Modify MCUboot to use PSA key_id_t for key type in AES encryption context #565
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 0b54665. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 09ce751. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1aaabde. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit a652982. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 9b60560. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 5af259f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 301ab33. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit c13c652. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit d8a2e45. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 285fd59. Signed-off-by: Jukka Rissanen <[email protected]>
… BM" This reverts commit ecc13ac. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit c859608. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1b1a37f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 3adc1f2. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 3b20ec3. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1b102ec. Signed-off-by: Jukka Rissanen <[email protected]>
…orm" This reverts commit e032eb1. Signed-off-by: Jukka Rissanen <[email protected]>
… 0x0" This reverts commit c03a815. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 0fadab1. Signed-off-by: Jukka Rissanen <[email protected]>
…cted to late" This reverts commit 4e46797. Signed-off-by: Jukka Rissanen <[email protected]>
…_LITE" This reverts commit 6c096b8. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 95d384a. Signed-off-by: Jukka Rissanen <[email protected]>
…ng of img status page" This reverts commit c72ed15. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit edc1c70. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit a184e32. Signed-off-by: Jukka Rissanen <[email protected]>
…is used" This reverts commit bc5eb3f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 37486f5. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 58175b6. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 30e7326. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 8b2d04c. Signed-off-by: Jukka Rissanen <[email protected]>
nrf-squash! [nrf noup] boot/zephyr: update nrf54l15dk ext flash configs This commit removes the partition definitions from nrf54L ext flash configs, as they are no longer needed, as the pure DTS configuration is no longer supported on nRF54L. They also caused issues, as they were not compatible with nRF54L10 and nRF54L05. It renames nrf54l15dk_nrf54l15_cpuapp_ext_flash.* overlays to nrf54l15dk_ext_flash.*, as now the same configuration can be used on nRF54L15, nRF54L10 and nRF54L05. Signed-off-by: Artur Hadasz <[email protected]>
Uses ruff with --fix to fix python files in this folder Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit f23154c251e07013d45c9f97c875404e83e7d2dc)
Uses ruff with --unsafe-fixes to fix python files in this folder This is a separate commit so it can be reverted if it causes problems Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 497688bafff2c3e183a016b68fc51f1bedf488c9)
This reverts commit dce784a. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit b192716c969ad358bb3a1db60c898212f3275c55)
nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code Update for NCS BM include folder structure. Signed-off-by: Eivind Jølsgard <[email protected]>
nrf-squash! [nrf noup] boot: zephyr: Disable self RWX This commit fixes a couple of issues regarding MCUBoot region protection for nRF54L. Also, support for region and protection is added for nRF54LM20 and nRF54LV10 platforms. Signed-off-by: Artur Hadasz <[email protected]>
The nrf54h20dk overlay is no longer required as the gpio pad groups have been removed. Signed-off-by: Bjarki Arge Andreasen <[email protected]> (cherry picked from commit 71b41e38e9f5d278178be17f6d42f2559f8e46aa)
fixup! [nrf noup] bootloader: Add bootloader requests Interpret pending bootloader requests while investigating the confirm flag. Signed-off-by: Tomasz Chyrowicz <[email protected]>
nrf-squash! [nrf noup] bootutil: Locking KMU keys KMU key locking is not available in case ITS is used. Old code cause compilation errors when build for signature using ITS. Signed-off-by: Artur Hadasz <[email protected]>
de-nordic
force-pushed
the
psa_use_key_id
branch
from
b05f9e3 to
f9e2dfd
Compare
nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code adds KMU key reocation to BM firmware loader. Signed-off-by: Mateusz Michalek <[email protected]>
take into account multiple verification done in one boot. Make sure only unused keys are revoked. Signed-off-by: Mateusz Michalek <[email protected]>
tomchy
approved these changes
Nov 7, 2025
tomchy
reviewed
Nov 7, 2025
| return mbedtls_aes_setkey_enc(ctx, k, BOOT_ENC_KEY_SIZE * 8); | ||
| } | ||
|
|
||
| static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c) |
Contributor
There was a problem hiding this comment.
Ideally, I'd prefer to have docstrings inside the interface header, but since this is a [fromtree] commit, I'm not going to require them at this stage.
de-nordic
force-pushed
the
psa_use_key_id
branch
from
f9e2dfd to
818e6fa
Compare
Add a new API to lock further updates of the HW-based security counter. This API may prevent the non-bootloader application from accidental invalidation of the bootable firmware. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit f9ad3ee202d53e27a3399976b5fcd0a84c572ba3)
de-nordic
force-pushed
the
psa_use_key_id
branch
from
818e6fa to
1b79117
Compare
The BOOT_DOWNGRADE_PREVENTION_CHOICE choice should not have a child Kconfig symbols defined inside it. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 496f74f318fb12b7e7437db4e8c5c8c429713728)
Add an implementation of HW rollback prevention, based on the IronSide secure counters service. Ref: NCSDK-36295 Signed-off-by: Tomasz Chyrowicz <[email protected]>
Split definitions to crypto backend specific headers. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 5a161e4cc1cd5329c073d996f0300d2661c6b768)
Store psa_key_id_t key in AES context instead of RAW key. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit e92551838e18b6219af0891a18a757e538bd3ff6)
de-nordic
force-pushed
the
psa_use_key_id
branch
from
1b79117 to
208edf4
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
26 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Two commits from upstream:
Replacement of raw key array in encryption context, with psa_key_id_t, has reduced MCUboot binary size by ~224 bytes, for non-KMU and non-log-dbg build; small amount of RAM is saved also.