• State Not Answered
  • Replies 2 replies
  • Subscribers 63 subscribers
  • Views 140 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 325487
Options

Problem with FW encryption

mackz

Hi i am trying to get fw encryption to work for my dfu with mcuboot for nRF9160DK.

I have created a child_image folder with a mcuboot.conf where i have put:

CONFIG_BOOT_ECDSA_TINYCRYPT=y
CONFIG_BOOT_ENCRYPT_EC256=y
CONFIG_BOOT_SIGNATURE_KEY_FILE="/keys/priv.pem"
CONFIG_BOOT_ENCRYPTION_KEY_FILE="/custom_key_dir/ecdsa_private_key.pem"


# Logging
CONFIG_LOG=y
CONFIG_MCUBOOT_LOG_LEVEL_DBG=y

and then i have generated keys with:

openssl ecparam -name prime256v1 -genkey -noout -out ecdsa_private_key.pem

openssl ec -in ecdsa_private_key.pem -pubout -out ecdsa_public_key.pem

xxd -i ecdsa_public_key.pem > ecdsa_puclib_key.c

i put the result from edcsa_public_key.c in

ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/keys.c but when i try to build i get 

 multiple definition of `enc_priv_key_len'; app/libapp.a(keys.c.obj):ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/keys.c:206: first defined here
 /hello_world/build/mcuboot/zephyr/autogen-enckey.c:2: multiple definition of `enc_priv_key'; app/libapp.a(keys.c.obj):ncs/v2.3.0/bootloader/mcuboot/boot/zephyr/keys.c:189: first defined here
What do i need to change to get autogen-enckey.c to not generate enc keys?

Parents
  • 0

    I think i had some misstakes here with the key generation and the keys.c file, i removed what i added to keys.c, generated new keys with:

    openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem
openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem

    And changed my mcuboot.conf to

    CONFIG_BOOT_ENCRYPTION_KEY_FILE="/custom_key_dir/ec_private_key.pem"

    And now i can build and flash the program. But when i try to update the firmware via nrf cloud i get

    *** Booting Zephyr OS build v3.2.99-ncs2 ***I: 
Starting bootloaderI: 
Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3I: 
Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3I: 
Boot source: noneI: 
Swap type: testE: 
Image in the secondary slot is not valid!I: 
Bootloader chainload address offset: 0x18000I: 
Jumping to the first image slot
*** Booting Zephyr OS build v3.2.99-ncs2 ***

    I encrypt app_to_sign.bin with:

    ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py --header-size 0x200 --align 4 --version 5.6.9+8 --pad-header --slot-size 0x74000 --encrypt /custom_key_dir/ec_public_key.pem /hello_world/build/zephyr/app_to_sign.bin /hello_world/build/zephyr/app_update_encrypted.bin

Reply
  • 0

    I think i had some misstakes here with the key generation and the keys.c file, i removed what i added to keys.c, generated new keys with:

    openssl ecparam -name prime256v1 -genkey -noout -out ec_private_key.pem
openssl ec -in ec_private_key.pem -pubout -out ec_public_key.pem

    And changed my mcuboot.conf to

    CONFIG_BOOT_ENCRYPTION_KEY_FILE="/custom_key_dir/ec_private_key.pem"

    And now i can build and flash the program. But when i try to update the firmware via nrf cloud i get

    *** Booting Zephyr OS build v3.2.99-ncs2 ***I: 
Starting bootloaderI: 
Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3I: 
Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3I: 
Boot source: noneI: 
Swap type: testE: 
Image in the secondary slot is not valid!I: 
Bootloader chainload address offset: 0x18000I: 
Jumping to the first image slot
*** Booting Zephyr OS build v3.2.99-ncs2 ***

    I encrypt app_to_sign.bin with:

    ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py --header-size 0x200 --align 4 --version 5.6.9+8 --pad-header --slot-size 0x74000 --encrypt /custom_key_dir/ec_public_key.pem /hello_world/build/zephyr/app_to_sign.bin /hello_world/build/zephyr/app_update_encrypted.bin

Children
Related