[nrf noup] Support for ed25519 signature verification using ITS#517
Conversation
de-nordic
left a comment
de-nordic
left a comment
There was a problem hiding this comment.
No.
Rename the kmu_key_ids to key_ids or whatever common name there can be made, and name the both lists the name, just choose one by selected secure storage.
Reduce all the changes, in the ifdef from, by moving all required compile time logic into one place, above all the usage cases.
Add common cpp identifiers for key count and secure storage usage.
ahasztag
force-pushed
the
dev/ed25519_ITS_support
branch
from
d01e51a to
c911069
Compare
Michał is on vacation so I will continue work on this PR. Changed as you've suggested. |
| validated_with = key_ids + i; | ||
| #endif | ||
| break; | ||
| return ret; |
There was a problem hiding this comment.
Just return 1 here, remove 'ret' and replace final return with 'return 0'.
| /* List of KMU stored key ids available for MCUboot */ | ||
| #define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id) | ||
| static psa_key_id_t kmu_key_ids[3] = { | ||
| static psa_key_id_t key_ids[3] = { |
There was a problem hiding this comment.
Since the line is already touched, remove the 3.
Thic commit introduces support for ed25519 signature verification when CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API). Signed-off-by: Michal Kozikowski <artur.hadasz@nordicsemi.no>
ahasztag
force-pushed
the
dev/ed25519_ITS_support
branch
from
c911069 to
491cfe8
Compare
|
4 participants
Thic PR introduces support for ed25519 signature verification when CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API).