Skip to content

Commit

Permalink
applications: nrf_desktop: Use hardware crypto for nRF54L's MCUboot
Browse files Browse the repository at this point in the history 
Change switches to using pure ED25519 signature and hardware crypto.
MCUboot key is stored in KMU.

Jira: NCSDK-30472

Signed-off-by: Marek Pieta <[email protected]>
  • Loading branch information
@MarekPieta
MarekPieta committed Dec 4, 2024
1 parent 3655df0 commit 8d3ec9f
Show file tree
Hide file tree
Showing 10 changed files with 14 additions and 61 deletions.
27 changes: 1 addition & 26 deletions ...s/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/mcuboot_private.pem
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,3 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCi7guPvor+uIpE
XrWftc/csrYkozi6Sm7V7J9iXogTdNvD/745Vnz6p/z5UOQkWZDnPaQXxCtZeMM4
QHJ6eTLg8OoLfLSl7gx2NyAyIz4w4VnqkpT9wOVo5imJVJ19F6AEbnv9N07Uq8Ph
bUMJWWFYSaObFlkCrETdU/OpuO927OIbsZEFnC4OlMSmjoASNsrcCD6ELyGhCpjU
tRiDb6paDHJKnKzVMT7bGza9tRveTuQscs6D+Vn4jB1+ChhmAcuHsVm7Yzsz99yZ
vQdLfLo4U6KKSPG/uvNX/jcBLLyohDy2h24q/+PXUTAWQ+PyVGXwuun6/hbYW1JM
XYNGfUh7AgMBAAECggEAM9l9ZGlG4njnx4o8Um8RjzJwNIic7OvzCbEbp7pdo5N0
vJMOfkC/1STQpKbRc5/tNSmwpr+O7BI6ThR0WfVn8523XaB5/LQc0yIH5OzCRdvx
OW0cbQSN/SwB2+pJlB2IluByJMsNEzD2TS7wPnFrQSVuI1ShTvBzmdu1lzV7P2Tx
Hj/2ZG3FV5wRT4Hed3/tkBtIYBJNxHkW/BP31XX2ndq7/Apyo471Ef9RMRBQUhOP
7s+oYZJq95JUiMvlhGjg7Z7sShrvJ+VMMylBDUNK5fBCOBv70i21aXhz1Uf7i0l9
751yfa5BQA10WigMOqgxC/1bpHOs4EVU+1fYG4rLwQKBgQDTk0CZ6ddTCdwRgsc2
F1Bav+7c+AK+Sa+L58Mn7XOVjrL+cgenSHmcnEu/OTCq+xrOYV8ht1nf9uqfIg/p
wiVwTEcLj8cQS0t7cLtttGzk9UFPEynsnzdlgXoImx2iobgwIAaSShPAbZjFpwPc
7Ha1LwcfrSpa1s5Tm+NLTK5SRwKBgQDFI/jpTpWAtY6o+0g/KV363KdFIJ1XYE4+
DxTZlxeGwR7OZhp84jo6cHG/ZK7YW6TKcmjriD5NyxD+w0aAiGKf4+xkpRbmCbYM
/+SUgIV4pZ9u9LzGTapx9cTtIBiEugsTpP64yKiXgLbjhDXVsdpnjGacnr/7AAz6
wNEt0eeeLQKBgQCREyV25FtbeyVFdJE4y9+zemxFZGItLMWMf0zYMf/Ri1m9E1+g
GxgYhSuDYam3dBs7bJUYv2qHIf5bQ7X5qcCWMhd9HAd5asfFStWaMd+BV5KCsDdN
IxePKKsO/53giFeN2EfpQ5Yrmnro/M6vTA1Ry39s/wZN54Du37OJTHkzvQKBgEfZ
FWWKU2hmQwkJE8qZO/wqoPfLrCxlF/78JiArNdLR3XVhtvOey5Py2THk8ug9djCm
Q+DbdcGKabY/2xkLG86kFcqUdGUAUw4n0NnigUJ4MkQRBB/NvHnuFYhKc0UkPNc7
Ae68it00dvMygyBPwoaMn/Ui0lsbKJ/W2CW34489AoGAfBF0VLVLLCXq0P3vtuiX
s+Bzi3UowjVI4+yBZdHpcm0pjzgiQmqoGWj0F3T5Jv8+5KVqfot9nWX3ePzS9zlJ
