From 8d8f327c039991f59553ebe38e4add18a5c2d2e3 Mon Sep 17 00:00:00 2001
From: Benno Trutmann <benno.trutmann@arendi.ch>
Date: Thu, 26 Sep 2024 09:37:45 +0200
Subject: [PATCH 2/2] Patches for fixing signing with relative paths to key
 files.

---
 cmake/sysbuild/b0_mcuboot_signing.cmake | 1 +
 cmake/sysbuild/debug_keys.cmake         | 8 +++++---
 cmake/sysbuild/image_signing.cmake      | 2 ++
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cmake/sysbuild/b0_mcuboot_signing.cmake b/cmake/sysbuild/b0_mcuboot_signing.cmake
index f9b205da0..71f523763 100644
--- a/cmake/sysbuild/b0_mcuboot_signing.cmake
+++ b/cmake/sysbuild/b0_mcuboot_signing.cmake
@@ -12,6 +12,7 @@
 
 function(ncs_secure_boot_mcuboot_sign application bin_files signed_targets prefix)
   set(keyfile "${SB_CONFIG_BOOT_SIGNATURE_KEY_FILE}")
+  string(CONFIGURE "${keyfile}" keyfile)
 
   # Find imgtool. Even though west is installed, imgtool might not be.
   # The user may also have a custom manifest which doesn't include
diff --git a/cmake/sysbuild/debug_keys.cmake b/cmake/sysbuild/debug_keys.cmake
index af94348d0..94eff63b9 100644
--- a/cmake/sysbuild/debug_keys.cmake
+++ b/cmake/sysbuild/debug_keys.cmake
@@ -47,11 +47,13 @@ if(NOT SB_CONFIG_SECURE_BOOT_SIGNING_CUSTOM AND "${SB_CONFIG_SECURE_BOOT_SIGNING
     )
   set(SIGN_KEY_FILE_DEPENDS debug_sign_key_target)
 else()
-  if(IS_ABSOLUTE ${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
-    set(SIGNATURE_PRIVATE_KEY_FILE ${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
+  set(keyfile "${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE}")
+  string(CONFIGURE "${keyfile}" keyfile)
+  if(IS_ABSOLUTE ${keyfile})
+    set(SIGNATURE_PRIVATE_KEY_FILE ${keyfile})
   else()
     # Resolve path relative to the application configuration directory.
-    set(SIGNATURE_PRIVATE_KEY_FILE ${APPLICATION_CONFIG_DIR}/${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
+    set(SIGNATURE_PRIVATE_KEY_FILE ${APPLICATION_CONFIG_DIR}/${keyfile})
   endif()
 
   if(NOT EXISTS ${SIGNATURE_PRIVATE_KEY_FILE})
diff --git a/cmake/sysbuild/image_signing.cmake b/cmake/sysbuild/image_signing.cmake
index c59681b8f..c33a9def5 100644
--- a/cmake/sysbuild/image_signing.cmake
+++ b/cmake/sysbuild/image_signing.cmake
@@ -19,6 +19,8 @@ endfunction()
 function(zephyr_mcuboot_tasks)
   set(keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}")
   set(keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}")
+  string(CONFIGURE "${keyfile}" keyfile)
+  string(CONFIGURE "${keyfile_enc}" keyfile_enc)
 
   if(NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
     # Check for misconfiguration.
-- 
2.35.1.windows.2