imgtool: Add clear image generation with encryption capability
Create an option to generate a clear image with encryption capability
that can be installed on a primary slot. Since image has encryption
capability image can be swapped encrypted in secondary slot
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index 2f0a1fa..d04333e 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py
@@ -305,7 +305,7 @@
return cipherkey, ciphermac, pubk
def create(self, key, public_key_format, enckey, dependencies=None,
- sw_type=None, custom_tlvs=None, encrypt_keylen=128):
+ sw_type=None, custom_tlvs=None, encrypt_keylen=128, clear=False):
self.enckey = enckey
# Calculate the hash of the public key
@@ -472,13 +472,14 @@
else:
tlv.add('ENCX25519', enctlv)
- nonce = bytes([0] * 16)
- cipher = Cipher(algorithms.AES(plainkey), modes.CTR(nonce),
- backend=default_backend())
- encryptor = cipher.encryptor()
- img = bytes(self.payload[self.header_size:])
- self.payload[self.header_size:] = \
- encryptor.update(img) + encryptor.finalize()
+ if not clear:
+ nonce = bytes([0] * 16)
+ cipher = Cipher(algorithms.AES(plainkey), modes.CTR(nonce),
+ backend=default_backend())
+ encryptor = cipher.encryptor()
+ img = bytes(self.payload[self.header_size:])
+ self.payload[self.header_size:] = \
+ encryptor.update(img) + encryptor.finalize()
self.payload += prot_tlv.get()
self.payload += tlv.get()