XmagOt6W5I3JNtARdqEJusspCWbOOUkOJT9CLIWZsN5Zf9XPAWaJ7UrVOhhuktv2
33zKWryP8cRkCFzxjK08f/o=
MC4CAQAwBQYDK2VwBCIEIKLdbGhr2fWsJ8sHgZbPnO6RPGXoqq9ef064wxuB9L6h
-----END PRIVATE KEY-----
27 changes: 1 addition & 26 deletions ...top/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/mcuboot_private_fast_pair.pem
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,3 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDcfrLhn9i+3T7+
e30YQNSgfon86dSjVBFpShryxgRACr0P1QH9AznM04P1PQi+O37S2cfKZCXquHT0
WipCmyywCQAo2Y2cLb0WJXNizRbgl3mEzRz8K1RjNvRFCYRgdbEKmA2w5x1/4nxQ
8T+BjIQOvZeSCjf75imowzyCLgOr9mLHI9I6QVhriIAYc7og3WeFs5w+NoTACeqq
hTsL0Uqe6aqITw1jrshSXPFrARYZhyK35UpCiMbjYxf2VsBSD26Q0GYdP9aGcfxp
tK/lceyqlybHrThqEHDaKR6F+ByO8YV6JCkuq8JylFzKpmF4oyBmuXMn1NAHBSst
nVDK9ZsJAgMBAAECggEAA8s3yXdKP813fSIzjrBl4C2RMv10e8txYcAFSu5SiiYN
Jvm1pyxwKQiuJXDzhq9oIRlfbUlwGBPsqjwnbD42hIBhJPLKU5i7X0dNbxKjjUF5
9Smg0StvMCZUyV/Oq+i2fz3KxYOSf73uQOfHvZNE/epv8lKz8CT/jEBwuPYw+LtU
PP8koMV75R5l0XjpEt5Ko/xbDnxiBvBg2ZFQKpNFeLKLrN8wCPqo+uRW29p8dv7g
vn+ERz6JC5vNU2qKVuBplE4ZTc1zQVp5aa65/dZPmtXH3a3jMy8iTBLPvYZtoSVP
4HgNZI8dqrE5SMfbdWLsOYGTQgBXMhuEX2njP8/qgQKBgQD2vdOP9yqEwAt3hzWx
MMBuZIb6mqrUNuiZegSZsL4lvYhcfPNTpweTY8MWmDOblnIwemfhQijnERdlLLUY
2URnjR0wQ9WydhQg9rqh1rPkVAl2MxBlIHPBfwNzrKtDL+2DvY42y4IbbMn6A9gt
u2SalkRdc8pmX/hzGkUzbkriiQKBgQDkxMARsqzhqlf1Gdwl4JBp7UV7KmJldXxJ
9xzw9CH5qtyUlUA4RBYlgsa/vDhrrKKHDi5QZSGTOW2umEihY63kmVrQ2F0aJdNB
F7zNta30jb8qBSGpsnqbYy6QS6eRTVInwac0K9K8Q8PdOkXRm9d0xm20CVLCxZ8Z
M5ueLqDUgQKBgF7xmHDzSNcgFsl9q7ls6v8Pi6juzwEtx78W5qJFEkXvcoM0SWVN
Bms+nhkZo/Igp/vjfgl9rcOMHhZ+Z4kSQXIfKLYjxB0Rtpkgl5wiw8H+XE2xRIPF
QwWX3DosnRITZS+mRwzqrjvjVqzvwcWHMCUT4WacYauXDkEsQKiTrhkRAoGBAK7h
JP6ievxLjs+kRCGEaIFBS5Ma1HtA85FLYYlk5zAHiHXhHmWkztVAApUB2pOdNeVO
VuNIXAFCrnEAos0U+RK+lKkALTPW5IZnEgKjNuazEQabQ5+I+6cbi7Xsz50I4ZvY
suvz8DXRC8JrUIIqwurW4Xf2hJi2H6hRRk4G0RWBAoGBAOf7BEFMSH8QxPEiRmh4
VcHLb3Otm7goH2tvqgzYu2Pzh42SwaT9JmTZkLX5IZI+MfUSuBmfxSFLfF2yfJqQ
uYa7hpU4w0wAgOq26HTiY2Ge3y8FTiasl4xuJ2VDBqZbvL8Zk0MW2MDtUwVMlm0A
ISrmLsUtfP8DvhZ0hIUPt+xl
MC4CAQAwBQYDK2VwBCIEIO0APC5gA+HO8JhqUJ0AK+fgF4MbbXhrfPmXlqU+LPhD
-----END PRIVATE KEY-----
2 changes: 0 additions & 2 deletions applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ CONFIG_SIZE_OPTIMIZATIONS=y
CONFIG_HW_STACK_PROTECTION=y

