Build: Add hardware key support to MCUBoot
Makes possible in MCUBoot to get the hash of ROTPK
from SoC.
Change-Id: I1a26a526c025b38dce49e91903d69bb9c5d619c0
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/MCUBootConfig.cmake b/bl2/ext/mcuboot/MCUBootConfig.cmake
index e7cc5c0..800e8fb 100644
--- a/bl2/ext/mcuboot/MCUBootConfig.cmake
+++ b/bl2/ext/mcuboot/MCUBootConfig.cmake
@@ -25,6 +25,8 @@
set_property(CACHE MCUBOOT_SIGNATURE_TYPE PROPERTY STRINGS "RSA-3072;RSA-2048")
validate_cache_value(MCUBOOT_SIGNATURE_TYPE)
+ set(MCUBOOT_HW_KEY Off CACHE BOOL "Configure to use HW key for image verification. Otherwise key is embedded in MCUBoot image.")
+
if ((${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "NO_SWAP" OR
${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "RAM_LOADING") AND
NOT (MCUBOOT_IMAGE_NUMBER EQUAL 1))
@@ -37,11 +39,13 @@
if (DEFINED MCUBOOT_IMAGE_NUMBER OR
DEFINED MCUBOOT_UPGRADE_STRATEGY OR
- DEFINED MCUBOOT_SIGNATURE_TYPE)
+ DEFINED MCUBOOT_SIGNATURE_TYPE OR
+ DEFINED MCUBOOT_HW_KEY)
message(WARNING "Ignoring the values of MCUBOOT_* variables as BL2 option is set to False.")
set(MCUBOOT_IMAGE_NUMBER "")
set(MCUBOOT_UPGRADE_STRATEGY "")
set(MCUBOOT_SIGNATURE_TYPE "")
+ set(MCUBOOT_HW_KEY "")
endif()
if (DEFINED SECURITY_COUNTER OR