• State Not Answered
  • Replies 0 replies
  • Subscribers 67 subscribers
  • Views 30 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333706
Options

Revoking Keys

Georg

SDK : 2.6.1

uC: nrf5340

Hi,

I want to use the feature "revoking private keys" as described here:

https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/app_dev/bootloaders_dfu/mcuboot_nsib/bootloader_signature_keys.html#revoking_private_keys

First I generate 3 private/public key pairs with openSSL e.g.:

openssl ecparam -name prime256v1 -genkey -noout -out priv_a.pem

openssl ec -in priv_a.pem -pubout -outform PEM -out pub_a.pem

Then I added the following lines to prj.conf

CONFIG_SECURE_BOOT=y

CONFIG_SB_SIGNING_KEY_FILE="D:/Projekte/test/priv_a.pem"

CONFIG_SB_PUBLIC_KEY_FILES="D:/Projekte/test/pub_b.pem,D:/Projekte/test/pub_c.pem"

And finally I added the b0 container to the pm_static.yml:

b0_container:
  address: 0x0
  orig_span: &id001
  - b0
  - provision
  size: 0x9000
  span: *id001
b0:
  address: 0x0
  size: 0x8000
provision:
  address: 0x8000
  size: 0x1000
mcuboot:
  address: 0x9000
  region: flash_primary
  size: 0x10000
mcuboot_pad:
  address: 0x19000
  region: flash_primary
  size: 0x200
mcuboot_primary:
  address: 0x19000
  orig_span: &id002
  - mcuboot_pad
  - app
  region: flash_primary
  size: 0xd7000
  span: *id002
mcuboot_primary_app:
  address: 0x19200
  orig_span: &id003
  - app
  region: flash_primary
  size: 0xd6e00
  span: *id003
app:
  address: 0x19200
  region: flash_primary
  size: 0xd6e00
settings_storage:
  address: 0xf0000
  region: flash_primary
  size: 0x10000
mcuboot_primary_1:
  address: 0x0
  size: 0x40000
  device: flash_ctrl
  region: ram_flash
mcuboot_secondary:
  address: 0x00000
  size: 0xe0000
  device: IS25LP016D
  region: external_flash
mcuboot_secondary_1:
  address: 0xe0000
  size: 0x40000
  device: IS25LP016D
  region: external_flash
external_flash_qs:
  address: 0x120000
  size: 0x1000
  device: IS25LP016D
  region: external_flash
external_flash_log:
  address: 0x121000
  size: 0xdf000
  device: IS25LP016D
  region: external_flash
pcd_sram:
  address: 0x20000000
  size: 0x2000
  region: sram_primary

When running the program the system hangs in the B0 bootloader.

Here you can see the debug output: 

*** Booting nRF Connect SDK v3.5.99-ncs1-1 ***
Attempting to boot slot 0.
Attempting to boot from address 0x19200.
Firwmare has been invalidated: 0x91020000.
Failed to validate, permanently invalidating!
Attempting to boot slot 1.
No fw_info struct found.
No bootable image found. Aborting boot.

What could be the problem ?

Is there any example that works on a nrf5340-DK board ?

Best regards,

Georg

Related