• State Verified Answer
  • Replies 7 replies
  • Subscribers 74 subscribers
  • Views 1572 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 317575
Options

How to properly add the private key to the bootloader (without warnings)

J0sh1101

Hi,

I would like to add the private keys correctly to the bootloader to have a secure application. I've followed the steps described in the Devzone tickets (1,2,3, ...) and online documentation(1, 2, 3, ...), but I don't know if I'm done or still need to do something, because the misleading warnings I get when compiling are quite frustrating. Here are my steps in a nutshell:

  1. Create a private key as follows: "python3.exe C:\ncs\v2.4.2\bootloader\mcuboot\scripts\imgtool.py keygen -t ecdsa-p256 -k C:\keys\priv_ecdsa.pem"
  2. Create a new application from the nrf_cloud_rest_fota example.
  3. Two flags have been added to the child_image/mcuboot.conf file:
    1. CONFIG_SPI=n
CONFIG_SPI_NOR=n

CONFIG_SB_SIGNING_KEY_FILE="C:\\keys\\priv_ecdsa.pem"
CONFIG_BOOT_SIGNATURE_KEY_FILE="C:\\keys\\priv_ecdsa.pem"
  4. Create a build configuration like this:
  5. Here is also the prj.conf: 
    1. # Sample
CONFIG_REST_FOTA_DO_JITP=n
CONFIG_NRF_CLOUD_REST_FOTA_SAMPLE_LOG_LEVEL_INF=y

# nRF Cloud REST
CONFIG_NRF_CLOUD_REST=y
CONFIG_NRF_CLOUD_CLIENT_ID_SRC_IMEI=y
CONFIG_MODEM_JWT=y
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_NATIVE=n

# FOTA download
CONFIG_FOTA_DOWNLOAD=y
CONFIG_FOTA_DOWNLOAD_PROGRESS_EVT=y
CONFIG_DFU_TARGET=y
CONFIG_DOWNLOAD_CLIENT=y

# MCUBOOT
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_IMG_MANAGER=y
CONFIG_STREAM_FLASH=y
CONFIG_MCUBOOT_IMG_MANAGER=y
CONFIG_IMG_ERASE_PROGRESSIVELY=y
CONFIG_SECURE_BOOT=y
CONFIG_BUILD_S1_VARIANT=y
CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=n

# Settings
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_FLASH_MAP=y
CONFIG_FCB=y
CONFIG_SETTINGS=y
CONFIG_SETTINGS_FCB=y
CONFIG_MPU_ALLOW_FLASH_WRITE=y

# Button/LED support
CONFIG_DK_LIBRARY=y

# Modem/LTE Link
CONFIG_NRF_MODEM_LIB=y
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_NETWORK_MODE_LTE_M=y

# AT Host library - Used to send AT commands directy from an UART terminal and to allow
#		    integration with nRF Connect for Desktop LTE Link monitor application.
CONFIG_AT_HOST_LIBRARY=y

# Modem info
CONFIG_MODEM_INFO=y
CONFIG_MODEM_INFO_ADD_DEVICE=y
CONFIG_MODEM_INFO_ADD_NETWORK=y
CONFIG_MODEM_INFO_ADD_SIM=y
CONFIG_MODEM_INFO_ADD_SIM_ICCID=y
CONFIG_MODEM_INFO_ADD_SIM_IMSI=y

# System
CONFIG_HEAP_MEM_POOL_SIZE=8192
CONFIG_MAIN_STACK_SIZE=8192
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=8192
CONFIG_ASSERT=y
CONFIG_REBOOT=y
CONFIG_FPU=y
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_FLOAT_PRINTF=y
CONFIG_NEWLIB_LIBC_FLOAT_SCANF=y

# Logging
CONFIG_LOG=y
CONFIG_LOG_MODE_IMMEDIATE=y
CONFIG_UART_INTERRUPT_DRIVEN=y

When I compiled the project, I received these warnings:

How can I verify that the bootloader has successfully incorporated the private key into the bootloader image?

What steps can I take to eliminate these warnings?

Why does the bootloader always create 3 images (child-image b0, child-image mcuboot, child-image s1-image)?

Thanks for the help!

Parents
  • 0

    Hi,

    What steps can I take to eliminate these warnings?

