FOTA - BLE: Custom Keys issue on compilation

Hello,

I've recently upgraded my pre-production application on nrf52832 from NCS v2.6.2 to Ncs v3.0.1 also upgraded to HWv2(on interim ncs 2.9.0 as adding custom board for me didn't work on NCS v3.0.1 - Will explain this issue on This thread : Here

Setup:
custom HArdware Nrf52832 Raytac Module.
Ncs v3.0.1SDK with 3.0.1 Toolchain

Note ncs v3.0.1: I've just tried the default LBS example on nrf52dk with FOTA & it works well.

I want to add my custom-generated key for FOTA security. followed "Dev academy tutorial" as well as this page: https://docs.nordicsemi.com/bundle/ncs-3.0.0/page/nrf/app_dev/bootloaders_dfu/mcuboot_nsib/bootloader_adding_sysbuild.html

I followed this link, OPENSS,L to generate the custom key as mentioned : https://docs.nordicsemi.com/bundle/ncs-2.9.0/page/nrf/app_dev/bootloaders_dfu/mcuboot_nsib/bootloader_signature_keys.html
But I'm getting this issue on the terminal while compiling, and my custom keys seem to be getting rejected.

My objective:

1) Would like to use an Upgradable Bootloader, but when I enabled the sysbuild configs, I'm just getting errors (refer screen shoot - hence I've only attached the fully compiling configuration & it's logs here in this thread)

2) I would like to implement the custom private key solution.

My Issues:
1) secure_boot = n (warning on terminal) -( MCUBoot bootloader key file: C:/ncs/v3.0.1/bootloader/mcuboot/root-rsa-2048.pem
CMake Warning at CMakeLists.txt:393 (message):
WARNING: Using default MCUboot signing key file, this file is for debug use
only and is not secure!)

2) warning: Deprecated symbol DEPRECATED_UART_NRFX_UARTE_LEGACY_SHIM is enabled. (How to solve this?)

3) warning: Deprecated symbol BT_CTLR is enabled (how to solve this?)

4) When I run west update (technically I'm not using the wested workspace though) on ncsv3.0.1, I'm getting issues on old SDK v2.6.2, not found error on the terminal. (see screenshot attached.)

Need Assistance here. Thanks in advance for your help.

Top Replies

Gokulnath 15 days ago in reply to Sigurd Hellesvik +1 verified

Hello, No success .. Sigurd Hellesvik said: Try to escape all the "\"s: Done this. But a new development: I've did it like this.... But I still see in logs that the default key is getting used. Another…

0 Gokulnath 16 days ago in reply to Sigurd Hellesvik

Hello

Sigurd Hellesvik said:
In this case, can you try to set the MCUboot key instead: SB_CONFIG_BOOT_SIGNATURE_KEY_FILE.

yes this fails as well. tried it on both my personal project & the 52DK LBS project as well.

logs:

Fullscreen 2043.logs lbs sample 52DK custom key.txt Download

 *  Executing task: nRF Connect: Build [pristine]: BLE/build (active) 

Building BLE
C:\WINDOWS\system32\cmd.exe /d /s /c "west build --build-dir c:/Nordic/Software/BLE/build c:/Nordic/Software/BLE --pristine --board p1br2/nrf52832 --sysbuild -- -DCONF_FILE=prj.conf -DCONFIG_SIZE_OPTIMIZATIONS=y -DBOARD_ROOT=c:/nordic/software/ble"

-- west build: generating a build system
Loading Zephyr module(s) (Zephyr base): sysbuild_default
-- Found Python3: C:/ncs/toolchains/0b393f9e1b/opt/bin/python.exe (found suitable version "3.12.4", minimum required is "3.10") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v3.0.1/zephyr/.cache
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: p1br2, qualifiers: nrf52832
Parsing c:/Nordic/Software/BLE/Kconfig.sysbuild
Loaded configuration 'C:/Nordic/Software/BLE/build/_sysbuild/empty.conf'
Merged configuration 'c:/Nordic/Software/BLE/sysbuild.conf'
Configuration saved to 'C:/Nordic/Software/BLE/build/zephyr/.config'
Kconfig header saved to 'C:/Nordic/Software/BLE/build/_sysbuild/autoconf.h'
-- 
   *****************************
   * Running CMake for mcuboot *
   *****************************

