We are just reviewing our cryptocell support in TF-A and noticed this:
RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */
/* Verify the signature */ error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE, (uint32_t *)data_ptr, &pk, &signature, data_len, RSA_PSS_2048); if (error != CC_OK) return CRYPTO_ERR_SIGNATURE;
CryptoCell API Code removed at ARM support's request (but basically the cryptocell version 2 release only supports 3072 keys and encodes parameter 6 of CCSbVerifySignature as 1 for 3072 keys)
So from this, we are calling into code which is dealing with 3072 bit keys according to the comments and constant names, but TF-A Uses 2048 bit keys ??