    In the two first warnings it looks like the location has not been parsed correctly by the build system. Are you certain that the path is "C:\\keys\\priv_ecdsa.pem"? Could you cross examine with the samples in https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures (which stores the keys within the project folder)

    The two lasts warnings are not related to the key issue

    How can I verify that the bootloader has successfully incorporated the private key into the bootloader image?

    I will have to check this item and come back to you

    Why does the bootloader always create 3 images (child-image b0, child-image mcuboot, child-image s1-image)?

    You've configured the device to build all three images in your prj.conf. You can check the configurations here https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/kconfig/index.html 

    The parent page https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.3.0/nrf/app_dev/bootloaders_and_dfu/index.html takes you through steps such as enabling secure boot, i.e to enable b0 by adding CONFIG_SECURE_BOOT=y and you have CONFIG_BOOTLOADER_MCUBOOT=y i.e mcuboot enabled.

    Kind regards,
    Andreas

  • 0 in reply to AHaug

    Hi,

    AHaug said:
    In the two first warnings it looks like the location has not been parsed correctly by the build system. Are you certain that the path is "C:\\keys\\priv_ecdsa.pem"? Could you cross examine with the samples in https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures (which stores the keys within the project folder)

    Yes, the file exists. Below is the prof:

    After looking at the example, I proceeded in exactly the same way. I added the keys to the project folder. Below you can see the resulting folder structure:

    Add the flags in the CMakeLists.txt as follows:

    #
# Copyright (c) 2021 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

cmake_minimum_required(VERSION 3.20.0)

find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(nRF_Cloud_REST_FOTA_Sample)
zephyr_compile_definitions(PROJECT_NAME=${PROJECT_NAME})

set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/priv_ecdsa.pem\")
set(mcuboot_CONFIG_SB_SIGNING_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/keys/priv_ecdsa.pem\")

# NORDIC SDK APP START
target_sources(app PRIVATE src/main.c)
# NORDIC SDK APP END

add_subdirectory(src/fota)

    I am still getting the same errors in the compilation process and a bit more:

    I updated the SDK to 2.5.0 and update the modem, maybe this is the reason I got this extra error message. 

    I tried to compile the sample project wich you gave me above (https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures ). I cloned, compiled it and got errors:

    Are there additional examples that compile without warnings and are compatible with the latest SDK?

    Thanks for the help.

  • 0 in reply to J0sh1101

    Hi

    J0sh1101 said:
    I updated the SDK to 2.5.0 and update the modem, maybe this is the reason I got this extra error message. 

    Ah, I didn't catch that you were using a 9160. I will check in with the author of the samples to see if there are anything different in this case.

    Are you using a Thingy:91 or a nRF9160dk?

    I will get back to you early next week

    Kind regards,
    Andreas

  • 0 in reply to AHaug

    Hi, 

    I am using the nrf9160dk. 

    Thanks for the update.

  • 0 in reply to J0sh1101

    Hi,

    J0sh1101 said:
    I tried to compile the sample project wich you gave me above (https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures ). I cloned, compiled it and got errors:

    Regarding the error in the build output it looks like the path is too long. Try to copy the application and move it to somewhere with a shorter path. I know that if you clone the repo and add it to something like C/nordic/ncs/my_projects/the_git_repo/bootloader_samples/keys_and_signatures/the_app_you're_testing, the path will be too long.and you will see such errors.

    Other than this the PM warnings are not something you need to worry about before you're ready to test for DFU so lets resolve the other issue first.

    Kind regards,
    Andreas

  • 0 in reply to AHaug

    Hello,

    sorry for my late reply. I have moved the code closer to the C drive, and it has now compiled correctly. I have two problems now. It doesn't complain about the key, but it gives me a warning that the pm_static.yaml file is not used.

