BL2: Enable ECDSA signature verification
Add the option to use ECDSA signature verification
with PSA Crypto for MCUboot by setting the
MCUBOOT_SIGNATURE_TYPE to EC-P256 / EC-P384 and enabling
MCUBOOT_USE_PSA_CRYPTO in the CMake configuration.
Updating the MCUBOOT_VERSION to have:
- ECDSA signature verification using the PSA Crypto API,
- ECDSA-P384 support.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ida24010ca043081743712c75c3a8fe616f61c127
diff --git a/bl2/CMakeLists.txt b/bl2/CMakeLists.txt
index 2322a3f..25908c2 100644
--- a/bl2/CMakeLists.txt
+++ b/bl2/CMakeLists.txt
@@ -85,6 +85,7 @@
$<$<STREQUAL:${SIG_TYPE},RSA>:MCUBOOT_SIGN_RSA>
$<$<STREQUAL:${SIG_TYPE},RSA>:MCUBOOT_SIGN_RSA_LEN=${SIG_LEN}>
$<$<BOOL:${MCUBOOT_USE_PSA_CRYPTO}>:MCUBOOT_USE_PSA_CRYPTO>
+ $<$<STREQUAL:${SIG_TYPE},EC>:MCUBOOT_SIGN_EC${SIG_LEN}>
MBEDTLS_CONFIG_FILE="${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}"
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
$<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
diff --git a/bl2/ext/mcuboot/Kconfig b/bl2/ext/mcuboot/Kconfig
index 0a2ea96..8e86d63 100644
--- a/bl2/ext/mcuboot/Kconfig
+++ b/bl2/ext/mcuboot/Kconfig
@@ -167,7 +167,7 @@
default "HIGH" if MCUBOOT_FIH_PROFILE_HIGH
config MCUBOOT_SIGNATURE_TYPE
- string "Algorithm to use for signature validation [RSA-2048, RSA-3072]"
+ string "Algorithm to use for signature validation [RSA-2048, RSA-3072, EC-P256, EC-P384]"
default "RSA-3072"
help
Note - If either SIGNATURE_TYPE or KEY_LEN are changed, the entries for KEY_S
diff --git a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
index 5eb9d59..327ba5f 100644
--- a/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
+++ b/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h
@@ -1,7 +1,7 @@
/*
* Minimal configuration for using TLS in the bootloader
*
- * Copyright (C) 2006-2022, Arm Limited. All rights reserved.
+ * Copyright (C) 2006-2023, Arm Limited. All rights reserved.
* Copyright (C) 2016, Linaro Ltd
*
* SPDX-License-Identifier: Apache-2.0
@@ -31,6 +31,7 @@
* Minimal configuration for using mbed TLS in the bootloader
*
* - RSA signature verification
+ * - ECDSA signature verification
* - Optionally, enable support for PSA Crypto APIs
*/
@@ -52,6 +53,34 @@
#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
#endif /* MCUBOOT_USE_PSA_CRYPTO */
+#if defined(MCUBOOT_SIGN_RSA)
+#define MBEDTLS_RSA_C
+#define MBEDTLS_PKCS1_V21
+/* Save RAM by adjusting to our exact needs */
+#if MCUBOOT_SIGN_RSA_LEN == 3072
+#define MBEDTLS_MPI_MAX_SIZE 384
+#else /* RSA2048 */
+#define MBEDTLS_MPI_MAX_SIZE 256
+#endif
+#endif /* MCUBOOT_SIGN_RSA */
+
+#if defined(MCUBOOT_SIGN_EC384)
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+/* When the image is signed with EC-P384 the image hash
+ * is calculated using SHA-384
+ */
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_SHA384_C
