution currently in our software by patching MCUboot, but would highly appreciate if that would be officially available |
@jimmyzumthurm. I have already addressed the comments from @mingulov and @d3zd3z and waiting for their acceptance to merge this PR. |
I am not an official approver / maintainer for MCUboot, so unfortunately my acceptance would not help anyhow. |
@d3zd3z @de-nordic @nordicjm please have a look. |
@d3zd3z ping |
@d3zd3z @sigvartmh @nordicjm @de-nordic please have a look, if all is good, kindly merge this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Other than the whitespace issue, this looks good now.
4b7128b
to
34d4a5d
Compare
@d3zd3z Thanks for the review and fixed all the whitespace issues now. |
34d4a5d
to
b3b2644
Compare
@d3zd3z pushed changes to fix the CI. please approve to run the workflow jobs. |
b3b2644
to
4e47530
Compare
@d3zd3z please have a look, all the comments addressed and waiting to be merged. |
@DineshDK03 please add a top commit that adds a release note snippet for this feature. |
4e47530
to
2dce1e8
Compare
Currently encryption supports only private key embed in mcuboot itself. To support MCUBOOT_HW_KEY for image encryption boot_retrieve_private_key() hook is added. This hook helps retrieving private key from trusted sources like OTP, TPM. Signed-off-by: Dinesh Kumar K <[email protected]>
Signed-off-by: Dinesh Kumar K <[email protected]>
2dce1e8
to
5697293
Compare
@d3zd3z any other comments on this PR or is it good to go? |
Currently encryption supports only private key embed in mcuboot itself. To support MCUBOOT_HW_KEY for image encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted sources like OTP, TPM.