mcuboot
mcuboot copied to clipboard
mcu-tools
Feature request: option to export "raw" uncompressed ECDSA keys
Since this commit, the Trusted-Firmware M project requires the embedded public keys to be in a "raw" (not RFC5840) form.
As far as I can tell, there is currently no way to export a key in this form from imgtool.
It can be hacked into getpub by adding the following (P-384 needs 48 byte integers instead of 32):
numbers = key._get_public().public_numbers()
raw_key = b'\x04' + numbers.x.to_bytes(32, 'big') + numbers.y.to_bytes(32, 'big')
print(','.join([f'0x{b:02x}' for b in raw_key]))
I've spent some time on trying to add this feature simply, but I'm not sure on the best approach given this is probably quite ECDSA specific.
@JordanYates As far as I understand that could be also used with https://github.com/mcu-tools/mcuboot/pull/2089? to further reduce code size?
@JordanYates As far as I understand that could be also used with #2089? to further reduce code size?
I have no comment on that, this is purely on the imgtool side (although TF-M probably made the change for the same reason).
It is not currently possible to get the key in a form usable for TF-M with imgtool, which is unfortunate since mcuboot is the primary bootloader.
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.