    Building mcuboot_manual_sign
west build --build-dir c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign --pristine --board nrf9160dk_nrf9160 --no-sysbuild -- -DNCS_TOOLCHAIN_VERSION=NONE -DBOARD_ROOT=c:/ncs_workspace/mqtt_publisher;c:/ncs_workspace/mqtt;c:/ncs_workspace/blefund_less4_exer1_solution;c:/ncs_workspace/blefund_less4_exer3_solution;c:/ncs_workspace/nrf_dm;c:/ncs_workspace/asset_tracker_v2;c:/ncs_workspace/blinky_pwm;c:/ncs_workspace/lvgl-oled01;c:/ncs_workspace/dm_minimal;c:/ncs_workspace/nrf_cloud_rest_fota;c:/ncs_workspace/samples/littlefs_test;c:/ncs_workspace/fat_fs;c:/ncs_workspace/spi_flash_nrf9160;c:/ncs_workspace/mcuboot2;c:/ncs_workspace/aws_iot_mqtt;c:/ncs_workspace/mqtt_publisher_1;c:/ncs_workspace/blefund_less4_exer3;c:/ncs_workspace/nrf_cloud_rest_fota_ -DCONFIG_DEBUG_OPTIMIZATIONS=y -DCONFIG_DEBUG_THREAD_INFO=y -DCONF_FILE=c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/prj.conf

-- west build: generating a build system
-- Application: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign
-- CMake version: 3.20.5
Loading Zephyr default modules (Zephyr base).
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found suitable version "3.8.2", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v2.5.0/zephyr/.cache
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr)
-- Found west (found suitable version "1.1.0", minimum required is "0.14.0")
-- Board: nrf9160dk_nrf9160, Revision: 0.14.0
-- Found host-tools: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/c57af46cb7/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160.dts
-- Found devicetree overlay: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_0_14_0.overlay
-- Generated zephyr.dts: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/dts.cmake
Parsing C:/ncs/v2.5.0/zephyr/Kconfig
Loaded configuration 'C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_defconfig'
Merged configuration 'c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/prj.conf'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/.config'
Kconfig header saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/include/generated/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found version "3.8.2") found components: Interpreter 

=== child image mcuboot -  begin ===
loading initial cache file C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/child_image_preload.cmake
Loading Zephyr default modules (Zephyr base).
-- Application: C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr
-- CMake version: 3.20.5
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found suitable version "3.8.2", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v2.5.0/zephyr/.cache
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr)
-- Found west (found suitable version "1.1.0", minimum required is "0.14.0")
-- Board: nrf9160dk_nrf9160, Revision: 0.14.0
-- Found host-tools: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/c57af46cb7/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160.dts
-- Found devicetree overlay: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_0_14_0.overlay
-- Found devicetree overlay: C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr/app.overlay
-- Generated zephyr.dts: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/dts.cmake
Parsing C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration 'C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_defconfig'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/child_image/mcuboot/prj.conf'
Merged configuration 'C:/ncs/v2.5.0/nrf/subsys/partition_manager/partition_manager_enabled.conf'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/.config'
Kconfig header saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/include/generated/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
MCUBoot bootloader key file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/child_image/mcuboot/custom_priv.pem
-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot
=== child image mcuboot -  end ===

CMake Warning at C:/ncs/v2.5.0/nrf/cmake/partition_manager.cmake:79 (message):
  

          ---------------------------------------------------------------------
          --- WARNING: Using a bootloader without pm_static.yml.            ---
          --- There are cases where a deployed product can consist of       ---
          --- multiple images, and only a subset of these images can be     ---
          --- upgraded through a firmware update mechanism. In such cases,  ---
          --- the upgradable images must have partitions that are static    ---
          --- and are matching the partition map used by the bootloader     ---
          --- programmed onto the device.                                   ---
          ---------------------------------------------------------------------
          

Call Stack (most recent call first):
  C:/ncs/v2.5.0/zephyr/cmake/modules/kernel.cmake:247 (include)
  C:/ncs/v2.5.0/zephyr/cmake/modules/zephyr_default.cmake:138 (include)
  C:/ncs/v2.5.0/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  C:/ncs/v2.5.0/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  CMakeLists.txt:5 (find_package)


-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk
-- west build: building application
[4/200] Generating include/generated/version.h
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr), build: v3.4.99-ncs1
[3/255] Generating include/generated/version.h
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr), build: v3.4.99-ncs1
[255/255] Linking C executable zephyr\zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       38278 B        48 KB     77.88%
             RAM:       22564 B       256 KB      8.61%
        IDT_LIST:          0 GB         2 KB      0.00%
[192/200] Linking C executable zephyr\zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       46508 B     474624 B      9.80%
             RAM:       12580 B       256 KB      4.80%
        IDT_LIST:          0 GB         2 KB      0.00%
[195/200] Generating ../../zephyr/app_update.bin
image.py: sign the payload
[196/200] Generating ../../zephyr/app_signed.hex
image.py: sign the payload
[198/200] Generating ../../zephyr/app_test_update.hex
image.py: sign the payload
[200/200] Generating zephyr/merged.hex
 *  Das Terminal wird von Aufgaben wiederverwendet, drücken Sie zum Schließen eine beliebige Taste.

