Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASN.1 Decoding bypass that allows to reduce size of flash when ED25519 is used #347

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

ASN.1 Decoding bypass that allows to reduce size of flash when ED25519 is used #347

wants to merge 3 commits into from

Conversation

de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Oct 8, 2024
edited
Loading

The PR adds options that allow to remove run-time ASN.1 decoding of ED25519 public key embedded in MCUboot build, which in turn reduces flash size used by MCUboot.

When building nrf52840dk Hello world:

west build  -b nrf52840dk/nrf52840 -d builds/sb_hello52 zephyr/samples/hello_world/ -- -DSB_CONFIG_BOOTLOADER_MUBOOT=y -DSB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y

We get 41898 bytes of flash for MCUboot without bypass and 41386 when -Dmcuboot_CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN=y is added to command line.

@NordicBuilder NordicBuilder mentioned this pull request Oct 8, 2024
Closed
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from efe3c3f to f5ed228 Compare October 9, 2024 12:07
@de-nordic de-nordic requested a review from nvlsianpu October 9, 2024 12:30
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch 2 times, most recently from 82bd418 to 8c99a50 Compare October 9, 2024 12:39
@de-nordic de-nordic added this to the ncs-2.8.0 milestone Oct 10, 2024
@nvlsianpu
Copy link
Contributor

@de-nordic Needs rebase

@de-nordic
[nrf fromlist] bootutil: Allow bypassing ASN.1 encoding for ED25519 k…
a57c54d 
…ey import

The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option
that allows bypassing ASN.1 decoding of ED25519 public key, compiled
into MCUboot.
When the option is enabled the key will be accessed directly
and ASN.1 processing is not compiled in, resulting in smaller
footprint of MCUboot, at a cost of reduced detection of invalid
key, i.e. public key designated for different method than
compiled in.

Upstream PR: mcu-tools/mcuboot#2089

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
[nrf fromlist] zephyr: Add Kconfig option CONFIG_BOOT_KEY_IMPORT_BYPA…
22db4fd 
…SS_ASN

The option enables MCUboot configuration option
MCUBOOT_KEY_IMPORT_BYPASS_ASN.

Upstream PR: mcu-tools/mcuboot#2089

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
[nrf noup] Add ASN.1 bypass to bootutil_verify_img
b828c36 
Allow ASN.1 bypass for image verification.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from 8c99a50 to b828c36 Compare February 5, 2025 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nvlsianpu nvlsianpu nvlsianpu approved these changes

@nordicjm nordicjm nordicjm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
ncs-2.8.0
Development

Successfully merging this pull request may close these issues.
3 participants
@de-nordic @nvlsianpu @nordicjm