I'm trying to sign the application for nrf9160, starting with different instructions I found, but none of them leads to success.
I followed the intructions:
Generate a private key:
-------------------------
imgtool keygen -k priv_key.pem -t rsa-2048
Extract the public key for verification:
-------------------------
imgtool getpub -k priv_key.pem > pub_key.pem
Modify your prj.conf file to enable signed firmware:
-------------------------
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="priv_key.pem"
CONFIG_MCUBOOT_IMAGE_VERSION="1.0.0"
Enable Bottloader for RSA
-------------------------
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_PKCS1_V15=y
Build the firmware as usual
-----------------------------
west build -p -b nrf9160dk_switch_ns
Sign the generated binary
---------------------------
imgtool sign --key priv_key.pem --header-size 0x200 --align 4 --version 1.0.0 -S 0x70000 --pad-header build/zephyr/app_update.bin signed_update.bin
Now, flash the signed firmware:
---------------------------
west flash --bin-file signed_update.bin
This all worked well, but afterwards I was able to flash also unsiged firmware.
We are using NRF Connect SDK Version v2,3,0 und Zephyr SDK v3.2.99-ncs. In these versions different options described in the instruction do not exist.
Is it possible with these versions to sign the application using MCUBoot mechanisms?
If yes could you please help me to set the correct options and explain me the procedure to bring applcation signing to run.
If not, can you please tell me which version we should use instead and give us a procedure how to bring applcation signing to run with these versions.
Please see attached prj.conf and the generated .config (0777.config.txt10646.prj.confrenamed to config.txt) file.