Build: Add RSA-3072 support
PSA TBSA-M recommends to use RSA signature for firmware
authentication with at least 3072 bits length key size.
Change-Id: I0689123d61b55167b3efab90fe520e94d9586055
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index 318e7f0..c75cc79 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -226,6 +226,12 @@
if (BL2)
add_definitions(-DBL2)
+ if (NOT ${MCUBOOT_SIGNATURE_TYPE} STREQUAL "RSA-2048" AND NOT ${MCUBOOT_SIGNATURE_TYPE} STREQUAL "RSA-3072")
+ message(FATAL_ERROR "MCUBoot only supports RSA-2048 and RSA-3072 signature")
+ endif()
+ if (NOT DEFINED MCUBOOT_SIGNATURE_TYPE)
+ set(MCUBOOT_SIGNATURE_TYPE "RSA-2048")
+ endif()
if (NOT ${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "OVERWRITE_ONLY" AND
NOT ${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "SWAP" AND
NOT ${MCUBOOT_UPGRADE_STRATEGY} STREQUAL "NO_SWAP" AND
@@ -286,3 +292,6 @@
##Set mbedTLS compiler flags for BL2 bootloader
set(MBEDTLS_C_FLAGS_BL2 "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"config-boot.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/bl2/ext/mcuboot/include")
+if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
+ string(APPEND MBEDTLS_C_FLAGS_BL2 " -DMCUBOOT_SIGN_RSA_LEN=3072")
+endif()
\ No newline at end of file