MCUBoot software based security count download protection not working

Hello,

Which application you are working on? 

''But it is found that it is not exposed by nRF SDK.'' Could you please elaborate this?

I am taking about MCUBoot image generation by nRF SDK (e.g. : nrf/cmake/sysbuild/image_signing.cmake). 

MCUboot supports software based security counter for downgrade protection. But nRF SDK doesn't allow this, as it sets security counter only if CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION.

We don't want to use hardware based downgrade protection, as it needs more OTP/UICR region.

I have posted the screenshot of image_signing*.cmake file above. I am asking whether this is done on purpose ? or just missed to handle ?

Hello,

I have feedback from team.

you can sign your images manually using imgtool. we recommend building with "west -v build ..." and then see exactly which command is used to sign your image. Then you can use this as inspiration to sign the image manually. 

Thanks for the update.

I am able to make it work with below config, instead of manually signing.

CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS="--security-counter 1"