+#else
+/* All the other supported signing algorithms use SHA-256 to compute the image hash */
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA224_C
+#endif /* MCUBOOT_SIGN_EC384 */
+
+#ifdef MCUBOOT_SIGN_EC256
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#endif /* MCUBOOT_SIGN_EC256 */
+
/* System support */
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_PLATFORM_MEMORY
@@ -62,8 +91,6 @@
#define MBEDTLS_PLATFORM_EXIT_ALT
#define MBEDTLS_PLATFORM_PRINTF_ALT
-#define MBEDTLS_RSA_C
-#define MBEDTLS_PKCS1_V21
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
@@ -71,16 +98,13 @@
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SHA224_C
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_MODE_CTR
-
-/* Save RAM by adjusting to our exact needs */
-#if MCUBOOT_SIGN_RSA_LEN == 3072
-#define MBEDTLS_MPI_MAX_SIZE 384
-#else /* RSA2048 */
-#define MBEDTLS_MPI_MAX_SIZE 256
+#if defined(MCUBOOT_SIGN_EC256) || \
+ defined(MCUBOOT_SIGN_EC384)
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ECP_NIST_OPTIM
+#define MBEDTLS_ECDSA_C
#endif
#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024
diff --git a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
index a00ce48..1e8d1e8 100644
--- a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
+++ b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2018 Open Source Foundries Limited
- * Copyright (c) 2019-2022 Arm Limited
+ * Copyright (c) 2019-2023 Arm Limited
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -62,6 +62,12 @@
/*
* Cryptographic settings
*/
+/* MCUboot and TF-M also supports the usage of PSA Crypto API along with
+ * Mbed TLS as the source of cryptographic primitives. However, the support for
+ * MCUBOOT_USE_PSA_CRYPTO is still limited and it doesn't cover all the
+ * crypto abstractions of MCUboot. For this reason it's allowed to have both
+ * of them defined, in which case MCUBOOT_USE_PSA_CRYPTO will take precedence.
+ */
#define MCUBOOT_USE_MBED_TLS
/*
diff --git a/bl2/ext/mcuboot/keys.c b/bl2/ext/mcuboot/keys.c
index 6325b1e..e250429 100644
--- a/bl2/ext/mcuboot/keys.c
+++ b/bl2/ext/mcuboot/keys.c
@@ -219,7 +219,7 @@
0xfb, 0x02, 0x03, 0x01, 0x00, 0x01,
};
const unsigned int rsa_pub_key_len_1 = 270;
-#endif
+#endif /* MCUBOOT_IMAGE_NUMBER > 1 */
#elif MCUBOOT_SIGN_RSA_LEN == 3072
#define HAVE_KEYS
const unsigned char rsa_pub_key[] = {
@@ -329,13 +329,90 @@
0xa7, 0x02, 0x03, 0x01, 0x00, 0x01,
};
const unsigned int rsa_pub_key_len_1 = 398;
-#endif
-#endif
+#endif /* MCUBOOT_IMAGE_NUMBER > 1 */
+#endif /* MCUBOOT_SIGN_RSA_LEN */
+
+#elif defined(MCUBOOT_SIGN_EC256) || \
+ defined(MCUBOOT_SIGN_EC384)
+#define HAVE_KEYS
+#ifndef MCUBOOT_SIGN_EC384
+const unsigned char ecdsa_pub_key[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x2a, 0xcb, 0x40, 0x3c, 0xe8,
