From 52555e4f34ec23e77a3ee5b6cf722f1f55d85a70 Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 28 Mar 2022 15:31:33 +0200 Subject: [PATCH 1/2] Rename default keys and add public key pem file --- ...a-p256-encrypt-key.pem => ecdsa-p256-encrypt-priv-key.pem} | 0 libraries/MCUboot/default_keys/ecdsa-p256-encrypt-pub-key.pem | 4 ++++ ...a-p256-signing-key.pem => ecdsa-p256-signing-priv-key.pem} | 0 libraries/MCUboot/default_keys/ecdsa-p256-signing-pub-key.pem | 4 ++++ 4 files changed, 8 insertions(+) rename libraries/MCUboot/default_keys/{ecdsa-p256-encrypt-key.pem => ecdsa-p256-encrypt-priv-key.pem} (100%) create mode 100644 libraries/MCUboot/default_keys/ecdsa-p256-encrypt-pub-key.pem rename libraries/MCUboot/default_keys/{ecdsa-p256-signing-key.pem => ecdsa-p256-signing-priv-key.pem} (100%) create mode 100644 libraries/MCUboot/default_keys/ecdsa-p256-signing-pub-key.pem diff --git a/libraries/MCUboot/default_keys/ecdsa-p256-encrypt-key.pem b/libraries/MCUboot/default_keys/ecdsa-p256-encrypt-priv-key.pem similarity index 100% rename from libraries/MCUboot/default_keys/ecdsa-p256-encrypt-key.pem rename to libraries/MCUboot/default_keys/ecdsa-p256-encrypt-priv-key.pem diff --git a/libraries/MCUboot/default_keys/ecdsa-p256-encrypt-pub-key.pem b/libraries/MCUboot/default_keys/ecdsa-p256-encrypt-pub-key.pem new file mode 100644 index 000000000..b23dadbcc --- /dev/null +++ b/libraries/MCUboot/default_keys/ecdsa-p256-encrypt-pub-key.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaskgTJbWiejRblEEAobolQsixMmV +Bk/1G/bQ44PZ0YFmbvIHOwPb5NHefENwjaKJ6xv6vgJeXKAS3CMxweA3sA== +-----END PUBLIC KEY----- diff --git a/libraries/MCUboot/default_keys/ecdsa-p256-signing-key.pem b/libraries/MCUboot/default_keys/ecdsa-p256-signing-priv-key.pem similarity index 100% rename from libraries/MCUboot/default_keys/ecdsa-p256-signing-key.pem rename to libraries/MCUboot/default_keys/ecdsa-p256-signing-priv-key.pem diff --git a/libraries/MCUboot/default_keys/ecdsa-p256-signing-pub-key.pem b/libraries/MCUboot/default_keys/ecdsa-p256-signing-pub-key.pem new file mode 100644 index 000000000..4337f3bb5 --- /dev/null +++ b/libraries/MCUboot/default_keys/ecdsa-p256-signing-pub-key.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1RY1JsM7rU1njkMkxJjpay6+DaPx +9JeAezEyB9mVpxdXaUN76ciq0AoMhgvjf5mIUcT5Ipi+Xqr9kDyidBhJBQ== +-----END PUBLIC KEY----- From 8940680c65e2b4cd2e943e332d07753caf9f7209 Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 28 Mar 2022 15:32:51 +0200 Subject: [PATCH 2/2] Make more clear that we are using private key for signing and public key for encryption --- boards.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boards.txt b/boards.txt index 4ec896b00..c7d3eb3d5 100644 --- a/boards.txt +++ b/boards.txt @@ -82,8 +82,8 @@ envie_m7.build.alignment=32 envie_m7.build.version=1.2.3+4 envie_m7.menu.security.sien.build.postbuild.cmd="{tools.imgtool.path}/{tools.imgtool.cmd}" {tools.imgtool.flags} envie_m7.menu.security.sien.build.keys.keychain={runtime.platform.path}/libraries/MCUboot/default_keys -envie_m7.menu.security.sien.build.keys.sign_key=ecdsa-p256-signing-key.pem -envie_m7.menu.security.sien.build.keys.encrypt_key=ecdsa-p256-encrypt-key.pem +envie_m7.menu.security.sien.build.keys.sign_key=ecdsa-p256-signing-priv-key.pem +envie_m7.menu.security.sien.build.keys.encrypt_key=ecdsa-p256-encrypt-pub-key.pem envie_m7.menu.security.none.build.postbuild.cmd="{tools.imgtool.path}/{tools.imgtool.cmd}" exit envie_m7.compiler.mbed.arch.define= envie_m7.compiler.mbed.defines={build.variant.path}/defines.txt