Skip to content

[DRAFT] Separate ED25519 KMU code to another unit #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

[DRAFT] Separate ED25519 KMU code to another unit #472

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
de93d60
[nrf noup] bootutil: Separate KMU implementation from ED25519
de-nordic Jul 16, 2025
e726c8b
[nrf noup] zephyr: ED25519 KMU has now separate unit for compilation
de-nordic Jul 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions boot/bootutil/pkg.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ pkg.ign_files.BOOTUTIL_SINGLE_APPLICATION_SLOT:
pkg.ign_files:
- "ram_load.c"
- "ed25519_psa.c" # Currently no PSA for mynewet
- "ed25519_psa_kmu.c"
- "encrypted_psa.c"

pkg.deps.BOOTUTIL_USE_MBED_TLS:
Expand Down
142 changes: 0 additions & 142 deletions boot/bootutil/src/ed25519_psa.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,57 +13,13 @@
#include <psa/crypto.h>
#include <psa/crypto_types.h>
#include <zephyr/sys/util.h>
#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
#include <cracen_psa_kmu.h>
#endif

BOOT_LOG_MODULE_REGISTER(ed25519_psa);

#define SHA512_DIGEST_LENGTH 64
#define EDDSA_KEY_LENGTH 32
#define EDDSA_SIGNAGURE_LENGTH 64

#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
/* List of KMU stored key ids available for MCUboot */
#define PSA_KEY_INDEX_SIZE 2

#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 || \
defined(CONFIG_NCS_BOOT_SIGNATURE_KMU_UROT_MAPPING)
#define PSA_KEY_STARTING_ID 226
#else
#define PSA_KEY_STARTING_ID 242
#endif

#define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id)
static psa_key_id_t key_ids[] = {
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID),
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID + PSA_KEY_INDEX_SIZE),
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID + (2 * PSA_KEY_INDEX_SIZE))
};

#define KEY_SLOTS_COUNT CONFIG_BOOT_SIGNATURE_KMU_SLOTS

#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
#include <bootutil/key_revocation.h>
static psa_key_id_t *validated_with = NULL;
#endif

BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(key_ids),
"Invalid number of KMU slots, up to 3 are supported on nRF54L15");
#endif

#if defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
static const psa_key_id_t key_ids[] = {
0x40022100,
0x40022101,
0x40022102,
0x40022103
};

#define KEY_SLOTS_COUNT ARRAY_SIZE(key_ids)
#endif

#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && !defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
const uint8_t public_key[EDDSA_KEY_LENGTH])
Expand Down Expand Up @@ -116,101 +72,3 @@ int ED25519_verify(const uint8_t *message, size_t message_len,

return ret;
}
#else
int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
const uint8_t public_key[EDDSA_KEY_LENGTH])
{
ARG_UNUSED(public_key);
/* Set to any error */
psa_status_t status = PSA_ERROR_BAD_STATE;

/* Initialize PSA Crypto */
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d", status);
return 0;
}

status = PSA_ERROR_BAD_STATE;

for (int i = 0; i < KEY_SLOTS_COUNT; ++i) {
psa_key_id_t kid = key_ids[i];

status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message,
message_len, signature,
EDDSA_SIGNAGURE_LENGTH);
if (status == PSA_SUCCESS) {
#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
validated_with = key_ids + i;
#endif
return 1;
}

}

BOOT_LOG_ERR("ED25519 signature verification failed %d", status);

return 0;
}
#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
int exec_revoke(void)
{
int ret = BOOT_KEY_REVOKE_OK;
psa_status_t status = psa_crypto_init();

if (!validated_with) {
ret = BOOT_KEY_REVOKE_INVALID;
goto out;
}

if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed with error %d", status);
ret = BOOT_KEY_REVOKE_FAILED;
goto out;
}
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; i++) {
if ((key_ids + i) == validated_with) {
break;
}
BOOT_LOG_DBG("Invalidating key ID %d", i);

status = psa_destroy_key(key_ids[i]);
if (status == PSA_SUCCESS) {
BOOT_LOG_DBG("Success on key ID %d", i);
} else {
BOOT_LOG_ERR("Key invalidation failed with: %d", status);
}
}
out:
return ret;
}
#endif /* CONFIG_BOOT_KMU_KEYS_REVOCATION */

void nrf_crypto_keys_housekeeping(void)
{
psa_status_t status;

/* We will continue through all keys, even if we have error while
* processing any of it. Only doing BOOT_LOG_DBG, as we do not
* really want to inform on failures to lock.
*/
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; ++i) {
psa_key_attributes_t attr;

status = psa_get_key_attributes(key_ids[i], &attr);
BOOT_LOG_DBG("KMU key 0x%x(%d) attr query status == %d",
key_ids[i], i, status);

if (status == PSA_SUCCESS) {
status = cracen_kmu_block(&attr);
BOOT_LOG_DBG("KMU key lock status == %d", status);
}

status = psa_purge_key(key_ids[i]);
BOOT_LOG_DBG("KMU key 0x%x(%d) purge status == %d",
key_ids[i], i, status);
}
}