+ 0xfe, 0xed, 0x5b, 0xa4, 0x49, 0x95, 0xa1, 0xa9,
+ 0x1d, 0xae, 0xe8, 0xdb, 0xbe, 0x19, 0x37, 0xcd,
+ 0x14, 0xfb, 0x2f, 0x24, 0x57, 0x37, 0xe5, 0x95,
+ 0x39, 0x88, 0xd9, 0x94, 0xb9, 0xd6, 0x5a, 0xeb,
+ 0xd7, 0xcd, 0xd5, 0x30, 0x8a, 0xd6, 0xfe, 0x48,
+ 0xb2, 0x4a, 0x6a, 0x81, 0x0e, 0xe5, 0xf0, 0x7d,
+ 0x8b, 0x68, 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53,
+ 0x8e, 0xfa, 0xc1, };
+const unsigned int ecdsa_pub_key_len = 91;
+#if (MCUBOOT_IMAGE_NUMBER > 1)
+const unsigned char ecdsa_pub_key_1[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0xe8, 0x09, 0x08, 0x12, 0x3a,
+ 0x0f, 0xad, 0x40, 0xe0, 0x33, 0x8a, 0xa6, 0x54,
+ 0xf8, 0x83, 0x95, 0x41, 0x8e, 0x44, 0x99, 0xa2,
+ 0x0f, 0xae, 0x85, 0x69, 0x2b, 0xf9, 0x26, 0xb5,
+ 0xe9, 0x9e, 0x16, 0x2c, 0x87, 0x76, 0x62, 0x7f,
+ 0x32, 0x6c, 0x9b, 0x70, 0x78, 0x06, 0x52, 0x52,
+ 0x52, 0xca, 0x2b, 0xd2, 0xb7, 0xc7, 0x50, 0x07,
+ 0x66, 0x3b, 0x3b, 0xdf, 0xe1, 0x99, 0x69, 0x00,
+ 0x26, 0x2c, 0x33,
+};
+const unsigned int ecdsa_pub_key_len_1 = 91;
+#endif /* MCUBOOT_IMAGE_NUMBER > 1 */
+#else /* !MCUBOOT_SIGN_EC384 */
+const unsigned char ecdsa_pub_key[] = {
+ 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
+ 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
+ 0x0c, 0x76, 0xca, 0xae, 0x72, 0x3a, 0xa5, 0xe8,
+ 0xf0, 0xd4, 0xf1, 0x16, 0xb5, 0x02, 0xef, 0x77,
+ 0xa1, 0x1b, 0x93, 0x61, 0x78, 0xc0, 0x09, 0x26,
+ 0x7b, 0x3b, 0x40, 0x9c, 0xee, 0x49, 0x85, 0xe0,
+ 0xc9, 0x4f, 0xe7, 0xf2, 0xba, 0x97, 0x6c, 0xf3,
+ 0x82, 0x65, 0x14, 0x2c, 0xf5, 0x0c, 0x73, 0x33,
+ 0x4d, 0x32, 0xe7, 0x9b, 0xd3, 0x42, 0xcc, 0x95,
+ 0x5a, 0xe5, 0xe2, 0xf5, 0xf4, 0x6e, 0x45, 0xe0,
+ 0xed, 0x20, 0x35, 0x5c, 0xaf, 0x52, 0x35, 0x81,
+ 0xd4, 0xdc, 0x9c, 0xe3, 0x9e, 0x22, 0x3e, 0xfb,
+ 0x3f, 0x22, 0x10, 0xda, 0x70, 0x03, 0x37, 0xad,
+ 0xa8, 0xf2, 0x48, 0xfe, 0x3a, 0x60, 0x69, 0xa5,
+};
+const unsigned int ecdsa_pub_key_len = 120;
+#if (MCUBOOT_IMAGE_NUMBER > 1)
+const unsigned char ecdsa_pub_key_1[] = {
+ 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
+ 0x81, 0x04, 0x00, 0x22, 0x03, 0x62, 0x00, 0x04,
+ 0x34, 0x43, 0xad, 0x59, 0x83, 0xd9, 0x41, 0x65,
+ 0xdc, 0x20, 0xb8, 0x62, 0x35, 0xf8, 0x7d, 0x94,
+ 0x13, 0x5e, 0x75, 0xe6, 0xa8, 0x79, 0xe9, 0xcb,
+ 0xfd, 0xa7, 0x2e, 0x92, 0x95, 0x82, 0xa6, 0xc5,
+ 0xdd, 0x53, 0xc7, 0x3d, 0x46, 0xed, 0x75, 0xd5,
+ 0x20, 0xb5, 0xbe, 0x74, 0x2a, 0x6d, 0x30, 0xe2,
+ 0x31, 0x50, 0x1c, 0x7f, 0xc7, 0x7b, 0x4a, 0x73,
+ 0x55, 0xf8, 0x92, 0x60, 0xff, 0x2f, 0x18, 0x04,
+ 0xbc, 0xc7, 0xd9, 0xce, 0xda, 0xa6, 0x36, 0x52,
+ 0xec, 0x2b, 0x64, 0x6e, 0x7a, 0x97, 0x60, 0x9d,
+ 0x8c, 0xba, 0xfe, 0xec, 0x9a, 0xb0, 0xc2, 0x6e,
+ 0x3d, 0x75, 0x2a, 0x98, 0xb2, 0xa3, 0x09, 0x84,
+};
+const unsigned int ecdsa_pub_key_len_1 = 120;
+#endif /* MCUBOOT_IMAGE_NUMBER > 1 */
+#endif /* !MCUBOOT_SIGN_EC384 */
#else
#error "No public key available for given signing algorithm."
