RFC: Should we deprecate the MCUBOOT_SWAP_SAVE_ENCTLV by making it default and removing code supporting plain text keys?

[de-nordic]

What is this RFC about?

MCUboot, when using encrypted images, needs to temporarily store encryption key in swap area, when decrypting image.
There are two possible options for that: store the key in plain text and store it as a full TLV the key has been decrypted from.

Obviously storing plain text key takes a little less code and is quicker at recovery.

But the key is stored outside of MCUboot flash area, which may be read protected and unavailable by user in contrast to app image area the key is stored to. Even though accessing that area may also be hard, the fact that the key needs to be stored somewhere to flash may be exploited to obtain the key and decrypt the image without access to MCUboot protected private key.

The key decoding code is there whether MCUBOOT_SWAP_SAVE_ENCTLV is 1 or not, so at a little cost of adding flash usage it is worth having it always enabled and perform decryption every time when the key is needed, on recovery from interrupted operation.

What is the proposal?

With the increasing focus on security we may assume that MCUBOOT_SWAP_SAVE_ENCTLV will become default for every MCUboot build in the future, flash savings are probably neglectable when this is turned off, so my proposal is to make the option default and remove code that serves the opposite case (when MCUBOOT_SWAP_SAVE_ENCTLV).
Additional benefit would be reduction in time spent on maintaining both paths.

What is the "neglectable" difference?

When build the MCUboot for nrf52840dk, with x25519 encryption enabled, the difference between having encrypted and unencrypted TLV is 96 bytes (size optimization, no logging, etc), 42546 vs 42450.