BL2: Enable ECDSA signature verification Add the option to use ECDSA signature verification with PSA Crypto for MCUboot by setting the MCUBOOT_SIGNATURE_TYPE to EC-P256 / EC-P384 and enabling MCUBOOT_USE_PSA_CRYPTO in the CMake configuration. Updating the MCUBOOT_VERSION to have: - ECDSA signature verification using the PSA Crypto API, - ECDSA-P384 support. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: Ida24010ca043081743712c75c3a8fe616f61c127

commit: 00cefb030aca3dfb5d629e87b37f449d8070383b [log] [tgz]
author: Roland Mikhel <roland.mikhel@arm.com> Mon Jun 05 14:38:02 2023 +0200
committer: David Hu <david.hu@arm.com> Thu Sep 28 05:27:12 2023 +0200
tree: 719e0e2a0fc52a6cdc403be695ae31a936d4e429
parent: 8b1d10470f1cf88f6170621746431d2c10f1c564 [diff] [blame]
diff --git a/docs/design_docs/booting/tfm_secure_boot.rst b/docs/design_docs/booting/tfm_secure_boot.rst
index 2f92668..be1928a 100644
--- a/docs/design_docs/booting/tfm_secure_boot.rst
+++ b/docs/design_docs/booting/tfm_secure_boot.rst

@@ -368,6 +368,8 @@
 - MCUBOOT_SIGNATURE_TYPE (default: RSA-3072):
     - **RSA-2048:** Image is signed with RSA algorithm and signed with 2048 bit key.
     - **RSA-3072:** Image is signed with RSA algorithm and signed with 3072 bit key.
+    - **EC-P256:** Image is signed with ECDSA P-256 algorithm.
+    - **EC-P384:** Image is signed with ECDSA P-384 algorithm.
 - MCUBOOT_IMAGE_NUMBER (default: 2):
     - **1:** Single image boot, secure and non-secure images are signed and
       updated together.
commit	00cefb030aca3dfb5d629e87b37f449d8070383b	[log] [tgz]
author	Roland Mikhel <roland.mikhel@arm.com>	Mon Jun 05 14:38:02 2023 +0200
committer	David Hu <david.hu@arm.com>	Thu Sep 28 05:27:12 2023 +0200
tree	719e0e2a0fc52a6cdc403be695ae31a936d4e429
parent	8b1d10470f1cf88f6170621746431d2c10f1c564 [diff] [blame]