boot:crypto Add custom crypto support#2680
Open
OleksandrShkurchenko wants to merge 1 commit intomcu-tools:mainfrom
Open
boot:crypto Add custom crypto support#2680OleksandrShkurchenko wants to merge 1 commit intomcu-tools:mainfrom
OleksandrShkurchenko wants to merge 1 commit intomcu-tools:mainfrom
Conversation
OleksandrShkurchenko
requested review from
d3zd3z and
davidvincze
as code owners
d3zd3z
requested changes
Mar 30, 2026
Member
d3zd3z
left a comment
d3zd3z
left a comment
There was a problem hiding this comment.
Looks good. A minor textual change, and adding CI support.
In addition, can you please format the commit text to be less than 72 columns.
| # Custom Crypto Backend | ||
|
|
||
| MCUboot's crypto abstraction layer supports several open source backends like | ||
| `MCUBOOT_USE_MBED_TLS`, `MCUBOOT_USE_TINYCRYPT`, etc. The `MCUBOOT_USE_CUSTOM_CRYPTO` option allows to implement a custom backend that lets users plug in any crypto library — |
Member
There was a problem hiding this comment.
This line can be wrapped at < 78 or so solumns, which will help when reading these files directly.
| max-align-32 = ["mcuboot-sys/max-align-32"] | ||
| hw-rollback-protection = ["mcuboot-sys/hw-rollback-protection"] | ||
| check-load-addr = ["mcuboot-sys/check-load-addr"] | ||
| custom-crypto = ["mcuboot-sys/custom-crypto"] |
Member
There was a problem hiding this comment.
If we add a custom-crypto configuration, we should also add to .github/workflows/sim.yaml to the build matrix to include testing of this configuration.
OleksandrShkurchenko
force-pushed
the
custom_crypto_pr
branch
from
171fb82 to
e21234d
Compare
OleksandrShkurchenko
force-pushed
the
custom_crypto_pr
branch
from
e21234d to
598d882
Compare
nordicjm
requested changes
Apr 9, 2026
Comment on lines
+3
to
+4
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | ||
| * Technologies AG |
Collaborator
There was a problem hiding this comment.
Suggested change
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | |
| * Technologies AG |
let's not add copyrights for 2 line #ifdef changes
Comment on lines
+7
to
+8
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | ||
| * Technologies AG |
Collaborator
There was a problem hiding this comment.
Suggested change
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | |
| * Technologies AG |
Comment on lines
+5
to
+6
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | ||
| * Technologies AG |
Collaborator
There was a problem hiding this comment.
Suggested change
| * Copyright (c) 2026 Infineon Technologies AG, or an affiliate of Infineon | |
| * Technologies AG |
d3zd3z
requested changes
Apr 10, 2026
| const struct flash_area *fap, | ||
| struct boot_status *bs); | ||
| bool boot_enc_valid(struct enc_key_data *enc_state, uint8_t slot); | ||
| void boot_enc_encrypt(struct enc_key_data *enc_state, uint8_t slot, |
Member
There was a problem hiding this comment.
The code for this function doesn't have a slot argument.
Author
There was a problem hiding this comment.
Fixed. Also reviewed whole .md for such issues in other sections
| - "ram-load enc-aes256-kw multiimage" | ||
| - "ram-load enc-aes256-kw sig-ecdsa-mbedtls multiimage" | ||
| - "custom-crypto,custom-crypto overwrite-only,custom-crypto validate-primary-slot" | ||
| - "custom-enc-crypto,custom-enc-crypto overwrite-only,custom-enc-crypto validate-primary-slot,custom-enc-crypto max-align-32" |
Member
There was a problem hiding this comment.
Should we be testing custom crypto with at least swap-offset, as that is the mode we are generally encouraging people to use.
The `MCUBOOT_USE_CUSTOM_CRYPTO` option allows to implement a custom backend that lets users plug in any crypto library, hardware accelerator, proprietary SDK, or another software implementation without modifying MCUboot's own source. Signed-off-by: Oleksandr Shkurchenko <Oleksandr.Shkurchenko@infineon.com>
OleksandrShkurchenko
force-pushed
the
custom_crypto_pr
branch
from
598d882 to
e409790
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The
MCUBOOT_USE_CUSTOM_CRYPTOoption allows to implement a custombackend that lets users plug in any crypto library, hardware
accelerator, proprietary SDK, or another software implementation
without modifying MCUboot's own source.