Using SDK 2.4.2
1) Is there a way to specify multiple MCUBoot keys in the same way they can be specified for NSIB? MCU Boot allows an array of keys, but it looks like zephyr hardcodes it to one key, and I would have to modify keys.c to accommodate an array of public keys. Is this correct? Might there be a simpler way to handle this than having to patch the SDK?
2) NSIB also provides a hook for a custom signing script with SB_SIGNING_COMMAND. This means the private key can be stored on a secure server and not in our code repository. MCUBoot doesn't have a similar mechanism, correct? If I want to insert my own signature, what would prevent me from using a signed image and just replacing the signature in the trailer?
3) If I were able to securely sign an image for MCUBoot, how should I go about getting the public key to the MCUBoot application? The public key array is generated at build time, and I don't see a way to specify my own key c-file or public pem to be used to generate said file.
Thanks!