Hi,
I would like to add the private keys correctly to the bootloader to have a secure application. I've followed the steps described in the Devzone tickets (1,2,3, ...) and online documentation(1, 2, 3, ...), but I don't know if I'm done or still need to do something, because the misleading warnings I get when compiling are quite frustrating. Here are my steps in a nutshell:
- Create a private key as follows: "python3.exe C:\ncs\v2.4.2\bootloader\mcuboot\scripts\imgtool.py keygen -t ecdsa-p256 -k C:\keys\priv_ecdsa.pem"
- Create a new application from the nrf_cloud_rest_fota example.
- Two flags have been added to the child_image/mcuboot.conf file:
CONFIG_SPI=n CONFIG_SPI_NOR=n CONFIG_SB_SIGNING_KEY_FILE="C:\\keys\\priv_ecdsa.pem" CONFIG_BOOT_SIGNATURE_KEY_FILE="C:\\keys\\priv_ecdsa.pem"
- Create a build configuration like this:
- Here is also the prj.conf:
# Sample CONFIG_REST_FOTA_DO_JITP=n CONFIG_NRF_CLOUD_REST_FOTA_SAMPLE_LOG_LEVEL_INF=y # nRF Cloud REST CONFIG_NRF_CLOUD_REST=y CONFIG_NRF_CLOUD_CLIENT_ID_SRC_IMEI=y CONFIG_MODEM_JWT=y CONFIG_NETWORKING=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_NATIVE=n # FOTA download CONFIG_FOTA_DOWNLOAD=y CONFIG_FOTA_DOWNLOAD_PROGRESS_EVT=y CONFIG_DFU_TARGET=y CONFIG_DOWNLOAD_CLIENT=y # MCUBOOT CONFIG_BOOTLOADER_MCUBOOT=y CONFIG_IMG_MANAGER=y CONFIG_STREAM_FLASH=y CONFIG_MCUBOOT_IMG_MANAGER=y CONFIG_IMG_ERASE_PROGRESSIVELY=y CONFIG_SECURE_BOOT=y CONFIG_BUILD_S1_VARIANT=y CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=n # Settings CONFIG_FLASH=y CONFIG_FLASH_PAGE_LAYOUT=y CONFIG_FLASH_MAP=y CONFIG_FCB=y CONFIG_SETTINGS=y CONFIG_SETTINGS_FCB=y CONFIG_MPU_ALLOW_FLASH_WRITE=y # Button/LED support CONFIG_DK_LIBRARY=y # Modem/LTE Link CONFIG_NRF_MODEM_LIB=y CONFIG_LTE_LINK_CONTROL=y CONFIG_LTE_NETWORK_MODE_LTE_M=y # AT Host library - Used to send AT commands directy from an UART terminal and to allow # integration with nRF Connect for Desktop LTE Link monitor application. CONFIG_AT_HOST_LIBRARY=y # Modem info CONFIG_MODEM_INFO=y CONFIG_MODEM_INFO_ADD_DEVICE=y CONFIG_MODEM_INFO_ADD_NETWORK=y CONFIG_MODEM_INFO_ADD_SIM=y CONFIG_MODEM_INFO_ADD_SIM_ICCID=y CONFIG_MODEM_INFO_ADD_SIM_IMSI=y # System CONFIG_HEAP_MEM_POOL_SIZE=8192 CONFIG_MAIN_STACK_SIZE=8192 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=8192 CONFIG_ASSERT=y CONFIG_REBOOT=y CONFIG_FPU=y CONFIG_NEWLIB_LIBC=y CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y CONFIG_NEWLIB_LIBC_FLOAT_SCANF=y # Logging CONFIG_LOG=y CONFIG_LOG_MODE_IMMEDIATE=y CONFIG_UART_INTERRUPT_DRIVEN=y
When I compiled the project, I received these warnings:
How can I verify that the bootloader has successfully incorporated the private key into the bootloader image?
What steps can I take to eliminate these warnings?
Why does the bootloader always create 3 images (child-image b0, child-image mcuboot, child-image s1-image)?
Thanks for the help!
