Boot: Add encrypted image support Introduces the 'MCUBOOT_ENCRYPT_RSA' compile time switch. When set to 'ON', adds encrypted image support in the BL2 source and encrypts the signed images. As a result, BL2 can now accept an encrypted image for upgrade and decrypt it when applying. It can also re-encrypt the original image if it is kept and moved back to the secondary slot. Change-Id: I998861c7175c136eed60ac13c802134705b5c3f3 Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>

commit: 5c476315f5568ead687e25d34b17efb6c4dab988 [log] [tgz]
author: Balint Matyi <Balint.Matyi@arm.com> Tue Mar 31 13:15:39 2020 +0100
committer: Tamas Ban <tamas.ban@arm.com> Wed Jul 22 11:40:16 2020 +0000
tree: b53f781dda6c7781e57b1a0aafc877605663041e
parent: d9abb4973c5d7842f3bab8a7b34736472000f98e [diff] [blame]
diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index 3d4ddae..c428d5e 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c

@@ -50,7 +50,12 @@
 /* Flash device name must be specified by target */
 extern ARM_DRIVER_FLASH FLASH_DEV_NAME;
 
+#ifdef MCUBOOT_ENCRYPT_RSA
+#define BL2_MBEDTLS_MEM_BUF_LEN 0x225C
+#else
 #define BL2_MBEDTLS_MEM_BUF_LEN 0x2000
+#endif
+
 /* Static buffer to be used by mbedtls for memory allocation */
 static uint8_t mbedtls_mem_buf[BL2_MBEDTLS_MEM_BUF_LEN];
commit	5c476315f5568ead687e25d34b17efb6c4dab988	[log] [tgz]
author	Balint Matyi <Balint.Matyi@arm.com>	Tue Mar 31 13:15:39 2020 +0100
committer	Tamas Ban <tamas.ban@arm.com>	Wed Jul 22 11:40:16 2020 +0000
tree	b53f781dda6c7781e57b1a0aafc877605663041e
parent	d9abb4973c5d7842f3bab8a7b34736472000f98e [diff] [blame]