From 7c5ada14fb58b3b2ec5f26175f40369629eb5760 Mon Sep 17 00:00:00 2001 From: Mateusz Michalek Date: Mon, 3 Nov 2025 09:54:56 +0100 Subject: [PATCH 1/2] [nrf noup] boot: zephyr: BM key revocation nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code adds KMU key reocation to BM firmware loader. Signed-off-by: Mateusz Michalek --- boot/zephyr/firmware_loader_bm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/boot/zephyr/firmware_loader_bm.c b/boot/zephyr/firmware_loader_bm.c index 14d5c96bd..e8f43a9d1 100644 --- a/boot/zephyr/firmware_loader_bm.c +++ b/boot/zephyr/firmware_loader_bm.c @@ -15,6 +15,7 @@ #include "bootutil/bootutil_public.h" #include "bootutil/fault_injection_hardening.h" #include +#include "bootutil/key_revocation.h" #include "io/io.h" #include "mcuboot_config/mcuboot_config.h" @@ -249,6 +250,15 @@ boot_go(struct boot_rsp *rsp) } #endif +#if defined(CONFIG_BOOT_KEYS_REVOCATION) + if (softdevice_image_valid == true && firmware_loader_image_valid == true) { + allow_revoke(); + if (revoke() != BOOT_KEY_REVOKE_OK) { + return -1; + } + } +#endif /*CONFIG_BOOT_KEYS_REVOCATION*/ + if (app_installer_image_valid == true && app_installer_is_installer_image == true) { /* Installer image is present, this gets priority */ BOOT_LOG_DBG("Booting installer"); From c9150e00842d23a842da9dbaf4b5874bb5497288 Mon Sep 17 00:00:00 2001 From: Mateusz Michalek Date: Mon, 3 Nov 2025 09:55:26 +0100 Subject: [PATCH 2/2] [nrf noup] bootutil: ed25519_psa: multi verification revocation take into account multiple verification done in one boot. Make sure only unused keys are revoked. Signed-off-by: Mateusz Michalek --- boot/bootutil/src/ed25519_psa.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/boot/bootutil/src/ed25519_psa.c b/boot/bootutil/src/ed25519_psa.c index c7e3910b1..9a8f2e5bf 100644 --- a/boot/bootutil/src/ed25519_psa.c +++ b/boot/bootutil/src/ed25519_psa.c @@ -45,7 +45,8 @@ static psa_key_id_t key_ids[] = { #if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION) #include -static psa_key_id_t *validated_with = NULL; +#define VALIDATED_WITH_UNINITIALIZED INT32_MAX +static int32_t validated_with = VALIDATED_WITH_UNINITIALIZED; #endif BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(key_ids), @@ -142,7 +143,9 @@ int ED25519_verify(const uint8_t *message, size_t message_len, EDDSA_SIGNAGURE_LENGTH); if (status == PSA_SUCCESS) { #if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION) - validated_with = key_ids + i; + if(i < validated_with) { + validated_with = i; + } #endif return 1; } @@ -159,7 +162,7 @@ int exec_revoke(void) int ret = BOOT_KEY_REVOKE_OK; psa_status_t status = psa_crypto_init(); - if (!validated_with) { + if (validated_with == VALIDATED_WITH_UNINITIALIZED) { ret = BOOT_KEY_REVOKE_INVALID; goto out; } @@ -170,7 +173,7 @@ int exec_revoke(void) goto out; } for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; i++) { - if ((key_ids + i) == validated_with) { + if ( i == validated_with) { break; } BOOT_LOG_DBG("Invalidating key ID %d", i); @@ -179,7 +182,7 @@ int exec_revoke(void) if (status == PSA_SUCCESS) { BOOT_LOG_DBG("Success on key ID %d", i); } else { - BOOT_LOG_ERR("Key invalidation failed with: %d", status); + BOOT_LOG_DBG("Key invalidation failed with: %d", status); } } out: