From 352a241bb7e9e35e8175e4004300089edecc0b8b Mon Sep 17 00:00:00 2001
From: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Fri, 25 Oct 2024 14:06:12 +0000
Subject: [PATCH] [nrf noup] Fix KMU breaking non-KMU builds of MCUboot

The commit fixes problem where usage of OR instead of AND
in conditional expression broke non-KMU signature builds
of MCUboot.
The commit also removes BOOT_SIGNATURE_TYPE_PURE_ALLOW
on NRF_SECURITY, which breaks build for non-PSA builds.

fixup! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
---
 boot/zephyr/CMakeLists.txt | 2 +-
 boot/zephyr/Kconfig        | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index 6562a746b..3a3406465 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt
@@ -313,7 +313,7 @@ if(CONFIG_MCUBOOT_SERIAL)
   endif()
 endif()
 
-if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU OR NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "")
+if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU AND NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "")
   # CONF_FILE points to the KConfig configuration files of the bootloader.
   foreach (filepath ${CONF_FILE})
     file(READ ${filepath} temp_text)
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index c00e519b6..c6a8cc589 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -194,7 +194,6 @@ endchoice # BOOT_IMG_HASH_ALG
 
 config BOOT_SIGNATURE_TYPE_PURE_ALLOW
 	bool
-	depends on NRF_SECURITY
 	help
 	  Hidden option set by configurations that allow Pure variant,
 	  for example ed25519. The pure variant means that image