    I have updated it according to this ticket, link. As in the ticket mentioned, this warning is that the partition file is always recreated. However, for the realease version, the memory layout should be fixed. Therefore I moved the partition.yaml from my buid directory to the root directory and renamed it to pm_static.yaml. After this change I get this message:

    - Found partition manager static configuration: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/pm_static.yml
Partition 'mcuboot' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_pad' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary_app' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_secondary' is not included in the dynamic resolving since it is statically defined.
-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk

    How do I include the other partitions?

    I managed to compile the application bootloader_samples\keys_and_signatures\mcuboot_manual_sign with the private keys. However, the example nrf_cloud_rest_fota is a mystery to me. Is there a way to solve this problem?

Reply
  • 0 in reply to AHaug

    Hello,

    sorry for my late reply. I have moved the code closer to the C drive, and it has now compiled correctly. I have two problems now. It doesn't complain about the key, but it gives me a warning that the pm_static.yaml file is not used.

    Building mcuboot_manual_sign
west build --build-dir c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign --pristine --board nrf9160dk_nrf9160 --no-sysbuild -- -DNCS_TOOLCHAIN_VERSION=NONE -DBOARD_ROOT=c:/ncs_workspace/mqtt_publisher;c:/ncs_workspace/mqtt;c:/ncs_workspace/blefund_less4_exer1_solution;c:/ncs_workspace/blefund_less4_exer3_solution;c:/ncs_workspace/nrf_dm;c:/ncs_workspace/asset_tracker_v2;c:/ncs_workspace/blinky_pwm;c:/ncs_workspace/lvgl-oled01;c:/ncs_workspace/dm_minimal;c:/ncs_workspace/nrf_cloud_rest_fota;c:/ncs_workspace/samples/littlefs_test;c:/ncs_workspace/fat_fs;c:/ncs_workspace/spi_flash_nrf9160;c:/ncs_workspace/mcuboot2;c:/ncs_workspace/aws_iot_mqtt;c:/ncs_workspace/mqtt_publisher_1;c:/ncs_workspace/blefund_less4_exer3;c:/ncs_workspace/nrf_cloud_rest_fota_ -DCONFIG_DEBUG_OPTIMIZATIONS=y -DCONFIG_DEBUG_THREAD_INFO=y -DCONF_FILE=c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/prj.conf

-- west build: generating a build system
-- Application: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign
-- CMake version: 3.20.5
Loading Zephyr default modules (Zephyr base).
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found suitable version "3.8.2", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v2.5.0/zephyr/.cache
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr)
-- Found west (found suitable version "1.1.0", minimum required is "0.14.0")
-- Board: nrf9160dk_nrf9160, Revision: 0.14.0
-- Found host-tools: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/c57af46cb7/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160.dts
-- Found devicetree overlay: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_0_14_0.overlay
-- Generated zephyr.dts: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/dts.cmake
Parsing C:/ncs/v2.5.0/zephyr/Kconfig
Loaded configuration 'C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_defconfig'
Merged configuration 'c:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/prj.conf'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/.config'
Kconfig header saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/zephyr/include/generated/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found version "3.8.2") found components: Interpreter 

