Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ASN.1 Decoding bypass that allows to reduce size of flash when ED25519 is used #347

Closed
wants to merge 2 commits into from
Closed

ASN.1 Decoding bypass that allows to reduce size of flash when ED25519 is used #347

wants to merge 2 commits into from

Conversation

de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Oct 8, 2024
edited
Loading

The PR adds options that allow to remove run-time ASN.1 decoding of ED25519 public key embedded in MCUboot build, which in turn reduces flash size used by MCUboot.

When building nrf52840dk Hello world:

west build  -b nrf52840dk/nrf52840 -d builds/sb_hello52 zephyr/samples/hello_world/ -- -DSB_CONFIG_BOOTLOADER_MUBOOT=y -DSB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y

We get 41898 bytes of flash for MCUboot without bypass and 41386 when -Dmcuboot_CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN=y is added to command line.

@NordicBuilder NordicBuilder mentioned this pull request Oct 8, 2024
Closed
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from efe3c3f to f5ed228 Compare October 9, 2024 12:07
@de-nordic de-nordic requested a review from nvlsianpu October 9, 2024 12:30
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch 2 times, most recently from 82bd418 to 8c99a50 Compare October 9, 2024 12:39
@de-nordic de-nordic added this to the ncs-2.8.0 milestone Oct 10, 2024
@nvlsianpu
Copy link
Contributor

@de-nordic Needs rebase

@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from 8c99a50 to b828c36 Compare February 5, 2025 16:04
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from b828c36 to 7395b6c Compare March 4, 2025 11:25
@de-nordic de-nordic removed this from the ncs-2.8.0 milestone Mar 4, 2025
de-nordic added 2 commits March 4, 2025 11:26
@de-nordic
[nrf fromtree] bootutil: Allow bypassing ASN.1 encoding for ED25519 k…
4441664 
…ey import

The commit adds MCUBOOT_KEY_IMPORT_BYPASS_ASN configuration option
that allows bypassing ASN.1 decoding of ED25519 public key, compiled
into MCUboot.
When the option is enabled the key will be accessed directly
and ASN.1 processing is not compiled in, resulting in smaller
footprint of MCUboot, at a cost of reduced detection of invalid
key, i.e. public key designated for different method than
compiled in.

(cherry picked from commit 1dcfbda)
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic
[nrf fromtree] zephyr: Add Kconfig option CONFIG_BOOT_KEY_IMPORT_BYPA…
aeb8714 
…SS_ASN

The option enables MCUboot configuration option
MCUBOOT_KEY_IMPORT_BYPASS_ASN.

(cherry picked from commit 3ff7549)
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic de-nordic force-pushed the ed25519-asn1-bypass branch from 7395b6c to aeb8714 Compare March 4, 2025 11:26
@de-nordic
Copy link
Contributor Author

Superseded by #401

@de-nordic de-nordic closed this Mar 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nvlsianpu nvlsianpu nvlsianpu approved these changes

@nordicjm nordicjm nordicjm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@de-nordic @nvlsianpu @nordicjm