Commit Graph

10 Commits

Author SHA1 Message Date
Fabio Utzig 272c5eb540 zephyr: sim: add minimized ECIES-P256 key
Remove public key from embedded private encryption key (it was already
ignored before).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-17 16:26:53 -03:00
Fabio Utzig 42cc29abfe boot: zephyr: add ECIES-P256 configuration
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 1171df91b9 Add Zephyr infrastructure for ed25519
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Fabio Utzig 5fe874c34e Add Zephyr support for encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 13:36:13 -03:00
Fabio Utzig 806af0ed87 Update old hardcoded keys to use autogenerated
The hardcoded keys for Zephyr were removed and external references were
added for the built time autogenerated variables. A hardcoded key file
was added specifically for the simulator.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-06 11:07:06 -03:00
Marti Bolivar a4818a5565 zephyr: migrate signature type to Kconfig
Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.

This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.

Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)

We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.

To move to a single prj.conf:

- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
  the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
  depending on the case

This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.

Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
2018-04-25 18:44:03 -03:00
Fabio Utzig 19356bf45f Make mcuboot less mynewt style
Remove most of mynewt specific stuff to a separate port package. This
should make mcuboot less "mynewt'y" and slightly easier to port to.

- Mynewt specific stuff moved to boot/mynewt.
- Sample app moved from apps/boot to boot/mynewt.
- Use MYNEWT_VAL macro only on mynewt port.
- BOOTUTIL_* and MYNEWT_VAL() usage moved to MCUBOOT_ defines.
2017-06-02 10:55:27 -07:00
David Brown 0d0652a10f zephyr: use indentation consistent across mcuboot
The original Zephyr platform support files use tabs for indentation
(to match the Zephyr project).  Since this code is all together, and
will be used as the basis for other platforms, fix this indentation to
match that used by the rest of mynewt.

This change is clean with respect to "git show -b", and only changes
the indentation of the beginning of lines.
2017-04-11 17:59:04 -06:00
David Brown 3869e76090 zephyr: Support RSA, and ECDSA P-256 signing
Make it clear in the top-level Makefile how to configure mcuboot for
Zephyr for a particular signing algorithm.  Currently supported, are the
RSA signatures, and ECDSA with the P-256 curve.  These configuration
lines will select the code built in the bootloader, as well as which
public key gets included with the image.

This also adds a demo public key for the P-256 signatures.
2017-02-02 08:39:18 -07:00
David Brown 299245d7de zephyr: Move code under 'boot' directory
The Zephyr build systems makes some assumptions about the directory
layout, and encounters problems if the necessary path contains "../..".
To help this, place the zephyr directory next to the bootutil directory
so that the Makefile can just refer to "../bootutil".  This keeps all of
the build artifacts under the proper top-level directory.
2017-01-10 09:49:47 -07:00