Build: Add RSA-3072 support
PSA TBSA-M recommends to use RSA signature for firmware
authentication with at least 3072 bits length key size.
Change-Id: I0689123d61b55167b3efab90fe520e94d9586055
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/MCUBoot.cmake b/bl2/ext/mcuboot/MCUBoot.cmake
index 95f5ff0..7c2caba 100644
--- a/bl2/ext/mcuboot/MCUBoot.cmake
+++ b/bl2/ext/mcuboot/MCUBoot.cmake
@@ -47,6 +47,14 @@
message(FATAL_ERROR "ERROR: Incomplete Configuration: FLASH_LAYOUT is not defined.")
endif()
+ if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
+ set(KEY_FILE "${MCUBOOT_DIR}/root-rsa-3072.pem")
+ elseif(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-2048")
+ set(KEY_FILE "${MCUBOOT_DIR}/root-rsa-2048.pem")
+ else()
+ message(FATAL_ERROR "${MCUBOOT_SIGNATURE_TYPE} is not supported as firmware signing algorithm")
+ endif()
+
if (DEFINED SECURITY_COUNTER)
set (ADD_SECURITY_COUNTER "-s ${SECURITY_COUNTER}")
else()
@@ -66,7 +74,7 @@
COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
ARGS sign
--layout ${FLASH_LAYOUT}
- -k ${MCUBOOT_DIR}/root-rsa-2048.pem
+ -k ${KEY_FILE}
--align 1
-v ${IMAGE_VERSION}
${ADD_SECURITY_COUNTER}