Align encryption mechanisms to match the way signing works

Ref: NCSDK-30935 Signed-off-by: Artur Hadasz <[email protected]>
nrfconnect · Jan 15, 2025 · a807cee · a807cee
1 parent dd96bb8
commit a807cee
Show file tree

Hide file tree

Showing 7 changed files with 420 additions and 213 deletions.
diff --git a/ncs/Kconfig b/ncs/Kconfig
@@ -65,16 +65,30 @@ config SUIT_ENVELOPE_TARGET_ENCRYPT
 
 if SUIT_ENVELOPE_TARGET_ENCRYPT
 
-config SUIT_ENVELOPE_TARGET_ENCRYPT_STRING_KEY_ID
-	string "The string key ID used to identify the encryption key on the device"
-	default "FWENC_APPLICATION_GEN1" if SOC_NRF54H20_CPUAPP_COMMON
-	default "FWENC_RADIOCORE_GEN1" if SOC_NRF54H20_CPURAD_COMMON
-	help
-	  This string is translated to the numeric KEY ID by the encryption script
+choice SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN
+	prompt "SUIT envelope encryption key generation"
+	default SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+
+	config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+		bool "Key generation 1"
+
+	config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
+		bool "Key generation 2"
+endchoice
+
+config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_ID
+	hex "The key ID used to identify the encryption key on the device"
+	default 0x40022000 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+	default 0x40022001 if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
+	default 0x40032000 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+	default 0x40032001 if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
 
 config SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_NAME
 	string "Name of the key used for encryption - to identify the key in the KMS"
-	default SUIT_ENVELOPE_TARGET_ENCRYPT_STRING_KEY_ID
+	default "FWENC_APPLICATION_GEN1" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+	default "FWENC_APPLICATION_GEN2" if SOC_NRF54H20_CPUAPP_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
+	default "FWENC_RADIOCORE_GEN1" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN1
+	default "FWENC_RADIOCORE_GEN2" if SOC_NRF54H20_CPURAD_COMMON && SUIT_ENVELOPE_TARGET_ENCRYPT_KEY_GEN2
 
 choice SUIT_ENVELOPE_TARGET_ENCRYPT_PLAINTEXT_HASH_ALG
 	prompt "Algorithm used to calculate the digest of the plaintext firmware"