Boot: Use different signing key to S and NS image Secure and non-secure images might originated from different sources therefore the need to sign them with different keys is very likely. Change-Id: I46e0d549c84ba92e79c218f54e78449f1152a178 Signed-off-by: Tamas Ban <tamas.ban@arm.com>

commit: 78676acfb3a820109fff3949174face5c68b8e71 [log] [tgz]
author: Tamas Ban <tamas.ban@arm.com> Thu Jul 11 09:05:54 2019 +0100
committer: Tamas Ban <tamas.ban@arm.com> Fri Sep 06 06:59:34 2019 +0000
tree: 7f3cb1a3700f3ed876cd4b640b601021b95bb126
parent: 1d37c340766434ca2410a70c1822eb1153e5c3e0 [diff] [blame]
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index fee67a2..931f459 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c

@@ -128,6 +128,7 @@
 #ifdef EXPECTED_SIG_TLV
 #ifdef MCUBOOT_HW_KEY
 extern unsigned int pub_key_len;
+extern uint8_t current_image;
 static int
 bootutil_find_key(uint8_t *key, uint16_t key_len)
 {
@@ -141,7 +142,7 @@
     bootutil_sha256_update(&sha256_ctx, key, key_len);
     bootutil_sha256_finish(&sha256_ctx, hash);
 
-    plat_err = tfm_plat_get_rotpk_hash(0, key_hash, &key_hash_size);
+    plat_err = tfm_plat_get_rotpk_hash(current_image, key_hash, &key_hash_size);
     if (plat_err != TFM_PLAT_ERR_SUCCESS) {
         return -1;
     }
commit	78676acfb3a820109fff3949174face5c68b8e71	[log] [tgz]
author	Tamas Ban <tamas.ban@arm.com>	Thu Jul 11 09:05:54 2019 +0100
committer	Tamas Ban <tamas.ban@arm.com>	Fri Sep 06 06:59:34 2019 +0000
tree	7f3cb1a3700f3ed876cd4b640b601021b95bb126
parent	1d37c340766434ca2410a70c1822eb1153e5c3e0 [diff] [blame]