1eaa14090c
With TF-M updated to 2.1.0 it now makes the signature type default
to EC-P256 for the mps2/an521/cpu0/ns board.
So far Zephyr had only supported and assumed that it was RSA-3072.
This brings support for other signature types, and changes the global
default to EC-P256.
The switch from RSA-3072 to EC-P256 reduces the flash usage by ~3.3KB
while having a negligible impact on RAM usage (increase of ~70 bytes)
when compiling the tfm_psa_test sample on mps2/an521/cpu0/ns and
nrf9160dk/nrf9160/ns without explicit optimizations.
The TFM_KEY_FILE_{S,NS} Kconfig options are moved inside an
`if TFM_BL2` as they are only used if MCUboot is included in TF-M.
The TF-M CMake variables MCUBOOT_KEY_{S,NS} are now set so that it's
possible to use signing keys located elsewhere than the default
location.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
|
||
|---|---|---|
| .. | ||
| interface | ||
| nordic | ||
| psa | ||
| src | ||
| CMakeLists.txt | ||
| Kconfig | ||
| Kconfig.tfm | ||
| Kconfig.tfm.crypto_modules | ||
| Kconfig.tfm.partitions | ||