How can the bin file be encrypted and signed?

Hi,

This configuration is not present in NCS v2.6.1, meaning that encrypted DFU is not supported.

But this unofficial sample which should work for 2.5.x and 2.6.x should give you a pointer for how to add it. Note that it does not support the nRF5340 https://github.com/hellesvik-nordic/samples_for_nrf_connect_sdk/tree/main/bootloader_samples/keys_and_signatures/mcuboot_smp_encryption 

But it is present in 2.9.0-rc1 as far as I can see.

Is app_update.bin a generated encrypted file?

In the latest version of https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/app_dev/config_and_build/output_build_files.html#common_output_build_files it describes that zephyr.signed.encrypted.bin is used to  create dfu_application.zip for encrypted multi-core DFU updates.

Since 2.9.0-rc1 is just a release candidate, I'm not too familiar with this feature, but I will have a look.

Kind regards,
Andreas

Hi,

After I configured CONFIG_BOOT_ENCRYPT_IMAGE=y, mcuboot did not have enough memory space.

I modified the "pm_static_dfu.yml" file. There seems to be a problem with my program.

How to solve the problems?

pm_static_dfu.7z

Hi,

AHaug said:

This configuration is not present in NCS v2.6.1, meaning that encrypted DFU is not supported.

First of, which version of nRF Connect SDK are you using? As mentioned, this feature is not present in v2.6.1?

Kind regards,
Andreas

Hi,

I want to try this method：github.com/.../mcuboot_smp_encryption .

Although this version does not support "CONFIG_BOOT_ENCRYPT_IMAGE", I still want to know why I can't change the memory configuration

Hi,

SunHuang said:

I still want to know why I can't change the memory configuration

How did you modify the pm_static? There is probably some misaligned partitions in the map.

Kind regards,
Andreas

Hi,

Please refer to the attachment of the previous reply

You've just changed the mcuboot app partition size without changing anything else. This means that in the middle of your memory area there are now a gap with nothing between the app and the factory data. This is how the sizes are set up as default

In your static partitioning there is a gap of 0x4200 between the app and factory data. 

Kind regards,
Andreas

You've just changed the mcuboot app partition size without changing anything else. This means that in the middle of your memory area there are now a gap with nothing between the app and the factory data. This is how the sizes are set up as default

In your static partitioning there is a gap of 0x4200 between the app and factory data. 

Kind regards,
Andreas

Hi,

It seems that my configuration is also 0xF7000. What do you mean by  the gap of 0x4200?

If version 2.6.1 does not support "CONFIG_BOOT_ENCRYPT_IMAGE", is bin file encrypted by default?

My bad, you are right since you had also modified the start.

Could you upload the build errors you're getting when trying to build with this configuration.

Kind regards,
Andreas

Hi,

The current problem is the previous reply.

That is not the log I'm referring to, but I'm sure the issue is where you're pointing. Could you please enable logging and 

1) Upload the build log

2) Upload the device logs from both bootloader and application

Kind regards,
Andreas

Hi,

The attachment is BUILD LOG, the device will not send any messagebuild log.7z

Can you confirm it for me first?

SunHuang said:

If version 2.6.1 does not support "CONFIG_BOOT_ENCRYPT_IMAGE", is bin file encrypted by default?