This reverts commit 0fa46270c0.
This breaks:
samples/synchronization/sample.kernel.synchronization on
b_u585i_iot02a/stm32u585xx/ns error
as this TF-M configuration uses its own keys. This change is an API
change that needs to be coordinated with TF-M changes.
Before this revert, compiling this test results in:
.../encrypted.c:447: undefined reference to
`boot_enc_retrieve_private_key`
Signed-off-by: David Brown <david.brown@linaro.org>
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581
Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
David Brown