CONFIG_MAIN_STACK_SIZE=10240
CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"

CONFIG_BOOT_MAX_IMG_SECTORS=256
CONFIG_BOOT_BOOTSTRAP=n

Expand Down
1 change: 0 additions & 1 deletion ...ns/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_fast_pair.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ CONFIG_SIZE_OPTIMIZATIONS=y
CONFIG_HW_STACK_PROTECTION=y

CONFIG_MAIN_STACK_SIZE=10240
CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"

CONFIG_BOOT_MAX_IMG_SECTORS=256
CONFIG_BOOT_BOOTSTRAP=n
Expand Down
1 change: 0 additions & 1 deletion ...ons/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_keyboard.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ CONFIG_SIZE_OPTIMIZATIONS=y
CONFIG_HW_STACK_PROTECTION=y

CONFIG_MAIN_STACK_SIZE=10240
CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"

CONFIG_BOOT_MAX_IMG_SECTORS=256
CONFIG_BOOT_BOOTSTRAP=n
Expand Down
1 change: 0 additions & 1 deletion ...ions/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_release.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ CONFIG_SIZE_OPTIMIZATIONS=y
CONFIG_HW_STACK_PROTECTION=y

CONFIG_MAIN_STACK_SIZE=10240
CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"

CONFIG_BOOT_MAX_IMG_SECTORS=256
CONFIG_BOOT_BOOTSTRAP=n
Expand Down
4 changes: 3 additions & 1 deletion applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/sysbuild.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,7 @@

SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE=y
SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU=y
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="\${APPLICATION_CONFIG_DIR}/images/mcuboot/mcuboot_private.pem"
4 changes: 3 additions & 1 deletion applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/sysbuild_fast_pair.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,7 @@
SB_CONFIG_BT_FAST_PAIR=y
SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE=y
SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU=y
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="\${APPLICATION_CONFIG_DIR}/images/mcuboot/mcuboot_private_fast_pair.pem"
4 changes: 3 additions & 1 deletion applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/sysbuild_keyboard.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,7 @@

SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE=y
SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU=y
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="\${APPLICATION_CONFIG_DIR}/images/mcuboot/mcuboot_private.pem"
4 changes: 3 additions & 1 deletion applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/sysbuild_release.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,7 @@

SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_PURE=y
SB_CONFIG_MCUBOOT_SIGNATURE_USING_KMU=y
SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="\${APPLICATION_CONFIG_DIR}/images/mcuboot/mcuboot_private.pem"

0 comments on commit 8d3ec9f

Please sign in to comment.