From 9135141ebbc9fdf25940a75e9bf8e84ed711f3b3 Mon Sep 17 00:00:00 2001
From: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Date: Tue, 10 Dec 2024 08:16:22 +0000
Subject: [PATCH] [nrf noup] boot: bootutil: image_validate: Add KMU support to
 compression

fixup! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key

This adds the additional code required so that the compression
feature can be used with keys that reside in the KMU

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
---
 boot/bootutil/src/image_validate.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index f71d1d9a6..64983b318 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -815,7 +815,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
         }
 
 #ifdef EXPECTED_SIG_TLV
-#ifdef EXPECTED_KEY_TLV
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && defined(EXPECTED_KEY_TLV)
         rc = bootutil_tlv_iter_begin(&it, hdr, fap, EXPECTED_KEY_TLV, false);
         if (rc) {
             goto out;
@@ -861,7 +861,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
                  */
             }
         }
-#endif /* EXPECTED_KEY_TLV */
+#endif /* !CONFIG_BOOT_SIGNATURE_USING_KMU && EXPECTED_KEY_TLV */
 
         rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_DECOMP_SIGNATURE, true);
         if (rc) {
@@ -884,10 +884,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
 
             if (type == IMAGE_TLV_DECOMP_SIGNATURE) {
                 /* Ignore this signature if it is out of bounds. */
+#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
                 if (key_id < 0 || key_id >= bootutil_key_cnt) {
                     key_id = -1;
                     continue;
                 }
+#endif
 
                 if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) {
                     rc = -1;