Boot: Add hardware key support to MCUBoot PSA Trusted Boot and Firmware Update specification requires the support of at least one immutable root of trust public key (ROTPK) for firmware verification. This key is provisioned to the SoC during manufacturing. This change enables MCUBoot to get the ROTPK hash from the SoC and compare with calculated hash of public key from image manifest to validate the key which is used for firmware authentication before usage. Change-Id: I68cf4104bc2984fa8ad4c902d2a9a36064939f1e Signed-off-by: Tamas Ban <tamas.ban@arm.com>

commit: 1d37c340766434ca2410a70c1822eb1153e5c3e0 [log] [tgz]
author: Tamas Ban <tamas.ban@arm.com> Thu Jul 11 08:55:55 2019 +0100
committer: Tamas Ban <tamas.ban@arm.com> Fri Sep 06 06:59:34 2019 +0000
tree: e3b20425aa81296ed0c04ff465c3e2c331277c41
parent: d0f4e1d284508bc8833cd03076f02f542d827fc7 [diff] [blame]
diff --git a/bl2/ext/mcuboot/keys.c b/bl2/ext/mcuboot/keys.c
index ba282d1..5ec013b 100644
--- a/bl2/ext/mcuboot/keys.c
+++ b/bl2/ext/mcuboot/keys.c

@@ -26,6 +26,7 @@
 
 #include <bootutil/sign_key.h>
 
+#if !defined(MCUBOOT_HW_KEY)
 #if defined(MCUBOOT_SIGN_RSA)
 #if MCUBOOT_SIGN_RSA_LEN == 2048
 #define HAVE_KEYS
@@ -135,3 +136,13 @@
 };
 const int bootutil_key_cnt = 1;
 #endif
+#else /* MCUBOOT_HW_KEY */
+unsigned int pub_key_len;
+struct bootutil_key bootutil_keys[1] = {
+    {
+        .key = 0,
+        .len = &pub_key_len,
+    },
+};
+const int bootutil_key_cnt = 1;
+#endif
commit	1d37c340766434ca2410a70c1822eb1153e5c3e0	[log] [tgz]
author	Tamas Ban <tamas.ban@arm.com>	Thu Jul 11 08:55:55 2019 +0100
committer	Tamas Ban <tamas.ban@arm.com>	Fri Sep 06 06:59:34 2019 +0000
tree	e3b20425aa81296ed0c04ff465c3e2c331277c41
parent	d0f4e1d284508bc8833cd03076f02f542d827fc7 [diff] [blame]