Skip to content

[nrf noup] sysbuild: Support for ED25519 with SHA512 and PureEdDSA #2229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[nrf noup] sysbuild: Support for ED25519 with SHA512 and PureEdDSA #2229

wants to merge 1 commit into from

Conversation

@de-nordic
Copy link
Contributor

The commit adds imgtool parameters that allow to sign image with SHA512, for ED25519, or use PureEdDSA variant, where signature is calculated over entire image rather than SHA of that image.

@NordicBuilder NordicBuilder mentioned this pull request Nov 5, 2024
Closed
@NordicBuilder NordicBuilder mentioned this pull request Nov 5, 2024
Merged
nordicjm
nordicjm requested changes Nov 6, 2024
View reviewed changes
share/sysbuild/image_configurations/MAIN_image_default.cmake Outdated
Comment on lines 41 to 51
set(imgtool_extra_args "${CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS}")
if(SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
if(SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE)
string(APPEND imgtool_extra_args " --pure")
else()
string(APPEND imgtool_extra_args " --sha 512")
endif()
endif()

Copy link
Contributor

@nordicjm nordicjm Nov 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should not be in sdk-zephyr at all, move it to sdk-nrf, as part of sysbuild, and set Kconfigs in the image which then enable these options, do not use the extra args - that field is for users to change as they want

@de-nordic
[nrf noup] sysbuild: Support for ED25519 including PureEdDSA
74c69c4 
Commit adds sysbuild support for setting ED25519 signature type
for application image and Pure modifier, to the signature, that
allows to indicate that signature will be calculated over an entire
image, rather than hash of the image.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic de-nordic force-pushed the mcuboot-sb-psa-conf branch from 9288a34 to 74c69c4 Compare November 6, 2024 11:02
@de-nordic de-nordic requested a review from nordicjm November 6, 2024 11:02
@de-nordic de-nordic closed this Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

@nordicjm nordicjm Awaiting requested review from nordicjm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@de-nordic @nordicjm