#endif
157 changes: 157 additions & 0 deletions boot/bootutil/src/ed25519_psa_kmu.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
/*
* Copyright (c) 2025 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <assert.h>
#include <string.h>
#include <stdint.h>

#include <mcuboot_config/mcuboot_config.h>
#include "bootutil/bootutil_log.h"

#include <psa/crypto.h>
#include <psa/crypto_types.h>
#include <zephyr/sys/util.h>

BOOT_LOG_MODULE_REGISTER(ed25519_psa);

#define EDDSA_KEY_LENGTH 32
#define EDDSA_SIGNAGURE_LENGTH 64

#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
/* List of KMU stored key ids available for MCUboot */
#define PSA_KEY_INDEX_SIZE 2

#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 || \
defined(CONFIG_NCS_BOOT_SIGNATURE_KMU_UROT_MAPPING)
#define PSA_KEY_STARTING_ID 226
#else
#define PSA_KEY_STARTING_ID 242
#endif

#define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id)
static psa_key_id_t key_ids[] = {
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID),
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID + PSA_KEY_INDEX_SIZE),
MAKE_PSA_KMU_KEY_ID(PSA_KEY_STARTING_ID + (2 * PSA_KEY_INDEX_SIZE))
};

#define KEY_SLOTS_COUNT CONFIG_BOOT_SIGNATURE_KMU_SLOTS

#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
#include <bootutil/key_revocation.h>
static psa_key_id_t *validated_with = NULL;
#endif

BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(key_ids),
"Invalid number of KMU slots, up to 3 are supported on nRF54L15");
#endif

#if defined(CONFIG_NCS_BOOT_SIGNATURE_USING_ITS)
static const psa_key_id_t key_ids[] = {
0x40022100,
0x40022101,
0x40022102,
0x40022103
};

#define KEY_SLOTS_COUNT ARRAY_SIZE(key_ids)
#endif

int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
const uint8_t public_key[EDDSA_KEY_LENGTH])
{
ARG_UNUSED(public_key);
/* Set to any error */
psa_status_t status = PSA_ERROR_BAD_STATE;

/* Initialize PSA Crypto */
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d", status);
return 0;
}

status = PSA_ERROR_BAD_STATE;

for (int i = 0; i < KEY_SLOTS_COUNT; ++i) {
psa_key_id_t kid = key_ids[i];

status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message,
message_len, signature,
EDDSA_SIGNAGURE_LENGTH);
if (status == PSA_SUCCESS) {
#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
validated_with = key_ids + i;
#endif
return 1;
}

}

BOOT_LOG_ERR("ED25519 signature verification failed %d", status);

return 0;
}

#if defined(CONFIG_BOOT_KMU_KEYS_REVOCATION)
int exec_revoke(void)
{
int ret = BOOT_KEY_REVOKE_OK;
psa_status_t status = psa_crypto_init();

if (!validated_with) {
ret = BOOT_KEY_REVOKE_INVALID;
goto out;
}

if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed with error %d", status);
ret = BOOT_KEY_REVOKE_FAILED;
goto out;
}
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; i++) {
if ((key_ids + i) == validated_with) {
break;
}
BOOT_LOG_DBG("Invalidating key ID %d", i);

status = psa_destroy_key(key_ids[i]);
if (status == PSA_SUCCESS) {
BOOT_LOG_DBG("Success on key ID %d", i);
} else {
BOOT_LOG_ERR("Key invalidation failed with: %d", status);
}
}
out:
return ret;
}
#endif /* CONFIG_BOOT_KMU_KEYS_REVOCATION */

void nrf_crypto_keys_housekeeping(void)
{
psa_status_t status;

/* We will continue through all keys, even if we have error while
* processing any of it. Only doing BOOT_LOG_DBG, as we do not
* really want to inform on failures to lock.
*/
for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; ++i) {
psa_key_attributes_t attr;

status = psa_get_key_attributes(key_ids[i], &attr);
BOOT_LOG_DBG("KMU key 0x%x(%d) attr query status == %d",
key_ids[i], i, status);

if (status == PSA_SUCCESS) {
status = cracen_kmu_block(&attr);
BOOT_LOG_DBG("KMU key lock status == %d", status);
}

status = psa_purge_key(key_ids[i]);
BOOT_LOG_DBG("KMU key 0x%x(%d) purge status == %d",
key_ids[i], i, status);
}
}
5 changes: 5 additions & 0 deletions boot/zephyr/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,9 +316,14 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519)
)
endif()

elseif(NOT CONFIG_BOOT_SIGNATURE_USING_KMU)
zephyr_library_sources(
${BOOT_DIR}/bootutil/src/ed25519_psa.c
)
else()
zephyr_library_sources(
${BOOT_DIR}/bootutil/src/ed25519_psa_kmu.c
)
endif()
endif()

Expand Down
Loading