zephyr: add option to disable cryptographic check of the image

- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
  The bootloader will not verify the cryptographic signature of the image
  at boot or prior to upgrade. Image integrity check is retained.

  Images would still need to be processed using `imgtool` however no key
  should be provided to skip cryptographic signature generation.

Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>

boot/zephyr/CMakeLists.txt

@@ -141,6 +141,16 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256)
   zephyr_library_compile_definitions(
     MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
     )
+elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE)
+  zephyr_library_include_directories(
+    ${BOOT_DIR}/zephyr/include
+    ${TINYCRYPT_DIR}/include
+    )
+
+  zephyr_library_sources(
+    ${TINYCRYPT_DIR}/source/sha256.c
+    ${TINYCRYPT_DIR}/source/utils.c
+    )
 elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
   # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file
   # is set using Kconfig.)

boot/zephyr/Kconfig

@@ -62,6 +62,10 @@ choice
 	prompt "Signature type"
 	default BOOT_SIGNATURE_TYPE_RSA
 
+config BOOT_SIGNATURE_TYPE_NONE
+	bool "No signature; use only hash check"
+	select BOOT_USE_TINYCRYPT
+
 config BOOT_SIGNATURE_TYPE_RSA
 	bool "RSA signatures"
 	select BOOT_USE_MBEDTLS

boot/zephyr/keys.c

@@ -41,8 +41,6 @@ extern unsigned int ecdsa_pub_key_len;
 #define HAVE_KEYS
 extern const unsigned char ed25519_pub_key[];
 extern unsigned int ed25519_pub_key_len;
-#else
-#error "No public key available for given signing algorithm."
 #endif
 
 /*

boot/zephyr/prj.conf

@@ -15,6 +15,7 @@ CONFIG_BOOT_UPGRADE_ONLY=n
 CONFIG_BOOT_BOOTSTRAP=n
 
 ### Default to RSA
+CONFIG_BOOT_SIGNATURE_TYPE_NONE=n
 CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
 CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048
 CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n