commit db543e502617a54c1ff62d39655d4aac914b5dc0
author Hugo L'Hostis <hugo.lhostis@arm.com> Tue Mar 09 18:00:31 2021 +0000
committer Fabio Utzig <utzig@utzig.org> Thu Oct 07 14:23:51 2021 -0300
tree 7fc31cf8287b7d66a6e7694800b7b26cb41f0f6d
parent 8fcdfc5c67312f3d9630976f2d522f5c290a9e37

boot : Adding encrypted ram-load support

This patch adds the possibility to boot using ram-load with an
encrypted image. This is enabled when both the flags MCUBOOT_RAM_LOAD
and MCUBOOT_ENC_IMAGES are defined.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: I7756c2c634d90a2e726117d6cfc5650653cf1b51

docs/design.md

diff --git a/docs/design.md b/docs/design.md
index e61113d..e5e94b3 100755
--- a/docs/design.md
+++ b/docs/design.md
@@ -287,7 +287,11 @@
 flag in the image header which indicates that the image should be loaded to the
 RAM and also set the load address in the image header.
 
-The ram-load mode currently does not support the image encryption feature.
+When the encryption option is enabled (`MCUBOOT_ENC_IMAGES`) along with ram-load
+the image is checked for encryption. If the image is not encrypted, RAM loading
+happens as described above. If the image is encrypted, it is copied in RAM at
+the provided address and then decrypted. Finally, the decrypted image is
+authenticated in RAM and executed.
 
 ## [Boot Swap Types](#boot-swap-types)
 
@@ -1020,8 +1024,8 @@
 If you want to enable and use encrypted images, see:
 [encrypted_images](encrypted_images.md).
 
-Note: Image encryption is not supported when the direct-xip or the ram-load
-upgrade strategy is selected.
+Note: Image encryption is not supported when the direct-xip upgrade strategy
+is selected.
 
 ### [Using Hardware Keys for Verification](#hw-key-support)