#endif
#if defined(HAVE_KEYS)
+#if defined(MCUBOOT_SIGN_RSA)
const struct bootutil_key bootutil_keys[] = {
{
.key = rsa_pub_key,
@@ -401,6 +478,35 @@
#endif /* MCUBOOT_IMAGE_NUMBER > 9 */
};
const int bootutil_key_cnt = MCUBOOT_IMAGE_NUMBER;
+#elif defined(MCUBOOT_SIGN_EC256) || \
+ defined(MCUBOOT_SIGN_EC384)
+const struct bootutil_key bootutil_keys[] = {
+ {
+ .key = ecdsa_pub_key,
+ .len = &ecdsa_pub_key_len,
+ },
+#if (MCUBOOT_IMAGE_NUMBER > 1)
+ {
+ .key = ecdsa_pub_key_1,
+ .len = &ecdsa_pub_key_len_1,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 1 */
+#if (MCUBOOT_IMAGE_NUMBER > 2)
+ {
+ /* FIXME assuming the image 0 key is reused here */
+ .key = ecdsa_pub_key,
+ .len = &ecdsa_pub_key_len,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 2 */
+#if (MCUBOOT_IMAGE_NUMBER > 3)
+ {
+ /* FIXME assuming the image 0 key is reused here */
+ .key = ecdsa_pub_key,
+ .len = &ecdsa_pub_key,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 3 */
+};
+#endif /* MCUBOOT_SIGN_RSA */
#endif /* HAVE_KEYS */
#else /* MCUBOOT_HW_KEY */
unsigned int pub_key_len;
diff --git a/bl2/ext/mcuboot/mcuboot_default_config.cmake b/bl2/ext/mcuboot/mcuboot_default_config.cmake
