Skip to content

Commit 72552b5

Browse files
committed
[nrf noup] scripts: imgtool: pretended encryption flag
allows to set encryption flags and TLV's without applying encryption. Signed-off-by: Mateusz Michalek <[email protected]>
1 parent 3a25855 commit 72552b5

File tree

2 files changed

+11
-7
lines changed

2 files changed

+11
-7
lines changed

scripts/imgtool/image.py

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -259,7 +259,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
259259
overwrite_only=False, endian="little", load_addr=0,
260260
rom_fixed=None, erased_val=None, save_enctlv=False,
261261
security_counter=None, max_align=None,
262-
non_bootable=False):
262+
non_bootable=False, skip_encryption=False):
263263

264264
if load_addr and rom_fixed:
265265
raise click.UsageError("Can not set rom_fixed and load_addr at the same time")
@@ -288,6 +288,7 @@ def __init__(self, version=None, header_size=IMAGE_HEADER_SIZE,
288288
self.enctlv_len = 0
289289
self.max_align = max(DEFAULT_MAX_ALIGN, align) if max_align is None else int(max_align)
290290
self.non_bootable = non_bootable
291+
self.skip_encryption = skip_encryption
291292

292293
if self.max_align == DEFAULT_MAX_ALIGN:
293294
self.boot_magic = bytes([
@@ -685,10 +686,11 @@ def create(self, key, public_key_format, enckey, dependencies=None,
685686
nonce = bytes([0] * 16)
686687
cipher = Cipher(algorithms.AES(plainkey), modes.CTR(nonce),
687688
backend=default_backend())
688-
encryptor = cipher.encryptor()
689-
img = bytes(self.payload[self.header_size:])
690-
self.payload[self.header_size:] = \
691-
encryptor.update(img) + encryptor.finalize()
689+
if not self.skip_encryption:
690+
encryptor = cipher.encryptor()
691+
img = bytes(self.payload[self.header_size:])
692+
self.payload[self.header_size:] = \
693+
encryptor.update(img) + encryptor.finalize()
692694

693695
self.payload += prot_tlv.get()
694696
self.payload += tlv.get()

scripts/imgtool/main.py

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -370,6 +370,8 @@ def convert(self, value, param, ctx):
370370
help='Enable image compression using specified type. '
371371
'Will fall back without image compression automatically '
372372
'if the compression increases the image size.')
373+
@click.option('--skip-encryption', default=False, is_flag=True,
374+
help='Set encryption flags and TLV\'s without applying encryption.')
373375
@click.option('-c', '--clear', required=False, is_flag=True, default=False,
374376
help='Output a non-encrypted image with encryption capabilities,'
375377
'so it can be installed in the primary slot, and encrypted '
@@ -449,7 +451,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
449451
dependencies, load_addr, hex_addr, erased_val, save_enctlv,
450452
security_counter, boot_record, custom_tlv, rom_fixed, max_align,
451453
clear, fix_sig, fix_sig_pubkey, sig_out, user_sha, is_pure,
452-
vector_to_sign, non_bootable):
454+
vector_to_sign, non_bootable, skip_encryption):
453455

454456
if confirm:
455457
# Confirmed but non-padded images don't make much sense, because
@@ -462,7 +464,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
462464
endian=endian, load_addr=load_addr, rom_fixed=rom_fixed,
463465
erased_val=erased_val, save_enctlv=save_enctlv,
464466
security_counter=security_counter, max_align=max_align,
465-
non_bootable=non_bootable)
467+
non_bootable=non_bootable, skip_encryption=skip_encryption)
466468
compression_tlvs = {}
467469
img.load(infile)
468470
key = load_key(key) if key else None

0 commit comments

Comments
 (0)