Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nrf noup] boot: bootutil: Allow configuring number of KMU keys #383

Merged
merged 1 commit into from
Dec 4, 2024
Merged

[nrf noup] boot: bootutil: Allow configuring number of KMU keys #383

merged 1 commit into from
Dec 4, 2024

Conversation

nordicjm
Copy link
Contributor

@nordicjm nordicjm commented Dec 2, 2024

Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before

@NordicBuilder NordicBuilder mentioned this pull request Dec 2, 2024
Merged
nvlsianpu
nvlsianpu reviewed Dec 2, 2024
View reviewed changes
boot/bootutil/src/ed25519_psa.c
@@ -30,7 +30,6 @@ static psa_key_id_t kmu_key_ids[3] = {
MAKE_PSA_KMU_KEY_ID(228),
MAKE_PSA_KMU_KEY_ID(230)
};
#define KMU_KEY_COUNT (sizeof(kmu_key_ids)/sizeof(kmu_key_ids[0]))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have assertion on limit CONFIG_BOOT_SIGNATURE_KMU_SLOTS value to KMU_KEY_COUNT as max?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The limit is enforced by Kconfig

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added a build assert

@nvlsianpu nvlsianpu added this to the ncs-2.9.0 milestone Dec 2, 2024
nvlsianpu
nvlsianpu previously requested changes Dec 3, 2024
View reviewed changes
boot/bootutil/src/ed25519_psa.c Outdated
@@ -30,7 +31,9 @@ static psa_key_id_t kmu_key_ids[3] = {
MAKE_PSA_KMU_KEY_ID(228),
MAKE_PSA_KMU_KEY_ID(230)
};
#define KMU_KEY_COUNT (sizeof(kmu_key_ids)/sizeof(kmu_key_ids[0]))

BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS < ARRAY_SIZE(kmu_key_ids),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(kmu_key_ids),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@nordicjm
[nrf noup] boot: bootutil: Allow configuring number of KMU keys
2af4fb8 
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows
specifying how many KMU key IDs are supported, the default is set
to 1 instead of 3 which was set before

NCSDK-30743

Signed-off-by: Jamie McCrae <[email protected]>
@nordicjm nordicjm requested a review from nvlsianpu December 4, 2024 10:31
@de-nordic de-nordic dismissed nvlsianpu’s stale review December 4, 2024 11:07

Issue addressed.

@nordicjm nordicjm merged commit ed0fc24 into nrfconnect:main Dec 4, 2024
2 checks passed
@NordicBuilder NordicBuilder mentioned this pull request Dec 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michalek-no michalek-no michalek-no approved these changes

@gchwier gchwier gchwier approved these changes

@de-nordic de-nordic de-nordic approved these changes

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

Assignees
No one assigned
Labels
backport v2.1.0-ncs2-branch backport v2.1.0-ncs3-branch
Projects
None yet
Milestone
ncs-2.9.0
Development

Successfully merging this pull request may close these issues.
5 participants
@nordicjm @nvlsianpu @de-nordic @gchwier @michalek-no