Application signing supported by MCUBoot

I'm trying to sign the application for nrf9160, starting with different instructions I found, but none of them leads to success.

I followed the intructions:

Generate a private key:
-------------------------
imgtool keygen -k priv_key.pem -t rsa-2048

Extract the public key for verification:
-------------------------
imgtool getpub -k priv_key.pem > pub_key.pem

Modify your prj.conf file to enable signed firmware:
-------------------------
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="priv_key.pem"
CONFIG_MCUBOOT_IMAGE_VERSION="1.0.0"

Enable Bottloader for RSA
-------------------------
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_PKCS1_V15=y

Build the firmware as usual
-----------------------------
west build -p -b nrf9160dk_switch_ns

Sign the generated binary
---------------------------
imgtool sign --key priv_key.pem --header-size 0x200 --align 4 --version 1.0.0 -S 0x70000 --pad-header build/zephyr/app_update.bin signed_update.bin

Now, flash the signed firmware:
---------------------------
west flash --bin-file signed_update.bin

This all worked well, but afterwards I was able to flash also unsiged firmware.

We are using NRF Connect SDK Version v2,3,0 und Zephyr SDK v3.2.99-ncs. In these versions different options described in the instruction do not exist.

Is it possible with these versions to sign the application using MCUBoot mechanisms?

If yes could you please help me to set the correct options and explain me the procedure to bring applcation signing to run.

If not, can you please tell me which version we should use instead and give us a procedure how to bring applcation signing to run with these versions.

Please see attached prj.conf and the generated .config (0777.config.txt10646.prj.confrenamed to config.txt) file.

Related