I would like to use Tinycrypt library to do AES encryption. Does Nordic provide sample code?
I would like to use Tinycrypt library to do AES encryption. Does Nordic provide sample code?
Hi Snowuyl,
As far as I know we don't have a sample for this, sorry. I do see that there is some test code available for it, which might be useful: https://github.com/zephyrproject-rtos/zephyr/blob/main/tests/crypto/tinycrypt/src/sha256.c
And of course the documentation: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/services/crypto/tinycrypt.html
If Tinycrypt is not a necessity, then we do have other AES Crypto samples: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/crypto.html
Best regards,
Raoul
Thanks for your reply! I would like to build MCUboot with TinyCrypt. Could you kindly to provide reference documentation?
Hi,
According to this release note, TinyCrypt has been included in the mcuboot code base, you should be able to enable it via Kconfig.
I was unable to find reference documentation, but I see mention of the CONFIG_BOOT_USE_TINYCRYPT option here: https://github.com/nrfconnect/sdk-mcuboot/blob/823fd369c1430b50d263ccd6fbcf98bdd44001ba/boot/zephyr/Kconfig#L28
I also see that there is CONFIG_BOOT_ECDSA_TINYCRYPT, discussed in this case: Bulid MCUBoot with TINYCRYPT to support DFU image cipher/encryption
Would you mind trying these?
I'm sorry I can't dig deeper into this at the moment, we are quite busy during the summer weeks.
Best regards,
Raoul
Hi,
According to this release note, TinyCrypt has been included in the mcuboot code base, you should be able to enable it via Kconfig.
I was unable to find reference documentation, but I see mention of the CONFIG_BOOT_USE_TINYCRYPT option here: https://github.com/nrfconnect/sdk-mcuboot/blob/823fd369c1430b50d263ccd6fbcf98bdd44001ba/boot/zephyr/Kconfig#L28
I also see that there is CONFIG_BOOT_ECDSA_TINYCRYPT, discussed in this case: Bulid MCUBoot with TINYCRYPT to support DFU image cipher/encryption
Would you mind trying these?
I'm sorry I can't dig deeper into this at the moment, we are quite busy during the summer weeks.
Best regards,
Raoul
Thanks for your reply! I have added the following setting in D:\ncs\v2.3.0\bootloader\mcuboot\boot\zephyr\CMakeLists.txt. But west build and west flash doesn't show any log messages related to Tinycrypt. How can I make sure Tinycrypt is built with MCUboot?
set(CONFIG_BOOT_ECDSA_TINYCRYPT y)
# CMakeLists.txt for building mcuboot as a Zephyr project
#
# Copyright (c) 2017 Open Source Foundries Limited
#
# SPDX-License-Identifier: Apache-2.0
cmake_minimum_required(VERSION 3.13.1)
# Add a common dts overlay necessary to ensure mcuboot is linked into,
# and fits inside, the boot partition. (If the user specified a
# DTC_OVERLAY_FILE on the CMake command line, we need to append onto
# the list).
if(DTC_OVERLAY_FILE)
set(DTC_OVERLAY_FILE
"${DTC_OVERLAY_FILE} ${CMAKE_CURRENT_LIST_DIR}/dts.overlay"
CACHE STRING "" FORCE
)
else()
set(DTC_OVERLAY_FILE ${CMAKE_CURRENT_LIST_DIR}/dts.overlay)
endif()
