Zephyr : building with encryption enabled and serial recovery fails

[jimmyzumthurm]

With encryption enabled, at the moment project won't build if serial recovery is enabled and multi slot mode is used, as pointed here .

The problem is that enabling encryption sets the MCUBOOT_ENC_IMAGES token, and in boot_serial.c, only this flag is checked to include "single_loader.h" file and call boot_handle_enc_fw() after the image is copied into primary slot. I believe that the condition should be #if defined(MCUBOOT_ENC_IMAGES) && defined(MCUBOOT_SINGLE_APPLICATION_SLOT) instead of #ifdef MCUBOOT_ENC_IMAGES, because at the moment this is only supported for single slot mode. This would allow to use serial recovery using non-encrypted images, while still using encrypted images for the non-recovery firmware upgrade process.

This is the commit that introduced the issue : https://github.com/mcu-tools/mcuboot/pull/1255/commits/ca894c32bc3bab8803f8ce5603121887f80124c5

There was also CONFIG_BOOT_SERIAL_ENCRYPT_EC256 that was introduced to decouple the encryption from standard and serial recovery firmware upgrade. Maybe that could be expanded furthermore and if any CONFIG_BOOT_SERIAL_ENCRYPT_XXX is set, it sets MCUBOOT_ENC_SERIAL instead of MCUBOOT_ENC_IMAGES ? Not sure what the best way to do would be.

[github-actions[bot]]

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.

[jimmyzumthurm]

Has this been fixed yet ?

[nordicjm]

Can you retry this using latest main of zephyr?

[jimmyzumthurm]

I have retried with Zephy 3.5.0 and issue is now gone. Everything builds without any patching.