Skip to content

Commit 6138f43

Browse files
de-nordicnordicjm
de-nordic
authored and
nordicjm
committed
Revert "sysbuild: Allow selecting SHA512 for HMAC/HKDF in MCUboot"
Removing Kconfig for HMAC-SHA512 as currently it can be replaced with logic in CMake files and Kconfigs, so exposing direct control over it is not needed; specifically that the HMAC-SHA512 is now only enabled on NRF54L series with ECIES-X25519 key exchange, other platforms are left with originally selected HMAC-SHA256. This reverts commit 293252a. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 91d93d0)
1 parent ae00850 commit 6138f43

File tree

2 files changed

+0
-16
lines changed

2 files changed

+0
-16
lines changed

sysbuild/CMakeLists.txt

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -267,18 +267,11 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake)
267267
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_MAC_DRIVER y)
268268
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_AGREEMENT_DRIVER y)
269269
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_DERIVATION_DRIVER y)
270-
271-
if(SB_CONFIG_NRF_MCUBOOT_HMAC_SHA512)
272-
set_config_bool(mcuboot CONFIG_BOOT_HMAC_SHA512 y)
273-
else()
274-
set_config_bool(mcuboot CONFIG_BOOT_HMAC_SHA512 n)
275-
endif()
276270
else()
277271
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_CIPHER_DRIVER n)
278272
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_MAC_DRIVER n)
279273
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_AGREEMENT_DRIVER n)
280274
set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_DERIVATION_DRIVER n)
281-
set_config_bool(mcuboot CONFIG_BOOT_HMAC_SHA512 n)
282275
endif()
283276

284277
if(SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU)

sysbuild/Kconfig.mcuboot

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -198,15 +198,6 @@ config MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE
198198
help
199199
If enabled, the build system will generate keyfile.json file in the build directory.
200200

201-
config NRF_MCUBOOT_HMAC_SHA512
202-
bool "Use SHA256 for HMAC"
203-
depends on BOOT_ENCRYPTION && SOC_SERIES_NRF54LX && BOOT_SIGNATURE_TYPE_ED25519
204-
help
205-
Default is to use SHA256 for HMAC/HKDF ECIES-X25519 key exchange is used.
206-
This means that both SHA256 and SHA512 support has to be compiled in.
207-
Enabling this option switches to SHA512 for HMAC/HKDF slightly reducing
208-
MCUboot code size.
209-
210201
endif
211202

212203
config MCUBOOT_USE_ALL_AVAILABLE_RAM

0 commit comments

Comments
 (0)