wip

Author: michalek-no

boot/bootutil/src/ed25519_psa.c

@@ -32,6 +32,10 @@ static psa_key_id_t kmu_key_ids[3] =  {
     MAKE_PSA_KMU_KEY_ID(230)
 };
 
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+static psa_key_id_t *validated_with = NULL;
+#endif
+
 BUILD_ASSERT(CONFIG_BOOT_SIGNATURE_KMU_SLOTS <= ARRAY_SIZE(kmu_key_ids),
 	     "Invalid number of KMU slots, up to 3 are supported on nRF54L15");
 #endif
@@ -114,6 +118,10 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
                                     EDDSA_SIGNAGURE_LENGTH);
         if (status == PSA_SUCCESS) {
             ret = 1;
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+			BOOT_LOG_ERR("--------------- valid set to %d", i);
+            validated_with = kmu_key_ids + i;
+#endif
             break;
         }
 
@@ -122,4 +130,31 @@ int ED25519_verify(const uint8_t *message, size_t message_len,
 
     return ret;
 }
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+void revoke_in_kmu(void)
+{
+
+    psa_status_t status = psa_crypto_init();
+
+    if (status != PSA_SUCCESS) {
+            printk("PSA crypto init failed with error %d\n", status);
+            return;
+    }
+    BOOT_LOG_ERR("--------------- for");
+    for (int i = 0; i < CONFIG_BOOT_SIGNATURE_KMU_SLOTS; i++) {
+        if((kmu_key_ids + i) == validated_with){
+            break;
+        }
+        BOOT_LOG_ERR("--------------- invalidating %d", i);
+
+        status = psa_destroy_key(kmu_key_ids[i]);
+        if (status == PSA_SUCCESS) {
+            printk("ok\n");
+        } else {
+            printk("destroy failed with: %d\n", status);
+        }
+    }
+
+}
+#endif
 #endif

boot/bootutil/src/image_validate.c

@@ -65,6 +65,11 @@ BOOT_LOG_MODULE_DECLARE(mcuboot);
 
 #include "bootutil_priv.h"
 
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+#include "bootutil/key_revocation.h"
+#endif
+
+
 #ifndef MCUBOOT_SIGN_PURE
 /*
  * Compute SHA hash over the image.
@@ -681,6 +686,10 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
 #ifndef MCUBOOT_SIGN_PURE
             FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash),
                                                            buf, len, key_id);
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+		revoke();
+#endif
+
 #else
             /* Directly check signature on the image, by using the mapping of
              * a device to memory. The pointer is beginning of image in flash,

boot/bootutil/src/loader.c

@@ -76,6 +76,10 @@ int pcd_version_cmp_net(const struct flash_area *fap, struct image_header *hdr);
 
 #include "mcuboot_config/mcuboot_config.h"
 
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+#include "bootutil/key_revocation.h"
+#endif
+
 BOOT_LOG_MODULE_DECLARE(mcuboot);
 
 static struct boot_loader_state boot_data;
@@ -100,7 +104,6 @@ struct sector_buffer_t {
     boot_sector_t scratch[BOOT_MAX_IMG_SECTORS];
 #endif
 };
-
 static struct sector_buffer_t sector_buffers;
 #endif
 #endif
@@ -2733,6 +2736,12 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
         }
     }
 
+#if defined(CONFIG_BOOT_KEYS_REVOCATION)
+    if (BOOT_SWAP_TYPE(state) == BOOT_SWAP_TYPE_NONE) {
+		allow_revoke();
+		BOOT_LOG_ERR("----------------------swap none");
+	}
+#endif
     /* Iterate over all the images. At this point all required update operations
      * have finished. By the end of the loop each image in the primary slot will
      * have been re-validated.

boot/zephyr/CMakeLists.txt

@@ -91,6 +91,12 @@ if(DEFINED CONFIG_BOOT_SHARE_BACKEND_RETENTION)
     )
 endif()
 
+if(DEFINED CONFIG_BOOT_KEYS_REVOCATION)
+zephyr_library_sources(
+  ${BOOT_DIR}/bootutil/src/key_revocation.c
+)
+endif()
+
 # Generic bootutil sources and includes.
 zephyr_library_include_directories(${BOOT_DIR}/bootutil/include)
 zephyr_library_sources(

boot/zephyr/Kconfig

@@ -329,6 +329,14 @@ config BOOT_SIGNATURE_KMU_SLOTS
 
 endif
 
+config BOOT_KEYS_REVOCATION
+	bool "Auto revoke previous gen key"
+	default y if BOOT_SIGNATURE_USING_KMU
+	default n
+	help
+	  Automatically revoke previous generation key upon new valid key usage.
+
+
 if !BOOT_SIGNATURE_USING_KMU
 
 config BOOT_SIGNATURE_KEY_FILE