Migrating child/parent image to sysbuild - MCUBoot with different keys for different board

Hi.

We are using NCS v2.6.0 in our application and migrating it to v2.7.0.

In v2.6.0 we have used child/parent image for MCUBoot. We are using the same application firmware for different hardware (custom board) and each board has its own private_key.pem.

Our child/parent structure for v2.6.0 is as below,

application
├── CMakeLists.txt
├── prj.conf
├── boards
    └── arm
        └── board_A
        └── board_B
├── child_image
    └── mcuboot
        ├── prj.conf
        └── boards
            ├── board_A.conf
            ├── board_B.conf
            └── keys
                ├── board_A.pem
                └── board_B.pem
├── src

In above board_A.conf contains the signature key path.

CONFIG_BOOT_SIGNATURE_KEY_FILE="keys/board_A.pem"

When we build the application for the different boards, the correct signature key file is selected for the particular board. (building application for board_A, board_A.pem key file used to sign the image). 

Now we are migrating the child/parent image to sysbuild. We have changed the structure as below, but in this case, when we build the application, the toolchain selects the default key file from Zephyr root directory. (..\v2.7.0\bootloader\mcuboot\root-xx-xyz.pem)

application
├── CMakeLists.txt
├── prj.conf
├── sysbuild.conf
├── boards
    └── arm
        └── board_A
        └── board_B
├── sysbuild
    └── mcuboot
        ├── prj.conf
        └── boards
            ├── board_A.conf
            ├── board_B.conf
            └── keys
                ├── board_A.pem
                └── board_B.pem
├── src

following is the sysbuid.conf file 

SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_RSA=n
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=n

Will you please help us to fix this issue.? How we can select different key files for different boards?

Best regards,

Narendra

Related