From fb5ec1877d7d176e2a36358eebb2d02e0f51e698 Mon Sep 17 00:00:00 2001
From: Arvin Farahmand <arvinf@ip-logix.com>
Date: Tue, 5 May 2020 11:44:12 -0400
Subject: [PATCH] zephyr: add option to disable cryptographic check of the
 image

- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
  The bootloader will not verify the cryptographic signature of the image
  at boot or prior to upgrade. Image integrity check is retained.

  Images would still need to be processed using `imgtool` however no key
  should be provided to skip cryptographic signature generation.

Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
---
 boot/zephyr/CMakeLists.txt | 10 ++++++++++
 boot/zephyr/Kconfig        |  4 ++++
 boot/zephyr/keys.c         |  2 --
 boot/zephyr/prj.conf       |  1 +
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index c382c528..cda5a48e 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt
@@ -141,6 +141,16 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256)
   zephyr_library_compile_definitions(
     MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
     )
+elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE)
+  zephyr_library_include_directories(
+    ${BOOT_DIR}/zephyr/include
+    ${TINYCRYPT_DIR}/include
+    )
+
+  zephyr_library_sources(
+    ${TINYCRYPT_DIR}/source/sha256.c
+    ${TINYCRYPT_DIR}/source/utils.c
+    )
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
   # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file
   # is set using Kconfig.)
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index b1969529..3b5f91fd 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -62,6 +62,10 @@ choice
 	prompt "Signature type"
 	default BOOT_SIGNATURE_TYPE_RSA
 
+config BOOT_SIGNATURE_TYPE_NONE
+	bool "No signature; use only hash check"
+	select BOOT_USE_TINYCRYPT
+
 config BOOT_SIGNATURE_TYPE_RSA
 	bool "RSA signatures"
 	select BOOT_USE_MBEDTLS
diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c
index 5dd0ca28..72147483 100644
--- a/boot/zephyr/keys.c
+++ b/boot/zephyr/keys.c
@@ -41,8 +41,6 @@ extern unsigned int ecdsa_pub_key_len;
 #define HAVE_KEYS
 extern const unsigned char ed25519_pub_key[];
 extern unsigned int ed25519_pub_key_len;
-#else
-#error "No public key available for given signing algorithm."
 #endif
 
 /*
diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index 71e9a2a3..17826db0 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf
@@ -15,6 +15,7 @@ CONFIG_BOOT_UPGRADE_ONLY=n
 CONFIG_BOOT_BOOTSTRAP=n
 
 ### Default to RSA
+CONFIG_BOOT_SIGNATURE_TYPE_NONE=n
 CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
 CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048
 CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n