-
Notifications
You must be signed in to change notification settings - Fork 697
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reapply "boot: Add MCUBOOT_HW_KEY support for image encryption" with modifications #2022
Conversation
@DineshDK03 could you please review? |
CI is failing due to the missing signoff in the original commit. |
This reverts commit c06f7bb. Signed-off-by: David Vincze <[email protected]> Change-Id: Ic2ab2c4d3981dec3cd3c25a50b5a989000375372
Move the definition of boot_enc_retrieve_private_key() to a common file to avoid code duplication and also endure seamless transition to this new key handling approach for targets which don't use hardware keys. Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20 Signed-off-by: David Vincze <[email protected]>
6154d5a
to
e268fca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am fine with the changes.
I think that we should have some rework here because the code for key decoding keeps repeating in one form or another.
Could you elaborate on this?
|
Yes. Since only one type of encryption is used at once, we could define some key processing API that will link same name functions, but processing different keys, depending on what algorithm is selected. This can be later extended to take MCUboot identifier for key, if we decide to support more than one alg at once. Which is actually a problem also: I am currently working on making the x25519 to work with PSA and have found out that the best way would be to load key to PSA storage and use key id there, this requires change in key type, as passed in boot_status. |
I believe it was not needed before as the key-encryption key is embedded as static data and the encryption key was simply decrypted from the TLV are into the boot_status struct. But it's different with PSA as you want to destroy the imported key after it's no longer needed. Correct?
I believe the Would it be okay to merge this PR as this is a different topic? I've opened #2027 as a follow-up issue. |
Yes and no. There is also lack of general crypto init, before any crypto start, nor general crypto deinit (if that would be required); that would also be a point where we should zero all key memory, before passing execution further.
Yes, that is what I mean; with the separate key processing functions the Another problem is that with how the
Yes, yes, yes! That is why I ack the PR, let have it in and then follow with improvements.
Thanks. |
Reapply commit 0fa4627 with requested modification after reverting it in #1996.
Original PR: #1722