# Enable Zephyr runner options which request mass erase if so
# configured.
#
# Note that this also disables the default "leave" option when
# targeting STM32 DfuSe devices with dfu-util, making the chip stay in
# the bootloader after flashing.
#
# That's the right thing, because mcuboot has nothing to do since the
# chip was just erased. The next thing the user is going to want to do
# is flash the application. (Developers can reset DfuSE devices
# manually to test mcuboot behavior on an otherwise erased flash
# device.)
macro(app_set_runner_args)
if(CONFIG_ZEPHYR_TRY_MASS_ERASE)
board_runner_args(dfu-util "--dfuse-modifiers=force:mass-erase")
board_runner_args(pyocd "--flash-opt=-e=chip")
board_runner_args(nrfjprog "--erase")
endif()
endmacro()
# find_package(Zephyr) in order to load application boilerplate:
# http://docs.zephyrproject.org/application/application.html
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(NONE)
# Path to "boot" subdirectory of repository root.
get_filename_component(BOOT_DIR ${APPLICATION_SOURCE_DIR} DIRECTORY)
# Path to top-level repository root directory.
get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY)
# Path to tinycrypt library source subdirectory of MCUBOOT_DIR.
set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib")
assert_exists(TINYCRYPT_DIR)
set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib")
assert_exists(TINYCRYPT_SHA512_DIR)
# Path to crypto-fiat
set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat")
assert_exists(FIAT_DIR)
# Path to mbed-tls' asn1 parser library.
set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls-asn1")
assert_exists(MBEDTLS_ASN1_DIR)
set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf")
if(CONFIG_BOOT_USE_NRF_CC310_BL)
set(NRFXLIB_DIR ${ZEPHYR_BASE}/../nrfxlib)
if(NOT EXISTS ${NRFXLIB_DIR})
message(FATAL_ERROR "
------------------------------------------------------------------------
No such file or directory: ${NRFXLIB_DIR}
The current configuration enables nRF CC310 crypto accelerator hardware
with the `CONFIG_BOOT_USE_NRF_CC310_BL` option. Please follow
`ext/nrf/README.md` guide to fix your setup or use tinycrypt instead of
the HW accelerator.
To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y.
------------------------------------------------------------------------")
endif()
endif()
set(CONFIG_BOOT_ECDSA_TINYCRYPT y)
zephyr_library_include_directories(
include
targets
)
if(EXISTS targets/${BOARD}.h)
zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h")
endif()
# Zephyr port-specific sources.
zephyr_library_sources(
main.c
flash_map_extended.c
os.c
keys.c
)
if(DEFINED CONFIG_ENABLE_MGMT_PERUSER)
zephyr_library_sources(
boot_serial_extensions.c
)
endif()
if(NOT DEFINED CONFIG_FLASH_PAGE_LAYOUT)
zephyr_library_sources(
flash_map_legacy.c
)
endif()
# Generic bootutil sources and includes.
zephyr_library_include_directories(${BOOT_DIR}/bootutil/include)
zephyr_library_sources(
${BOOT_DIR}/bootutil/src/image_validate.c
${BOOT_DIR}/bootutil/src/tlv.c
${BOOT_DIR}/bootutil/src/encrypted.c
${BOOT_DIR}/bootutil/src/image_rsa.c
${BOOT_DIR}/bootutil/src/image_ec256.c
${BOOT_DIR}/bootutil/src/image_ed25519.c
${BOOT_DIR}/bootutil/src/bootutil_misc.c
${BOOT_DIR}/bootutil/src/fault_injection_hardening.c
)
# library which might be common source code for MCUBoot and an application
zephyr_link_libraries(MCUBOOT_BOOTUTIL)
if(CONFIG_BOOT_FIH_PROFILE_HIGH)
zephyr_library_sources(
${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c
)
endif()
if(CONFIG_SINGLE_APPLICATION_SLOT)
zephyr_library_sources(
${BOOT_DIR}/zephyr/single_loader.c
)
zephyr_library_include_directories(${BOOT_DIR}/bootutil/src)
else()
zephyr_library_sources(
${BOOT_DIR}/bootutil/src/loader.c
${BOOT_DIR}/bootutil/src/swap_misc.c
${BOOT_DIR}/bootutil/src/swap_scratch.c
${BOOT_DIR}/bootutil/src/swap_move.c
${BOOT_DIR}/bootutil/src/caps.c
)
endif()
if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256)
zephyr_library_include_directories(
${MBEDTLS_ASN1_DIR}/include
)
