How can the bin file be encrypted and signed?

Hi,

The SDK version I am using is 2.6.1 and the example is "matter lock".

I wrote the following configuration into \child_image\mcuboot\prj.conf.

CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
CONFIG_BOOT_ENCRYPT_IMAGE=y
 

And add the code to CMakeLists.txt. Are these steps correct?

Is app_update.bin a generated encrypted file?

set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/priv.pem\")
set(mcuboot_CONFIG_BOOT_ENCRYPTION_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/encryption_key.pem\")

Parents Reply
  • Hi,

    After the project has been successfully compiled, I noticed that the bin file in the dfu_application directory has the suffix .signed.encrypted. Does this mean that my bin file has been successfully signed and encrypted?

    Will the bootloader verify my key after performing the OTA update? I'm a bit concerned because I still see the following message in the compilation log.

    CMake Warning at C:/ncs/v2.9.0/nrf/cmake/sysbuild/debug_keys.cmake:21 (message):
    
    
          --------------------------------------------------------------
          --- WARNING: Using generated NSIB public/private key-pair. ---
          --- It should not be used for production.                  ---
          --- See SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE             ---
          --------------------------------------------------------------
    
    
    Call Stack (most recent call first):

Children
Related