Boot: Add encrypted image support
Introduces the 'MCUBOOT_ENCRYPT_RSA' compile time switch. When set to
'ON', adds encrypted image support in the BL2 source and encrypts the
signed images. As a result, BL2 can now accept an encrypted image
for upgrade and decrypt it when applying. It can also re-encrypt the
original image if it is kept and moved back to the secondary slot.
Change-Id: I998861c7175c136eed60ac13c802134705b5c3f3
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
diff --git a/bl2/ext/mcuboot/include/config-rsa.h b/bl2/ext/mcuboot/include/config-rsa.h
index b721953..c345245 100644
--- a/bl2/ext/mcuboot/include/config-rsa.h
+++ b/bl2/ext/mcuboot/include/config-rsa.h
@@ -1,7 +1,7 @@
/*
* Minimal configuration for using TLS in the bootloader
*
- * Copyright (C) 2006-2019, Arm Limited. All rights reserved.
+ * Copyright (C) 2006-2020, Arm Limited. All rights reserved.
* Copyright (C) 2016, Linaro Ltd
*
* SPDX-License-Identifier: Apache-2.0
@@ -47,7 +47,7 @@
#define MBEDTLS_PLATFORM_PRINTF_ALT
#define MBEDTLS_RSA_C
-#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_PKCS1_V21
/* mbed TLS modules */
#define MBEDTLS_ASN1_PARSE_C
@@ -56,6 +56,7 @@
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_SHA256_C
+#define MBEDTLS_AES_C
/* Save RAM by adjusting to our exact needs */
#if MCUBOOT_SIGN_RSA_LEN == 3072
@@ -71,7 +72,6 @@
#ifdef CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING
#define MBEDTLS_CIPHER_C
-#define MBEDTLS_AES_C
#define MBEDTLS_CCM_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C