zephyr_library_sources(
# Additionally pull in just the ASN.1 parser from mbedTLS.
${MBEDTLS_ASN1_DIR}/src/asn1parse.c
${MBEDTLS_ASN1_DIR}/src/platform_util.c
)
if(CONFIG_BOOT_USE_TINYCRYPT)
# When using ECDSA signatures, pull in our copy of the tinycrypt library.
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
)
zephyr_include_directories(${TINYCRYPT_DIR}/include)
zephyr_library_sources(
${TINYCRYPT_DIR}/source/ecc.c
${TINYCRYPT_DIR}/source/ecc_dsa.c
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
)
elseif(CONFIG_BOOT_USE_NRF_CC310_BL)
zephyr_library_sources(${NRF_DIR}/cc310_glue.c)
zephyr_library_include_directories(${NRF_DIR})
zephyr_link_libraries(nrfxlib_crypto)
elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO)
zephyr_include_directories(${BL_CRYPTO_DIR}/../include)
endif()
# Since here we are not using Zephyr's mbedTLS but rather our own, we need
# to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this
# variable is set by its Kconfig in the Zephyr codebase.
zephyr_library_compile_definitions(
MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
)
elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE)
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
)
zephyr_library_sources(
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
)
elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA)
# Use mbedTLS provided by Zephyr for RSA signatures. (Its config file
# is set using Kconfig.)
zephyr_include_directories(include)
if(CONFIG_BOOT_ENCRYPT_RSA)
set_source_files_properties(
${BOOT_DIR}/bootutil/src/encrypted.c
PROPERTIES
INCLUDE_DIRECTORIES ${ZEPHYR_MBEDTLS_MODULE_DIR}/library
)
endif()
elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519)
if(CONFIG_BOOT_USE_TINYCRYPT)
zephyr_library_include_directories(
${MBEDTLS_ASN1_DIR}/include
${BOOT_DIR}/zephyr/include
${TINYCRYPT_DIR}/include
${TINYCRYPT_SHA512_DIR}/include
)
zephyr_library_sources(
${TINYCRYPT_DIR}/source/sha256.c
${TINYCRYPT_DIR}/source/utils.c
${TINYCRYPT_SHA512_DIR}/source/sha512.c
# Additionally pull in just the ASN.1 parser from mbedTLS.
${MBEDTLS_ASN1_DIR}/src/asn1parse.c
${MBEDTLS_ASN1_DIR}/src/platform_util.c
)
zephyr_library_compile_definitions(
MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h"
)
else()
zephyr_include_directories(include)
endif()
zephyr_library_include_directories(
${BOOT_DIR}/zephyr/include
${FIAT_DIR}/include/
)
zephyr_library_sources(
${FIAT_DIR}/src/curve25519.c
)
endif()
if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256)
zephyr_library_sources(
${TINYCRYPT_DIR}/source/aes_encrypt.c
${TINYCRYPT_DIR}/source/aes_decrypt.c
${TINYCRYPT_DIR}/source/ctr_mode.c
${TINYCRYPT_DIR}/source/hmac.c
${TINYCRYPT_DIR}/source/ecc_dh.c
)
endif()
if(CONFIG_BOOT_ENCRYPT_EC256)
zephyr_library_sources(
${TINYCRYPT_DIR}/source/ecc_dh.c
)
endif()
if(CONFIG_MCUBOOT_SERIAL)
zephyr_sources(${BOOT_DIR}/zephyr/serial_adapter.c)
zephyr_sources(${BOOT_DIR}/boot_serial/src/boot_serial.c)
zephyr_sources(${BOOT_DIR}/boot_serial/src/serial_recovery_cbor.c)
zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_decode.c)
zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_encode.c)
zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_common.c)
zephyr_sources_ifdef(CONFIG_BOOT_MGMT_ECHO ${BOOT_DIR}/boot_serial/src/serial_recovery_echo.c)
zephyr_include_directories(${BOOT_DIR}/bootutil/include)
zephyr_include_directories(${BOOT_DIR}/boot_serial/include)
zephyr_include_directories(include)
zephyr_include_directories_ifdef(
CONFIG_BOOT_ERASE_PROGRESSIVELY
${BOOT_DIR}/bootutil/src
)
endif()
if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "")
