TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 81daed09f847bf5fadea36fe081c0af3d3818699^! / . / CommonConfig.cmake
commit81daed09f847bf5fadea36fe081c0af3d3818699[log] [tgz]
authorTamas Ban <tamas.ban@arm.com>Mon May 20 15:05:22 2019 +0100
committerTamas Ban <tamas.ban@arm.com>Fri May 24 12:26:06 2019 +0000
treebd49b2f47d93578f51f5e0d59afa72c0394f76e2
parent7801ed4dcba33a5412ed5c9bcbded0ee6d48dd52 [diff] [blame]
Boot: Add RSA-3072 support to MCUBoot

PSA TBSA-M recommends to use RSA signature for firmware
authentication with at least 3072 bits length key size.
This patch introduces:
- add an example RSA-3072 key
- add configurable RSA-3072 support (RSA-2048 still available)
- set RSA-3072 to default

This change is based on:
https://github.com/JuulLabs-OSS/mcuboot/pull/476
authored by Fabio Utzig <utzig@apache.org>

Change-Id: Ic8d188f64d0dbe54aebf28c2778fb932e1afeeb9
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index c75cc79..668906b 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake

@@ -230,7 +230,7 @@
 		message(FATAL_ERROR "MCUBoot only supports RSA-2048 and RSA-3072 signature")
 	endif()
 	if (NOT DEFINED MCUBOOT_SIGNATURE_TYPE)
-		set(MCUBOOT_SIGNATURE_TYPE "RSA-2048")
+		set(MCUBOOT_SIGNATURE_TYPE "RSA-3072")
 	endif()
 	if (NOT ${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "OVERWRITE_ONLY" AND
 		NOT ${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "SWAP" AND