We have successfully created an app with MCUBoot and can easily install updates with the "default MCUBoot key".
However, we have a problem when changing the signature key.
(all CONFIG settings are in an overlay config, which is added as a Kconfig fragment to the build configuration)
When using CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="bitsz_ble_basic.pem" it appears:
MCUBoot bootloader key file: D:/Nordic/v2.4.2/bootloader/mcuboot/root-rsa-2048.pem
=== child image mcuboot - end ===
WARNING: Using default MCUBoot key, it should not be used for production.
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is set to "bitsz_ble_basic.pem".
You are using the NCS Mcuboot signing, which means this option will be ignored.
Image signing in NCS is done via the MCUboot image's CONFIG_BOOT_SIGNATURE_KEY_FILE option.
Consider setting CONFIG_MCUBOOT_SIGNATURE_KEY_FILE in your application image back to its default value, the empty string.
We then tried to use the following setting:
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE=""
CONFIG_BOOT_SIGNATURE_KEY_FILE="bitsz_ble_basic.pem"
The result is:
warning: BOOT_SIGNATURE_KEY_FILE (defined at D:/Nordic/v2.4.2/nrf/modules/mcuboot/Kconfig:3) was assigned the value 'bitsz_ble_basic.pem' but got the value ''. Check these unsatisfied dependencies: (!MCUBOOT_BUILD_STRATEGY_FROM_SOURCE) (=n). See docs.zephyrproject.org/.../kconfig.html and/or look up BOOT_SIGNATURE_KEY_FILE in the menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful too.
=== child image mcuboot - begin ===
MCUBoot bootloader key file: D:/Nordic/v2.4.2/bootloader/mcuboot/root-rsa-2048.pem
=== child image mcuboot - end ===
WARNING: Using default MCUBoot key, it should not be used for production.
Unfortunately the given link does not work.
We changed the setting:
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE=""
CONFIG_BOOT_SIGNATURE_KEY_FILE="bitsz_ble_basic.pem"
CONFIG_MCUBOOT_BUILD_STRATEGY_FROM_SOURCE=n
and got the result:
warning: BOOT_SIGNATURE_KEY_FILE (defined at D:/Nordic/v2.4.2/nrf/modules/mcuboot/Kconfig:3) was assigned the value 'bitsz_ble_basic.pem' but got the value ''. Check these unsatisfied dependencies: (!MCUBOOT_BUILD_STRATEGY_FROM_SOURCE) (=n). See docs.zephyrproject.org/.../kconfig.html and/or look up BOOT_SIGNATURE_KEY_FILE in the menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful too.
=== child image mcuboot - begin ===
MCUBoot bootloader key file: D:/Nordic/v2.4.2/bootloader/mcuboot/root-rsa-2048.pem
=== child image mcuboot - end ===
WARNING: Using default MCUBoot key, it should not be used for production.
Environment:
- Windows 10 (Windows_NT x64 10.0.19045)
- Visual Studio Code 1.82.0 (system setup)
- Extension nRF Connect for VS Code v2023.9.169
- nRF Connect SDK 2.4.2 (Zephyr 3.3.99)
All the instructions found so far did not solve the problem and most of them no longer apply to MCUBoot because many CONFIG identifiers were changed in Zephyr 3.3.0.
Now the question is, how to change the signing key?
Is there a working guide for "Visual Studio Code" (with nRF Connect for VS Code) and the current SDK 2.4.2?