# CONF_FILE points to the KConfig configuration files of the bootloader.
foreach (filepath ${CONF_FILE})
file(READ ${filepath} temp_text)
string(FIND "${temp_text}" ${CONFIG_BOOT_SIGNATURE_KEY_FILE} match)
if (${match} GREATER_EQUAL 0)
if (NOT DEFINED CONF_DIR)
get_filename_component(CONF_DIR ${filepath} DIRECTORY)
else()
message(FATAL_ERROR "Signature key file defined in multiple conf files")
endif()
endif()
endforeach()
if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
elseif((DEFINED CONF_DIR) AND
(EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}))
set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
else()
set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
endif()
message("MCUBoot bootloader key file: ${KEY_FILE}")
set_property(
GLOBAL
PROPERTY
KEY_FILE
${KEY_FILE}
)
set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c)
add_custom_command(
OUTPUT ${GENERATED_PUBKEY}
COMMAND
${PYTHON_EXECUTABLE}
${MCUBOOT_DIR}/scripts/imgtool.py
getpub
-k
${KEY_FILE}
> ${GENERATED_PUBKEY}
DEPENDS ${KEY_FILE}
)
zephyr_library_sources(${GENERATED_PUBKEY})
endif()
if(CONFIG_BOOT_ENCRYPTION_KEY_FILE AND NOT CONFIG_BOOT_ENCRYPTION_KEY_FILE STREQUAL "")
# CONF_FILE points to the KConfig configuration files of the bootloader.
unset(CONF_DIR)
foreach(filepath ${CONF_FILE})
file(READ ${filepath} temp_text)
string(FIND "${temp_text}" ${CONFIG_BOOT_ENCRYPTION_KEY_FILE} match)
if(${match} GREATER_EQUAL 0)
if(NOT DEFINED CONF_DIR)
get_filename_component(CONF_DIR ${filepath} DIRECTORY)
else()
message(FATAL_ERROR "Encryption key file defined in multiple conf files")
endif()
endif()
endforeach()
if(IS_ABSOLUTE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE})
set(KEY_FILE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE})
elseif((DEFINED CONF_DIR) AND
(EXISTS ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE}))
set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE})
else()
set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE})
endif()
message("MCUBoot bootloader encryption key file: ${KEY_FILE}")
set(GENERATED_ENCKEY ${ZEPHYR_BINARY_DIR}/autogen-enckey.c)
add_custom_command(
OUTPUT ${GENERATED_ENCKEY}
COMMAND
${PYTHON_EXECUTABLE}
${MCUBOOT_DIR}/scripts/imgtool.py
getpriv
-k
${KEY_FILE}
> ${GENERATED_ENCKEY}
DEPENDS ${KEY_FILE}
)
zephyr_library_sources(${GENERATED_ENCKEY})
endif()
if(CONFIG_MCUBOOT_CLEANUP_ARM_CORE)
zephyr_library_sources(
${BOOT_DIR}/zephyr/arm_cleanup.c
)
endif()
if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL OR CONFIG_MCUBOOT_CLEANUP_NONSECURE_RAM)
zephyr_library_sources(
${BOOT_DIR}/zephyr/nrf_cleanup.c
)
endif()
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>west build -b nrf5340dk_nrf5340_cpuapp
-- west build: generating a build system
Loading Zephyr default modules (Zephyr base).