index b092159..f706b25 100644
--- a/bl2/ext/mcuboot/mcuboot_default_config.cmake
+++ b/bl2/ext/mcuboot/mcuboot_default_config.cmake
@@ -46,7 +46,7 @@
# and KEY_NS will either have to be updated manually or removed from the cache.
# `cmake .. -UMCUBOOT_KEY_S -UMCUBOOT_KEY_NS`. Once removed from the cache it
# will be set to default again.
-set(MCUBOOT_SIGNATURE_TYPE "RSA-3072" CACHE STRING "Algorithm to use for signature validation [RSA-2048, RSA-3072]")
+set(MCUBOOT_SIGNATURE_TYPE "RSA-3072" CACHE STRING "Algorithm to use for signature validation [RSA-2048, RSA-3072, EC-P256, EC-P384]")
set(MCUBOOT_GENERATE_SIGNING_KEYPAIR OFF CACHE BOOL "Generate new keypair for signing and use that instead of MCUBOOT_KEY_S and MCUBOOT_KEY_NS")
set(MCUBOOT_KEY_S "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}.pem" CACHE FILEPATH "Path to key with which to sign secure binary")
set(MCUBOOT_KEY_NS "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}_1.pem" CACHE FILEPATH "Path to key with which to sign non-secure binary")
diff --git a/bl2/ext/mcuboot/root-EC-P256.pem b/bl2/ext/mcuboot/root-EC-P256.pem
new file mode 100644
index 0000000..2f4accf
--- /dev/null
+++ b/bl2/ext/mcuboot/root-EC-P256.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEINeY1S+DASQ701QrflXtTHRhGQCw+VBagk/h6OwGO8/xoAoGCCqGSM49
+AwEHoUQDQgAEKstAPOj+7VukSZWhqR2u6Nu+GTfNFPsvJFc35ZU5iNmUudZa69fN
+1TCK1v5IskpqgQ7l8H2LaDTMOmr8U476wQ==
+-----END EC PRIVATE KEY-----
diff --git a/bl2/ext/mcuboot/root-EC-P256_1.pem b/bl2/ext/mcuboot/root-EC-P256_1.pem
new file mode 100644
index 0000000..14d3cc0
--- /dev/null
+++ b/bl2/ext/mcuboot/root-EC-P256_1.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIE63lyX+4SKpLjiRZejUu6YP43AYXDkaTxRwuuOANZFsoAoGCCqGSM49
+AwEHoUQDQgAE6AkIEjoPrUDgM4qmVPiDlUGORJmiD66FaSv5JrXpnhYsh3ZifzJs
+m3B4BlJSUsor0rfHUAdmOzvf4ZlpACYsMw==
+-----END EC PRIVATE KEY-----
diff --git a/bl2/ext/mcuboot/root-EC-P384.pem b/bl2/ext/mcuboot/root-EC-P384.pem
new file mode 100644
index 0000000..916c800
--- /dev/null
+++ b/bl2/ext/mcuboot/root-EC-P384.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDC8ZQWjooCCaLQJ9DJNKMyPoUoFcqGluXGu13Zf526RX6TdRhnkExtL
+1T7fC13n32CgBwYFK4EEACKhZANiAAQMdsqucjql6PDU8Ra1Au93oRuTYXjACSZ7
+O0Cc7kmF4MlP5/K6l2zzgmUULPUMczNNMueb00LMlVrl4vX0bkXg7SA1XK9SNYHU
+3JzjniI++z8iENpwAzetqPJI/jpgaaU=
+-----END EC PRIVATE KEY-----
diff --git a/bl2/ext/mcuboot/root-EC-P384_1.pem b/bl2/ext/mcuboot/root-EC-P384_1.pem
new file mode 100644
index 0000000..832bbf3
--- /dev/null
+++ b/bl2/ext/mcuboot/root-EC-P384_1.pem
@@ -0,0 +1,6 @@
+-----BEGIN EC PRIVATE KEY-----
+MIGkAgEBBDAAOffMf/4Ye8tzoEm7QaM4H9NoWgkZMTLQ/U1G0YsKPTtP00aOVUrz
