Support for Embedded Plain AES keys #2516
Open
+301
−104
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
de-nordic
requested review from
d3zd3z,
davidvincze and
nordicjm
as code owners
de-nordic
force-pushed
the
aes-plain
branch
3 times, most recently
from
daae031 to
5b663a9
Compare
nvlsianpu
reviewed
Oct 28, 2025
nvlsianpu
reviewed
Oct 28, 2025
nvlsianpu
reviewed
Oct 28, 2025
nvlsianpu
added
crypto
nordicjm
requested changes
Oct 28, 2025
de-nordic
force-pushed
the
aes-plain
branch
10 times, most recently
from
882fb1f to
01a3b55
Compare
de-nordic
force-pushed
the
aes-plain
branch
4 times, most recently
from
9372d15 to
c716be1
Compare
The change adds --aes-key option that allows to pass a key via command line. The key is used to encrypt the image and there is not key exchange TLV added to the image. The options is provided for encrypting images for devices that store AES key on them so they do not expect it to be passed with image, in encrypted form. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commit provides support for MCUBOOT_EMBEDDED_ENC_KEY config option, that allows to compile code with embedded key. When this option is enabled, compilation requires definition of boot_take_enc_key function to be provided by user; prototype for the function is provided. The boot_take_enc_key function is supposed to provide encryption AES key to be used for image encryption and decryption. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit provides Kconfig options that allow to configure MCUboot to use embedded AES key. Primary option is CONFIG_BOOT_ENCRYPT_IMAGE_WITH_EMBEDDED_KEY that allows to select usage of embedded key in the code. After it follow sets of Kconfigs: - CONFIG_BOOT_ENCRYPT_IMAGE_GENERATE_BASIC_KEY_PROVIDER - CONFIG_BOOT_ENCRYPT_IMAGE_USE_CUSTOM_KEY_PROVIDER The above set allows to select source of the key. The first option will choose to generate default key provider, with a single embedded key, where the key is provided as a string assigned to CONFIG_BOOOT_ENCRYPT_IMAGE_EMBEDDED_RAW_KEY. The second option selects user provided code as source of key(s). Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Once TF-M stops using internal imgtool APIs this commit should be reverted. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Support in code for querying user provided function for an AES encryption key.
Extra Zephyr code and template that allows to use the new functionality.
Although I think this is ready for review I am still working, in different set of commits, on redefining encryption key type so that we could abstract that type across the MCUboot code; this means that this PR may change in how boot_take_enc_key function is defined.