-- Application: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world
-- Using NCS Toolchain 2.3.0 for building. (D:/ncs/toolchains/v2.3.0/cmake)
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found suitable exact version "3.8.2") found components: Interpreter
-- Cache files will be written to: D:/ncs/v2.3.0/zephyr/.cache
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr)
-- Found west (found suitable version "0.14.0", minimum required is "0.7.1")
-- Board: nrf5340dk_nrf5340_cpuapp
-- Found host-tools: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found Dtc: D:/ncs/toolchains/v2.3.0/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6")
-- Found BOARD.dts: D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp.dts
-- Generated zephyr.dts: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/zephyr.dts
-- Generated devicetree_generated.h: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/dts.cmake
Parsing D:/ncs/v2.3.0/zephyr/Kconfig
Loaded configuration 'D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp_defconfig'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/prj.conf'
Configuration saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/.config'
Kconfig header saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 12.1.0
-- The CXX compiler identification is GNU 12.1.0
-- The ASM compiler identification is GNU
-- Found assembler: D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found version "3.8.2") found components: Interpreter
=== child image mcuboot - begin ===
loading initial cache file D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/child_image_preload.cmake
Loading Zephyr default modules (Zephyr base).
-- Application: D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr
-- Using NCS Toolchain 2.3.0 for building. (D:/ncs/toolchains/v2.3.0/cmake)
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found suitable exact version "3.8.2") found components: Interpreter
-- Cache files will be written to: D:/ncs/v2.3.0/zephyr/.cache
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr)
-- Found west (found suitable version "0.14.0", minimum required is "0.7.1")
-- Board: nrf5340dk_nrf5340_cpuapp
-- Found host-tools: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found Dtc: D:/ncs/toolchains/v2.3.0/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6")
-- Found BOARD.dts: D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp.dts
-- Found devicetree overlay: D:/ncs/v2.3.0/nrf/modules/mcuboot/usb.overlay
-- Found devicetree overlay: D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/dts.overlay
-- Generated zephyr.dts: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/dts.cmake
Parsing D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration 'D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp_defconfig'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/prj.conf'
Merged configuration 'D:/ncs/v2.3.0/nrf/subsys/partition_manager/partition_manager_enabled.conf'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/.config'
Kconfig header saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 12.1.0
-- The CXX compiler identification is GNU 12.1.0
-- The ASM compiler identification is GNU
-- Found assembler: D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
MCUBoot bootloader key file: D:/ncs/v2.3.0/bootloader/mcuboot/root-rsa-2048.pem
-- Configuring done
-- Generating done
-- Build files have been written to: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot
=== child image mcuboot - end ===
CMake Warning at D:/ncs/v2.3.0/nrf/modules/mcuboot/CMakeLists.txt:286 (message):
---------------------------------------------------------
--- WARNING: Using default MCUBoot key, it should not ---
--- be used for production. ---
---------------------------------------------------------
-- Configuring done
-- Generating done
-- Build files have been written to: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build
-- west build: building application
[5/198] Performing build step for 'mcuboot_subimage'
[1/281] Generating include/generated/version.h
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr), build: v3.2.99-ncs2
[271/281] Linking C executable zephyr\zephyr_pre0.elf
[275/281] Linking C executable zephyr\zephyr_pre1.elf
[281/281] Linking C executable zephyr\zephyr.elf
Memory region Used Size Region Size %age Used
FLASH: 40432 B 48 KB 82.26%
RAM: 22712 B 512 KB 4.33%
IDT_LIST: 0 GB 2 KB 0.00%
[7/198] Generating include/generated/version.h
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr), build: v3.2.99-ncs2
[177/198] Linking C executable zephyr\zephyr_pre0.elf
[181/198] Linking C executable zephyr\zephyr_pre1.elf
[187/198] Linking C executable zephyr\zephyr.elf
Memory region Used Size Region Size %age Used
FLASH: 36608 B 491008 B 7.46%
RAM: 9808 B 512 KB 1.87%
IDT_LIST: 0 GB 2 KB 0.00%
[193/198] Generating ../../zephyr/app_update.bin
sign the payload
[194/198] Generating ../../zephyr/app_signed.hex
sign the payload
[196/198] Generating ../../zephyr/app_test_update.hex
sign the payload
[198/198] Generating zephyr/merged.hex
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>west flash --recover
-- west flash: rebuilding
[0/4] Performing build step for 'mcuboot_subimage'
ninja: no work to do.
