We are just reviewing our cryptocell support in TF-A and noticed this:
include/drivers/arm/cryptocell/secureboot_gen_defs.h:
```RSA_PSS_2048 = 0x01, /*!< RSA PSS 2048 after hash SHA 256 */```
drivers/auth/cryptocell/cryptocell_crypto.c:
```
/* Verify the signature */
error = CCSbVerifySignature((uintptr_t)PLAT_CRYPTOCELL_BASE,
(uint32_t *)data_ptr, &pk, &signature,
data_len, RSA_PSS_2048);
if (error != CC_OK)
return CRYPTO_ERR_SIGNATURE;
```
```
Code removed at ARM support's request
(but basically the cryptocell version 2 release only supports 3072 keys and encodes parameter 6 of CCSbVerifySignature as 1 for 3072 keys)
```
So from this, we are calling into code which is dealing with 3072 bit keys according to the comments and constant names, but TF-A Uses 2048 bit keys ??
Cheers,
Neil