[nrf noup] bootutil: Provide support for SHA512 with ED25519

Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel <[email protected]>
nrfconnect · Sep 6, 2024 · abb1c2b · abb1c2b
1 parent 7d7de77
commit abb1c2b
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -92,7 +92,7 @@ config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES
 config BOOT_ED25519_PSA_DEPENDENCIES
 	bool
 	default n
-	select PSA_WANT_ALG_SHA_256
+	select PSA_WANT_ALG_SHA_256 if BOOT_IMG_HASH_ALG_SHA256
 	select PSA_WANT_ALG_SHA_512
 	select PSA_WANT_ALG_PURE_EDDSA
 	select PSA_WANT_ECC_TWISTED_EDWARDS_255
@@ -238,8 +238,13 @@ endif
 
 config BOOT_SIGNATURE_TYPE_ED25519
 	bool "Edwards curve digital signatures using ed25519"
+	help
+	  This is ed25519 signature calculated over SHA512 of SHA256 of application
+	  image; that is not completely correct approach as the SHA512 should be
+	  rather directly calculated over an image.
 	select BOOT_ENCRYPTION_SUPPORT
 	select BOOT_IMG_HASH_ALG_SHA256_ALLOW
+	select BOOT_IMG_HASH_ALG_SHA512_ALLOW
 
 if BOOT_SIGNATURE_TYPE_ED25519
 choice BOOT_ED25519_IMPLEMENTATION