How can the bin file be encrypted and signed?

Question

Hi, 
 The SDK version I am using is 2.6.1 and the example is "matter lock". 
 I wrote the following configuration into \child_image\mcuboot\prj.conf. 
 CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
CONFIG_BOOT_ENCRYPT_IMAGE=y 
 
 And add the code to CMakeLists.txt. Are these steps correct? 
 Is app_update.bin a generated encrypted file? 
 set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/priv.pem\")
set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/encryption_key.pem\")

AHaug · Accepted Answer

Hi, SunHuang said: After the project has been successfully compiled, I noticed that the bin file in the dfu_application directory has the suffix .signed.encrypted . Does this mean that my bin file has been successfully signed and encrypted? From https://docs.nordicsemi.com/bundle/ncs-2.9.0/page/nrf/app_dev/config_and_build/output_build_files.html "zephyr.signed.encrypted.hex is the HEX file variant of the .signed.encrypted.bin file. Can also be used standalone for a single-image DFU. Contains the signed and encrypted version of the application. Compatible with MCUboot . zephyr is the value of CONFIG_KERNEL_BIN_NAME . The file is located in the build//zephyr directory." SunHuang said: Will the bootloader verify my key after performing the OTA update? I'm a bit concerned because I still see the following message in the compilation log. https://academy.nordicsemi.com/courses/nrf-connect-sdk-intermediate/lessons/lesson-9-bootloaders-and-dfu-fota/ and exercise 2 regarding DFU with custom keys explains application verification and signing using keys. Kind regards, Andreas

How can the bin file be encrypted and signed?

Top Replies