[nrf noup] zephyr: Move KMU base slot configuration to Kconfig

boot/bootutil/src/ed25519_psa.c

@@ -27,12 +27,7 @@ BOOT_LOG_MODULE_REGISTER(ed25519_psa);
 /* List of KMU stored key ids available for MCUboot */
 #define PSA_KEY_INDEX_SIZE 2
 
-#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 || \
-	defined(CONFIG_NCS_BOOT_SIGNATURE_KMU_UROT_MAPPING)
-#define PSA_KEY_STARTING_ID 226
-#else
-#define PSA_KEY_STARTING_ID 242
-#endif
+#define PSA_KEY_STARTING_ID CONFIG_NCS_BOOT_SIGNATURE_KMU_BASE_SLOT
 
 #define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id)
 static psa_key_id_t key_ids[] =  {

boot/zephyr/Kconfig

@@ -446,6 +446,15 @@ config BOOT_KMU_KEYS_REVOCATION
 	help
 	  Enabling KMU key revocation backend.
 
+config NCS_BOOT_SIGNATURE_KMU_BASE_SLOT
+	int
+	depends on BOOT_SIGNATURE_USING_KMU
+	default 226 if NCS_BOOT_SIGNATURE_KMU_UROT_MAPPING
+	default 226 if MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
+	default 242
+	help
+	  Base key identifier for KMU.
+
 config NCS_BOOT_SIGNATURE_USING_ITS
 	bool "Use ITS stored keys for signature verification"
 	depends on NRF_SECURITY