+JSNoxoAuEY+gBwYFK4EEACKhZANiAAQ0Q61Zg9lBZdwguGI1+H2UE1515qh56cv9
+py6SlYKmxd1Txz1G7XXVILW+dCptMOIxUBx/x3tKc1X4kmD/LxgEvMfZztqmNlLs
+K2RuepdgnYy6/uyasMJuPXUqmLKjCYQ=
+-----END EC PRIVATE KEY-----
diff --git a/bl2/src/provisioning.c b/bl2/src/provisioning.c
index ece4e47..6c0dc15 100644
--- a/bl2/src/provisioning.c
+++ b/bl2/src/provisioning.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -17,15 +17,21 @@
#define ASSEMBLY_AND_TEST_PROV_DATA_MAGIC 0xC0DEFEED
+#ifdef MCUBOOT_SIGN_EC384
+#define PUB_KEY_HASH_SIZE (48)
+#else
+#define PUB_KEY_HASH_SIZE (32)
+#endif
+
__PACKED_STRUCT bl2_assembly_and_test_provisioning_data_t {
uint32_t magic;
- uint8_t bl2_rotpk_0[32];
- uint8_t bl2_rotpk_1[32];
+ uint8_t bl2_rotpk_0[PUB_KEY_HASH_SIZE];
+ uint8_t bl2_rotpk_1[PUB_KEY_HASH_SIZE];
#if (MCUBOOT_IMAGE_NUMBER > 2)
- uint8_t bl2_rotpk_2[32];
+ uint8_t bl2_rotpk_2[PUB_KEY_HASH_SIZE];
#endif
#if (MCUBOOT_IMAGE_NUMBER > 3)
- uint8_t bl2_rotpk_3[32];
+ uint8_t bl2_rotpk_3[PUB_KEY_HASH_SIZE];
#endif
#ifdef PLATFORM_PSA_ADAC_SECURE_DEBUG
@@ -102,6 +108,80 @@
0xdf, 0x34, 0xc3, 0x29, 0x48, 0x9a, 0xdc, 0x38,
},
#endif /* MCUBOOT_IMAGE_NUMBER > 3 */
+#elif defined(MCUBOOT_SIGN_EC256)
+ /* bl2 rotpk 0 */
+ {
+ 0xe3, 0x04, 0x66, 0xf6, 0xb8, 0x47, 0x0c, 0x1f,
+ 0x29, 0x07, 0x0b, 0x17, 0xf1, 0xe2, 0xd3, 0xe9,
+ 0x4d, 0x44, 0x5e, 0x3f, 0x60, 0x80, 0x87, 0xfd,
+ 0xc7, 0x11, 0xe4, 0x38, 0x2b, 0xb5, 0x38, 0xb6,
+ },
+ /* bl2 rotpk 1 */
+ {
+ 0x82, 0xa5, 0xb4, 0x43, 0x59, 0x48, 0x53, 0xd4,
+ 0xbf, 0x0f, 0xdd, 0x89, 0xa9, 0x14, 0xa5, 0xdc,
+ 0x16, 0xf8, 0x67, 0x54, 0x82, 0x07, 0xd7, 0x07,
+ 0x7e, 0x74, 0xd8, 0x0c, 0x06, 0x3e, 0xfd, 0xa9,
+ },
+#if MCUBOOT_IMAGE_NUMBER > 2
+ /* bl2 rotpk 2 */
+ {
+ 0xe3, 0x04, 0x66, 0xf6, 0xb8, 0x47, 0x0c, 0x1f,
+ 0x29, 0x07, 0x0b, 0x17, 0xf1, 0xe2, 0xd3, 0xe9,
+ 0x4d, 0x44, 0x5e, 0x3f, 0x60, 0x80, 0x87, 0xfd,
+ 0xc7, 0x11, 0xe4, 0x38, 0x2b, 0xb5, 0x38, 0xb6,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 2 */
+#if MCUBOOT_IMAGE_NUMBER > 3
+ /* bl2 rotpk 3 */
+ {
+ 0xe3, 0x04, 0x66, 0xf6, 0xb8, 0x47, 0x0c, 0x1f,
+ 0x29, 0x07, 0x0b, 0x17, 0xf1, 0xe2, 0xd3, 0xe9,
+ 0x4d, 0x44, 0x5e, 0x3f, 0x60, 0x80, 0x87, 0xfd,
+ 0xc7, 0x11, 0xe4, 0x38, 0x2b, 0xb5, 0x38, 0xb6,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 3 */
+#elif defined(MCUBOOT_SIGN_EC384)
+ /* bl2 rotpk 0 */
+ {
+ 0x85, 0xb7, 0xbd, 0x5f, 0x5d, 0xff, 0x9a, 0x03,
+ 0xa9, 0x99, 0x27, 0xad, 0xaf, 0x6c, 0xa6, 0xfe,
+ 0xbd, 0xe8, 0x22, 0xc1, 0xa4, 0x80, 0x92, 0x83,
+ 0x24, 0xa8, 0xe6, 0x03, 0x23, 0x71, 0x5c, 0x57,
+ 0x79, 0x46, 0x1c, 0x49, 0x6a, 0x95, 0xae, 0xe8,
+ 0xc4, 0xf9, 0x0b, 0x99, 0x77, 0x9f, 0x84, 0x8a,
+ },
