mcuboot icon indicating copy to clipboard operation
mcuboot copied to clipboard
verified publisher icon mcu-tools

boot: zephyr: User defined encryption key

Open bn-norbit opened this issue 4 years ago • 10 comments

Currently the image encryption keys are hard coded. This pull request provides configuration options so a custom encryption key file can be provided, similar to how custom signature key files are solved.

RSA encryption has been built and tested using Zephyr 2.4 and nRF52840.

Other pull requests have also provided solutions for replacing the hard coded encryption key:

  • https://github.com/mcu-tools/mcuboot/pull/596
  • https://github.com/mcu-tools/mcuboot/pull/989

These pull requests have not yet been accepted.

bn-norbit avatar Aug 04 '21 08:08 bn-norbit

@str4t0m The Sim and Mynewt workflows failed due to commit signature error. I have force-pushed a fix. Can you approve the workflows one more time?

bn-norbit avatar Aug 30 '21 12:08 bn-norbit

@str4t0m Added tests for encryption. Think this is ready for re-review. BTW: the "Re-request review" button doesn't work for me.

bn-norbit avatar Sep 22 '21 20:09 bn-norbit

@str4t0m Can you run workflows again? Sorry for messing up...

bn-norbit avatar Oct 01 '21 14:10 bn-norbit

Restarting, as the FIH certificate issue should now be fixed.

d3zd3z avatar Oct 07 '21 21:10 d3zd3z

It might be necessary to rebase and push to this again to fix the FIH issues.

d3zd3z avatar Oct 19 '21 20:10 d3zd3z

@d3zd3z Rebased

bn-norbit avatar Oct 20 '21 08:10 bn-norbit

I am interested in this. I have raised an issue with similar concerns here: https://github.com/mcu-tools/mcuboot/issues/1268 The question on a practical way to have unique per-device private keys remains. (E.g. something similar to what BOOT_HW_KEY does for signing keys)

maximevince avatar Jan 07 '22 09:01 maximevince

@gon1332 and @wcappelle, do you mind looking over this PR and the two mentioned in the subject of this commit, and chiming in on what you think is the best way for us to proceed. I suspect merging any of these will create conflicts with the other commits.

d3zd3z avatar Jan 11 '22 17:01 d3zd3z

@d3zd3z , As mentioned in my PR, I can rework mine when this gets merged in. Similar approach has been taken in this PR, so it would not be that hard to rework for me. I prefer this PR work over mine since it's more extensive than my work in that area. Note that #989 has been split into #1255 wrt keys & encrypted images.

wcappelle avatar Jan 12 '22 08:01 wcappelle

And we seem to have still ended up with conflicts, sorry. I hope this isn't too difficult to resolve.

d3zd3z avatar Feb 28 '22 23:02 d3zd3z

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.

github-actions[bot] avatar Aug 28 '22 03:08 github-actions[bot]