-- west flash: using runner nrfjprog
Using board 801036305
-- runners.nrfjprog: Recovering and erasing flash memory for both the network and application cores.
Recovering device. This operation might take 30s.
Erasing user code and UICR flash areas.
Writing image to disable ap protect.
Recovering device. This operation might take 30s.
Erasing user code and UICR flash areas.
Writing image to disable ap protect.
-- runners.nrfjprog: Flashing file: D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world\build\zephyr\merged.hex
[ #################### ] 2.874s | Erase file - Done erasing
[ #################### ] 0.601s | Program file - Done programming
[ #################### ] 0.562s | Verify file - Done verifying
Applying pin reset.
-- runners.nrfjprog: Board with serial number 801036305 flashed successfully.
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>rm -rf build
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>west build -b nrf5340dk_nrf5340_cpuapp
-- west build: generating a build system
Loading Zephyr default modules (Zephyr base).
-- Application: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world
-- Using NCS Toolchain 2.3.0 for building. (D:/ncs/toolchains/v2.3.0/cmake)
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found suitable exact version "3.8.2") found components: Interpreter
-- Cache files will be written to: D:/ncs/v2.3.0/zephyr/.cache
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr)
-- Found west (found suitable version "0.14.0", minimum required is "0.7.1")
-- Board: nrf5340dk_nrf5340_cpuapp
-- Found host-tools: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found Dtc: D:/ncs/toolchains/v2.3.0/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6")
-- Found BOARD.dts: D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp.dts
-- Generated zephyr.dts: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/zephyr.dts
-- Generated devicetree_generated.h: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/dts.cmake
Parsing D:/ncs/v2.3.0/zephyr/Kconfig
Loaded configuration 'D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp_defconfig'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/prj.conf'
Configuration saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/.config'
Kconfig header saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 12.1.0
-- The CXX compiler identification is GNU 12.1.0
-- The ASM compiler identification is GNU
-- Found assembler: D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found version "3.8.2") found components: Interpreter
=== child image mcuboot - begin ===
loading initial cache file D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/child_image_preload.cmake
Loading Zephyr default modules (Zephyr base).
-- Application: D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr
-- Using NCS Toolchain 2.3.0 for building. (D:/ncs/toolchains/v2.3.0/cmake)
-- Found Python3: D:/ncs/toolchains/v2.3.0/opt/bin/python.exe (found suitable exact version "3.8.2") found components: Interpreter
-- Cache files will be written to: D:/ncs/v2.3.0/zephyr/.cache
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr)
-- Found west (found suitable version "0.14.0", minimum required is "0.7.1")
-- Board: nrf5340dk_nrf5340_cpuapp
-- Found host-tools: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.15.2 (D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk)
-- Found Dtc: D:/ncs/toolchains/v2.3.0/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6")
-- Found BOARD.dts: D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp.dts
-- Found devicetree overlay: D:/ncs/v2.3.0/nrf/modules/mcuboot/usb.overlay
-- Found devicetree overlay: D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/dts.overlay
-- Generated zephyr.dts: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/dts.cmake
Parsing D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration 'D:/ncs/v2.3.0/nrf/boards/arm/mdbt53db_nrf5340/nrf5340dk_nrf5340_cpuapp_defconfig'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/prj.conf'
Merged configuration 'D:/ncs/v2.3.0/nrf/subsys/partition_manager/partition_manager_enabled.conf'
Merged configuration 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/.config'
