Skip to content

Commit bc744e9

Browse files
d3zd3zd3zd3z
committed
Revert "boot: Add MCUBOOT_HW_KEY support for image encryption"
This reverts commit 0fa4627. This breaks: samples/synchronization/sample.kernel.synchronization on b_u585i_iot02a/stm32u585xx/ns error as this TF-M configuration uses its own keys. This change is an API change that needs to be coordinated with TF-M changes. Before this revert, compiling this test results in: .../encrypted.c:447: undefined reference to `boot_enc_retrieve_private_key` Signed-off-by: David Brown <[email protected]>
1 parent 657f988 commit bc744e9

File tree

8 files changed

+11
-86
lines changed

8 files changed

+11
-86
lines changed

boot/bootutil/include/bootutil/enc_key.h

Lines changed: 1 addition & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,6 @@
3232
#include <flash_map_backend/flash_map_backend.h>
3333
#include "bootutil/crypto/aes_ctr.h"
3434
#include "bootutil/image.h"
35-
#include "bootutil/sign_key.h"
3635
#include "bootutil/enc_key_public.h"
3736

3837
#ifdef __cplusplus
@@ -46,17 +45,7 @@ struct enc_key_data {
4645
bootutil_aes_ctr_context aes_ctr;
4746
};
4847

49-
/**
50-
* Retrieve the private key for image encryption.
51-
*
52-
* @param[out] private_key structure to store the private key and
53-
* its length.
54-
*
55-
* @return 0 on success; nonzero on failure.
56-
*
57-
*/
58-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key);
59-
48+
extern const struct bootutil_key bootutil_enc_key;
6049
struct boot_status;
6150

6251
int boot_enc_init(struct enc_key_data *enc_state, uint8_t slot);

boot/bootutil/src/encrypted.c

Lines changed: 10 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -67,13 +67,13 @@ static int bootutil_constant_time_compare(const uint8_t *a, const uint8_t *b, si
6767

6868
#if defined(MCUBOOT_ENCRYPT_KW)
6969
static int
70-
key_unwrap(const uint8_t *wrapped, uint8_t *enckey, struct bootutil_key *bootutil_enc_key)
70+
key_unwrap(const uint8_t *wrapped, uint8_t *enckey)
7171
{
7272
bootutil_aes_kw_context aes_kw;
7373
int rc;
7474

7575
bootutil_aes_kw_init(&aes_kw);
76-
rc = bootutil_aes_kw_set_unwrap_key(&aes_kw, bootutil_enc_key->key, *bootutil_enc_key->len);
76+
rc = bootutil_aes_kw_set_unwrap_key(&aes_kw, bootutil_enc_key.key, *bootutil_enc_key.len);
7777
if (rc != 0) {
7878
goto done;
7979
}
@@ -441,23 +441,13 @@ boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey)
441441
uint8_t counter[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
442442
uint16_t len;
443443
#endif
444-
struct bootutil_key *bootutil_enc_key = NULL;
445444
int rc = -1;
446445

447-
rc = boot_enc_retrieve_private_key(&bootutil_enc_key);
448-
if (rc) {
449-
return rc;
450-
}
451-
452-
if (bootutil_enc_key == NULL) {
453-
return rc;
454-
}
455-
456446
#if defined(MCUBOOT_ENCRYPT_RSA)
457447

458448
bootutil_rsa_init(&rsa);
459-
cp = (uint8_t *)bootutil_enc_key->key;
460-
cpend = cp + *bootutil_enc_key->len;
449+
cp = (uint8_t *)bootutil_enc_key.key;
450+
cpend = cp + *bootutil_enc_key.len;
461451

462452
/* The enckey is encrypted through RSA so for decryption we need the private key */
463453
rc = bootutil_rsa_parse_private_key(&rsa, &cp, cpend);
@@ -476,15 +466,15 @@ boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey)
476466

477467
#if defined(MCUBOOT_ENCRYPT_KW)
478468

479-
assert(*bootutil_enc_key->len == BOOT_ENC_KEY_SIZE);
480-
rc = key_unwrap(buf, enckey, bootutil_enc_key);
469+
assert(*bootutil_enc_key.len == BOOT_ENC_KEY_SIZE);
470+
rc = key_unwrap(buf, enckey);
481471

482472
#endif /* defined(MCUBOOT_ENCRYPT_KW) */
483473

484474
#if defined(MCUBOOT_ENCRYPT_EC256)
485475

486-
cp = (uint8_t *)bootutil_enc_key->key;
487-
cpend = cp + *bootutil_enc_key->len;
476+
cp = (uint8_t *)bootutil_enc_key.key;
477+
cpend = cp + *bootutil_enc_key.len;
488478

489479
/*
490480
* Load the stored EC256 decryption private key
@@ -510,8 +500,8 @@ boot_enc_decrypt(const uint8_t *buf, uint8_t *enckey)
510500

511501
#if defined(MCUBOOT_ENCRYPT_X25519)
512502

513-
cp = (uint8_t *)bootutil_enc_key->key;
514-
cpend = cp + *bootutil_enc_key->len;
503+
cp = (uint8_t *)bootutil_enc_key.key;
504+
cpend = cp + *bootutil_enc_key.len;
515505

516506
/*
517507
* Load the stored X25519 decryption private key

boot/cypress/MCUBootApp/keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -167,12 +167,3 @@ const struct bootutil_key bootutil_enc_key = {
167167
.key = enc_priv_key,
168168
.len = &enc_priv_key_len,
169169
};
170-
171-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
172-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
173-
{
174-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
175-
176-
return 0;
177-
}
178-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

boot/mbed/app_enc_keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -69,12 +69,3 @@ const struct bootutil_key bootutil_enc_key = {
6969
#endif
7070

7171
#endif
72-
73-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
74-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
75-
{
76-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
77-
78-
return 0;
79-
}
80-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

boot/zephyr/keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -86,12 +86,3 @@ const struct bootutil_key bootutil_enc_key = {
8686
#elif defined(MCUBOOT_ENCRYPT_KW)
8787
#error "Encrypted images with AES-KW is not implemented yet."
8888
#endif
89-
90-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
91-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
92-
{
93-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
94-
95-
return 0;
96-
}
97-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

ci/mynewt_keys/enc_kw/src/keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,3 @@ const struct bootutil_key bootutil_enc_key = {
2828
.key = enc_key,
2929
.len = &enc_key_len,
3030
};
31-
32-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
33-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
34-
{
35-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
36-
37-
return 0;
38-
}
39-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

ci/mynewt_keys/enc_rsa/src/keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -126,12 +126,3 @@ const struct bootutil_key bootutil_enc_key = {
126126
.key = enc_key,
127127
.len = &enc_key_len,
128128
};
129-
130-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
131-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
132-
{
133-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
134-
135-
return 0;
136-
}
137-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

sim/mcuboot-sys/csupport/keys.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -328,12 +328,3 @@ const struct bootutil_key bootutil_enc_key = {
328328
.len = &enc_key_len,
329329
};
330330
#endif
331-
332-
#if !defined(MCUBOOT_HW_KEY) && defined(MCUBOOT_ENC_IMAGES)
333-
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
334-
{
335-
*private_key = (struct bootutil_key *)&bootutil_enc_key;
336-
337-
return 0;
338-
}
339-
#endif /* !MCUBOOT_HW_KEY && MCUBOOT_ENC_IMAGES */

0 commit comments

Comments
 (0)