commit 3d76ee915c94d58ea640d40651c4a122dfad8f1b
author Roland Mikhel <roland.mikhel@arm.com> Tue Jun 13 11:01:33 2023 +0200
committer David Hu <david.hu@arm.com> Mon Sep 25 10:41:35 2023 +0200
tree b5659db9f3856f781b73587de8b47455605b639e
parent 49062b899602d6418ead674b700c2d857f46d7ce

Build: move signature key len into signature type

The current approach in MCUBoot assumes the signature type and the
key len are separate values, but this only applies to RSA. For
other signature types (such as ECDSA) the key len is not applicable.
This change merges the key length and the signature type for RSA
thus removing the need for extra conditions in the build
configuration when the signature is specified in a different way.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I5e2bba814695ec0d366b202b9c40fd7daa9484ac

docs/design_docs/booting/tfm_secure_boot.rst

diff --git a/docs/design_docs/booting/tfm_secure_boot.rst b/docs/design_docs/booting/tfm_secure_boot.rst
index c49cde1..2f92668 100644
--- a/docs/design_docs/booting/tfm_secure_boot.rst
+++ b/docs/design_docs/booting/tfm_secure_boot.rst
@@ -365,11 +365,9 @@
     - **"RAM_LOAD":** Activate RAM loading firmware upgrade operation, where
       the latest image is copied to RAM and runs from there instead of being
       executed in-place.
-- MCUBOOT_SIGNATURE_TYPE (default: RSA):
-    - **RSA:** Image is signed with RSA algorithm
-- MCUBOOT_SIGNATURE_KEY_LEN (default: 3072):
-    - **2048:** Image is signed with 2048 bit key.
-    - **3072:** Image is signed with 3072 bit key.
+- MCUBOOT_SIGNATURE_TYPE (default: RSA-3072):
+    - **RSA-2048:** Image is signed with RSA algorithm and signed with 2048 bit key.
+    - **RSA-3072:** Image is signed with RSA algorithm and signed with 3072 bit key.
 - MCUBOOT_IMAGE_NUMBER (default: 2):
     - **1:** Single image boot, secure and non-secure images are signed and
       updated together.