Kconfig header saved to 'D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 12.1.0
-- The CXX compiler identification is GNU 12.1.0
-- The ASM compiler identification is GNU
-- Found assembler: D:/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
MCUBoot bootloader key file: D:/ncs/v2.3.0/bootloader/mcuboot/root-rsa-2048.pem
-- Configuring done
-- Generating done
-- Build files have been written to: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build/mcuboot
=== child image mcuboot - end ===
CMake Warning at D:/ncs/v2.3.0/nrf/modules/mcuboot/CMakeLists.txt:286 (message):
---------------------------------------------------------
--- WARNING: Using default MCUBoot key, it should not ---
--- be used for production. ---
---------------------------------------------------------
-- Configuring done
-- Generating done
-- Build files have been written to: D:/ncs/v2.3.0/bootloader/mcuboot/samples/zephyr/hello-world/build
-- west build: building application
[1/197] Generating include/generated/version.h
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr), build: v3.2.99-ncs2
[6/197] Performing build step for 'mcuboot_subimage'
[1/281] Generating include/generated/version.h
-- Zephyr version: 3.2.99 (D:/ncs/v2.3.0/zephyr), build: v3.2.99-ncs2
[271/281] Linking C executable zephyr\zephyr_pre0.elf
[275/281] Linking C executable zephyr\zephyr_pre1.elf
[281/281] Linking C executable zephyr\zephyr.elf
Memory region Used Size Region Size %age Used
FLASH: 40432 B 48 KB 82.26%
RAM: 22712 B 512 KB 4.33%
IDT_LIST: 0 GB 2 KB 0.00%
[176/197] Linking C executable zephyr\zephyr_pre0.elf
[180/197] Linking C executable zephyr\zephyr_pre1.elf
[186/197] Linking C executable zephyr\zephyr.elf
Memory region Used Size Region Size %age Used
FLASH: 32332 B 491008 B 6.58%
RAM: 7704 B 512 KB 1.47%
IDT_LIST: 0 GB 2 KB 0.00%
[189/197] Generating ../../zephyr/app_update.bin
sign the payload
[190/197] Generating ../../zephyr/app_signed.hex
sign the payload
[192/197] Generating ../../zephyr/app_test_update.hex
sign the payload
[197/197] Generating zephyr/merged.hex
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>west flash --recover
-- west flash: rebuilding
[0/4] Performing build step for 'mcuboot_subimage'
ninja: no work to do.
-- west flash: using runner nrfjprog
Using board 801036305
-- runners.nrfjprog: Recovering and erasing flash memory for both the network and application cores.
Recovering device. This operation might take 30s.
Erasing user code and UICR flash areas.
Writing image to disable ap protect.
Recovering device. This operation might take 30s.
Erasing user code and UICR flash areas.
Writing image to disable ap protect.
-- runners.nrfjprog: Flashing file: D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world\build\zephyr\merged.hex
[ #################### ] 2.917s | Erase file - Done erasing
[ #################### ] 0.580s | Program file - Done programming
[ #################### ] 0.536s | Verify file - Done verifying
Applying pin reset.
-- runners.nrfjprog: Board with serial number 801036305 flashed successfully.
D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world>
Hi,
You usually configure mcuboot by creating "child_image/mcuboot.conf" in your application folder. My colleague describes it well here: How to configure the bootloader.
Alternatively you can assign custom project configurations for the bootloader with
-Dmcuboot_CONF_FILE=<filename>.conf
as described here: Using custom project configurations
Could you try doing this? Remember to undo your previous CMake change, in that case.
Best regards,
Raoul
Thanks for your reply! I have added the following configuration in D:\ncs\v2.3.0\bootloader\mcuboot\samples\zephyr\hello-world\child_image\mcuboot.conf file.
CONFIG_BOOT_ECDSA_TINYCRYPT=y
But west build shows the following warning messages.
warning: The choice symbol BOOT_ECDSA_TINYCRYPT (defined at
D:/ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/Kconfig:98) was selected (set =y), but no symbol ended
up as the choice selection. See
docs.zephyrproject.org/.../kconfig.html and/or look up
BOOT_ECDSA_TINYCRYPT in the menuconfig/guiconfig interface. The Application Development Primer,
Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be
helpful too.