+ /* bl2 rotpk 1 */
+ {
+ 0xae, 0x13, 0xb7, 0x1d, 0xae, 0x49, 0xa7, 0xb8,
+ 0x9d, 0x4d, 0x8e, 0xe5, 0x09, 0x5c, 0xb8, 0xd4,
+ 0x5a, 0x32, 0xbd, 0x9c, 0x7d, 0x50, 0x1c, 0xd3,
+ 0xb8, 0xf8, 0x6c, 0xbc, 0x8b, 0x41, 0x43, 0x9b,
+ 0x1b, 0x22, 0x5c, 0xc3, 0x6a, 0x5b, 0xa8, 0x08,
+ 0x1d, 0xf0, 0x71, 0xe0, 0xcb, 0xbc, 0x61, 0x92,
+ },
+#if MCUBOOT_IMAGE_NUMBER > 2
+ /* bl2 rotpk 2 */
+ {
+ 0x85, 0xb7, 0xbd, 0x5f, 0x5d, 0xff, 0x9a, 0x03,
+ 0xa9, 0x99, 0x27, 0xad, 0xaf, 0x6c, 0xa6, 0xfe,
+ 0xbd, 0xe8, 0x22, 0xc1, 0xa4, 0x80, 0x92, 0x83,
+ 0x24, 0xa8, 0xe6, 0x03, 0x23, 0x71, 0x5c, 0x57,
+ 0x79, 0x46, 0x1c, 0x49, 0x6a, 0x95, 0xae, 0xe8,
+ 0xc4, 0xf9, 0x0b, 0x99, 0x77, 0x9f, 0x84, 0x8a,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 2 */
+#if MCUBOOT_IMAGE_NUMBER > 3
+ /* bl2 rotpk 3 */
+ {
+ 0x85, 0xb7, 0xbd, 0x5f, 0x5d, 0xff, 0x9a, 0x03,
+ 0xa9, 0x99, 0x27, 0xad, 0xaf, 0x6c, 0xa6, 0xfe,
+ 0xbd, 0xe8, 0x22, 0xc1, 0xa4, 0x80, 0x92, 0x83,
+ 0x24, 0xa8, 0xe6, 0x03, 0x23, 0x71, 0x5c, 0x57,
+ 0x79, 0x46, 0x1c, 0x49, 0x6a, 0x95, 0xae, 0xe8,
+ 0xc4, 0xf9, 0x0b, 0x99, 0x77, 0x9f, 0x84, 0x8a,
+ },
+#endif /* MCUBOOT_IMAGE_NUMBER > 3 */
#else
#error "No public key available for given signing algorithm."
#endif /* MCUBOOT_SIGN_RSA_LEN */
diff --git a/bl2/src/shared_data.c b/bl2/src/shared_data.c
index 07167d6..45dddea 100644
--- a/bl2/src/shared_data.c
+++ b/bl2/src/shared_data.c
@@ -18,13 +18,27 @@
#include "bootutil_priv.h"
#include "psa/crypto.h"
+#if defined(MCUBOOT_SIGN_EC384)
+#define MCUBOOT_HASH_ALG PSA_ALG_SHA_384
+#define MCUBOOT_HASH_SIZE (48)
+#else
#define MCUBOOT_HASH_ALG PSA_ALG_SHA_256
#define MCUBOOT_HASH_SIZE (32)
+#endif /* MCUBOOT_SIGN_EC384 */
#ifdef MCUBOOT_HW_KEY
-#include "bootutil/crypto/sha256.h"
+#include "bootutil/crypto/sha.h"
+#if defined(MCUBOOT_SIGN_RSA)
#define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
-#endif
+#define SIG_EXTRA_BYTES (24) /* Few extra bytes for encoding and for public exponent. */
+#elif defined(MCUBOOT_SIGN_EC256)
+#define SIG_BUF_SIZE (64) /* Curve byte (32) * 2 for EC-256 */
+#define SIG_EXTRA_BYTES (32)
+#elif defined(MCUBOOT_SIGN_EC384)
+#define SIG_BUF_SIZE (96) /* Curve byte (48) * 2 for EC-384 */
+#define SIG_EXTRA_BYTES (48)
+#endif /* MCUBOOT_SIGN_RSA */
+#endif /* MCUBOOT_HW_KEY */
#endif /* TFM_MEASURED_BOOT_API */
/* Firmware Update specific macros */
@@ -72,8 +86,8 @@
uint16_t type;
#ifdef MCUBOOT_HW_KEY
/* Few extra bytes for encoding and for public exponent. */
- uint8_t key_buf[SIG_BUF_SIZE + 24];
- bootutil_sha256_context sha256_ctx;
+ uint8_t key_buf[SIG_BUF_SIZE + SIG_EXTRA_BYTES];
+ bootutil_sha_context sha_ctx;
#endif
int rc;
