Boot: Add OTP provisioning functionality to MCUBoot Add functionality to program hash of ROT public key and HUK to OTP. The implementation is based on the CryptoCell CMPU and DMPU production libraries. If MCUBOOT_IMAGE_NUMBER=1, store the whole 32 byte hash of: bl2/ext/mcuboot/root-rsa-<2048|3072>.pem key. If MCUBOOT_IMAGE_NUMBER=2, separately store the first 16 bytes of the hash of: bl2/ext/mcuboot/root-rsa-<2048|3072>.pem key and the first 16 bytes of the hash of: bl2/ext/mcuboot/root-rsa-<2048|3072>_1.pem key. OTP provisioning is disabled by default. In order to enable, add this to CMake command line: -DCRYPTO_HW_ACCELERATOR_OTP_STATE=PROVISIONING Change-Id: Ica589319001f5ed77d853ba45ad8e6d3c266d172 Signed-off-by: Xu Yong <yong.xu@arm.com>

commit: f824e742209dfaa17e0ff24373778b4efe99ac19 [log] [tgz]
author: Tamas Ban <tamas.ban@arm.com> Fri Oct 25 21:22:26 2019 +0100
committer: David Vincze <david.vincze@arm.com> Fri Nov 29 16:35:29 2019 +0100
tree: 5ead4b04d932448590ec4ecee00117335f63cbb0
parent: d2485afc47b03190880afd07bf53eeeb654295dd [diff] [blame]
diff --git a/bl2/ext/mcuboot/include/config-boot.h b/bl2/ext/mcuboot/include/config-boot.h
index 6b0c040..71667eb 100644
--- a/bl2/ext/mcuboot/include/config-boot.h
+++ b/bl2/ext/mcuboot/include/config-boot.h

@@ -64,6 +64,12 @@
 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
 #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
 
+#ifdef CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_CCM_C
+#endif /* CRYPTO_HW_ACCELERATOR_OTP_PROVISIONING */
+
 #ifdef CRYPTO_HW_ACCELERATOR
 #include "mbedtls_accelerator_config.h"
 #endif
commit	f824e742209dfaa17e0ff24373778b4efe99ac19	[log] [tgz]
author	Tamas Ban <tamas.ban@arm.com>	Fri Oct 25 21:22:26 2019 +0100
committer	David Vincze <david.vincze@arm.com>	Fri Nov 29 16:35:29 2019 +0100
tree	5ead4b04d932448590ec4ecee00117335f63cbb0
parent	d2485afc47b03190880afd07bf53eeeb654295dd [diff] [blame]