Boot: Add encrypted image support
Introduces the 'MCUBOOT_ENCRYPT_RSA' compile time switch. When set to
'ON', adds encrypted image support in the BL2 source and encrypts the
signed images. As a result, BL2 can now accept an encrypted image
for upgrade and decrypt it when applying. It can also re-encrypt the
original image if it is kept and moved back to the secondary slot.
Change-Id: I998861c7175c136eed60ac13c802134705b5c3f3
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
diff --git a/docs/getting_started/tfm_secure_boot.rst b/docs/getting_started/tfm_secure_boot.rst
index 041da90..b590352 100644
--- a/docs/getting_started/tfm_secure_boot.rst
+++ b/docs/getting_started/tfm_secure_boot.rst
@@ -415,6 +415,15 @@
``LOG_LEVEL_INFO`` by default. In case of different kinds of ``Release``
builds its value is set to ``LOG_LEVEL_OFF`` (any other value will be
overridden).
+- MCUBOOT_ENCRYPT_RSA (default: False):
+ - **True:** Adds encrypted image support in the source and encrypts the
+ resulting image using the ``enc-rsa2048-pub.pem`` key found in the MCUBoot
+ repository.
+ - **False:** Doesn't add encrypted image support and doesn't encrypt the
+ image.
+
+ .. Warning::
+ DO NOT use this key in production code, it is exclusively for testing!
Image versioning
================