@@ -97,7 +111,7 @@
break;
}
- if (type == IMAGE_TLV_SHA256) {
+ if (type == EXPECTED_HASH_TLV) {
/* Retrieve the image hash (measurement value) from the TLV area. */
if (len > measurement_buf_size) {
return -1;
@@ -122,9 +136,9 @@
}
/* Calculate the hash of the public key (signer ID). */
- bootutil_sha256_init(&sha256_ctx);
- bootutil_sha256_update(&sha256_ctx, key_buf, len);
- bootutil_sha256_finish(&sha256_ctx, metadata->signer_id);
+ bootutil_sha_init(&sha_ctx);
+ bootutil_sha_update(&sha_ctx, key_buf, len);
+ bootutil_sha_finish(&sha_ctx, metadata->signer_id);
#else
} else if (type == IMAGE_TLV_KEYHASH) {
/* Retrieve the signer ID (hash of PUBKEY) from the TLV area. */
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 7217c42..5e38818 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -58,6 +58,9 @@
# Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs
tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 9)
+tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "EC-P256" AND NOT MCUBOOT_USE_PSA_CRYPTO)
+tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "EC-P384" AND NOT MCUBOOT_USE_PSA_CRYPTO)
+
tfm_invalid_config((BL2 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND NOT CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS) AND NOT MCUBOOT_DATA_SHARING)
tfm_invalid_config((NOT (TFM_PARTITION_FIRMWARE_UPDATE OR CONFIG_TFM_BOOT_STORE_MEASUREMENTS)) AND MCUBOOT_DATA_SHARING)
diff --git a/config/config_base.cmake b/config/config_base.cmake
index a985986..110e9e0 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -28,7 +28,7 @@
set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
-set(MCUBOOT_VERSION "258a6c7" CACHE STRING "The version of MCUboot to use")
+set(MCUBOOT_VERSION "9bef51c" CACHE STRING "The version of MCUboot to use")
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
set(PSA_ARCH_TESTS_VERSION "5c57920" CACHE STRING "The version of PSA arch tests to use")
diff --git a/docs/design_docs/booting/tfm_secure_boot.rst b/docs/design_docs/booting/tfm_secure_boot.rst
index 2f92668..be1928a 100644
--- a/docs/design_docs/booting/tfm_secure_boot.rst
+++ b/docs/design_docs/booting/tfm_secure_boot.rst
@@ -368,6 +368,8 @@
- MCUBOOT_SIGNATURE_TYPE (default: RSA-3072):
- **RSA-2048:** Image is signed with RSA algorithm and signed with 2048 bit key.
- **RSA-3072:** Image is signed with RSA algorithm and signed with 3072 bit key.
+ - **EC-P256:** Image is signed with ECDSA P-256 algorithm.
+ - **EC-P384:** Image is signed with ECDSA P-384 algorithm.
- MCUBOOT_IMAGE_NUMBER (default: 2):
- **1:** Single image boot, secure and non-secure images are signed and
updated together.