aboutsummaryrefslogtreecommitdiff
path: root/bl2/ext/mcuboot/CMakeLists.txt
diff options
context:
space:
mode:
Diffstat (limited to 'bl2/ext/mcuboot/CMakeLists.txt')
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt5
1 files changed, 4 insertions, 1 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index d113a92de2..c8dd0a3853 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -197,10 +197,13 @@ if(NS)
DEPENDS tfm_s_ns_bin tfm_s_ns.bin
DEPENDS signing_layout_s
+ # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
+ # In such a configuration there is a subsystem with higher privileges controlling the
+ # the boot process and current implementation requires to use the non-secure key here.
COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
-v ${MCUBOOT_IMAGE_VERSION_S}
--layout $<TARGET_OBJECTS:signing_layout_s>
- -k ${MCUBOOT_KEY_S}
+ -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
--align 1
--pad