=== child image mcuboot -  begin ===
loading initial cache file C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/child_image_preload.cmake
Loading Zephyr default modules (Zephyr base).
-- Application: C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr
-- CMake version: 3.20.5
-- Found Python3: C:/ncs/toolchains/c57af46cb7/opt/bin/python.exe (found suitable version "3.8.2", minimum required is "3.8") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v2.5.0/zephyr/.cache
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr)
-- Found west (found suitable version "1.1.0", minimum required is "0.14.0")
-- Board: nrf9160dk_nrf9160, Revision: 0.14.0
-- Found host-tools: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.16.1 (C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/c57af46cb7/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160.dts
-- Found devicetree overlay: C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_0_14_0.overlay
-- Found devicetree overlay: C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr/app.overlay
-- Generated zephyr.dts: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/include/generated/devicetree_generated.h
-- Including generated dts.cmake file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/dts.cmake
Parsing C:/ncs/v2.5.0/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration 'C:/ncs/v2.5.0/zephyr/boards/arm/nrf9160dk_nrf9160/nrf9160dk_nrf9160_defconfig'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/child_image/mcuboot/prj.conf'
Merged configuration 'C:/ncs/v2.5.0/nrf/subsys/partition_manager/partition_manager_enabled.conf'
Merged configuration 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf'
Configuration saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/.config'
Kconfig header saved to 'C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot/zephyr/include/generated/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/c57af46cb7/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
MCUBoot bootloader key file: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/child_image/mcuboot/custom_priv.pem
-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk/mcuboot
=== child image mcuboot -  end ===

CMake Warning at C:/ncs/v2.5.0/nrf/cmake/partition_manager.cmake:79 (message):
  

          ---------------------------------------------------------------------
          --- WARNING: Using a bootloader without pm_static.yml.            ---
          --- There are cases where a deployed product can consist of       ---
          --- multiple images, and only a subset of these images can be     ---
          --- upgraded through a firmware update mechanism. In such cases,  ---
          --- the upgradable images must have partitions that are static    ---
          --- and are matching the partition map used by the bootloader     ---
          --- programmed onto the device.                                   ---
          ---------------------------------------------------------------------
          

Call Stack (most recent call first):
  C:/ncs/v2.5.0/zephyr/cmake/modules/kernel.cmake:247 (include)
  C:/ncs/v2.5.0/zephyr/cmake/modules/zephyr_default.cmake:138 (include)
  C:/ncs/v2.5.0/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:66 (include)
  C:/ncs/v2.5.0/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  CMakeLists.txt:5 (find_package)


-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk
-- west build: building application
[4/200] Generating include/generated/version.h
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr), build: v3.4.99-ncs1
[3/255] Generating include/generated/version.h
-- Zephyr version: 3.4.99 (C:/ncs/v2.5.0/zephyr), build: v3.4.99-ncs1
[255/255] Linking C executable zephyr\zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       38278 B        48 KB     77.88%
             RAM:       22564 B       256 KB      8.61%
        IDT_LIST:          0 GB         2 KB      0.00%
[192/200] Linking C executable zephyr\zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       46508 B     474624 B      9.80%
             RAM:       12580 B       256 KB      4.80%
        IDT_LIST:          0 GB         2 KB      0.00%
[195/200] Generating ../../zephyr/app_update.bin
image.py: sign the payload
[196/200] Generating ../../zephyr/app_signed.hex
image.py: sign the payload
[198/200] Generating ../../zephyr/app_test_update.hex
image.py: sign the payload
[200/200] Generating zephyr/merged.hex
 *  Das Terminal wird von Aufgaben wiederverwendet, drücken Sie zum Schließen eine beliebige Taste.

    I have updated it according to this ticket, link. As in the ticket mentioned, this warning is that the partition file is always recreated. However, for the realease version, the memory layout should be fixed. Therefore I moved the partition.yaml from my buid directory to the root directory and renamed it to pm_static.yaml. After this change I get this message:

    - Found partition manager static configuration: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/pm_static.yml
Partition 'mcuboot' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_pad' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_primary_app' is not included in the dynamic resolving since it is statically defined.
Partition 'mcuboot_secondary' is not included in the dynamic resolving since it is statically defined.
-- Configuring done
-- Generating done
-- Build files have been written to: C:/samples_for_nrf_connect_sdk/bootloader_samples/keys_and_signatures/mcuboot_manual_sign/build_nrf9160_dk

    How do I include the other partitions?

    I managed to compile the application bootloader_samples\keys_and_signatures\mcuboot_manual_sign with the private keys. However, the example nrf_cloud_rest_fota is a mystery to me. Is there a way to solve this problem?

Children
Related
Terms of service