Loading Zephyr default modules (Zephyr base).
-- Application: C:/ncs/v3.0.1/bootloader/mcuboot/boot/zephyr
-- CMake version: 3.21.0
-- Found Python3: C:/ncs/toolchains/0b393f9e1b/opt/bin/python.exe (found suitable version "3.12.4", minimum required is "3.10") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v3.0.1/zephyr/.cache
-- Zephyr version: 4.0.99 (C:/ncs/v3.0.1/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: p1br2, qualifiers: nrf52832
-- Found host-tools: zephyr 0.17.0 (C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.17.0 (C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/0b393f9e1b/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/Nordic/Software/BLE/boards/p1br2/p1br2.dts
-- Found devicetree overlay: C:/ncs/v3.0.1/bootloader/mcuboot/boot/zephyr/app.overlay
-- Generated zephyr.dts: C:/Nordic/Software/BLE/build/mcuboot/zephyr/zephyr.dts
-- Generated pickled edt: C:/Nordic/Software/BLE/build/mcuboot/zephyr/edt.pickle
-- Generated zephyr.dts: C:/Nordic/Software/BLE/build/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/Nordic/Software/BLE/build/mcuboot/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: C:/Nordic/Software/BLE/build/mcuboot/zephyr/dts.cmake

warning: Deprecated symbol DEPRECATED_UART_NRFX_UARTE_LEGACY_SHIM is enabled.

Parsing C:/ncs/v3.0.1/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration 'C:/Nordic/Software/BLE/boards/p1br2/p1br2_defconfig'
Merged configuration 'C:/ncs/v3.0.1/bootloader/mcuboot/boot/zephyr/prj.conf'
Merged configuration 'C:/Nordic/Software/BLE/sysbuild/mcuboot.conf'
Merged configuration 'C:/Nordic/Software/BLE/build/mcuboot/zephyr/.config.sysbuild'
Configuration saved to 'C:/Nordic/Software/BLE/build/mcuboot/zephyr/.config'
Kconfig header saved to 'C:/Nordic/Software/BLE/build/mcuboot/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
MCUBoot bootloader key file: C:NordicSoftwareBLEFOTA-KeysPrivateECDSA256.pem
-- Configuring done
-- Generating done
-- Build files have been written to: C:/Nordic/Software/BLE/build/mcuboot
-- 
   *************************
   * Running CMake for BLE *
   *************************

Loading Zephyr default modules (Zephyr base).
-- Application: C:/Nordic/Software/BLE
-- CMake version: 3.21.0
-- Found Python3: C:/ncs/toolchains/0b393f9e1b/opt/bin/python.exe (found suitable version "3.12.4", minimum required is "3.10") found components: Interpreter 
-- Cache files will be written to: C:/ncs/v3.0.1/zephyr/.cache
-- Zephyr version: 4.0.99 (C:/ncs/v3.0.1/zephyr)
-- Found west (found suitable version "1.2.0", minimum required is "0.14.0")
-- Board: p1br2, qualifiers: nrf52832
-- Found host-tools: zephyr 0.17.0 (C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk)
-- Found toolchain: zephyr 0.17.0 (C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk)
-- Found Dtc: C:/ncs/toolchains/0b393f9e1b/opt/bin/dtc.exe (found suitable version "1.4.7", minimum required is "1.4.6") 
-- Found BOARD.dts: C:/Nordic/Software/BLE/boards/p1br2/p1br2.dts
-- Generated zephyr.dts: C:/Nordic/Software/BLE/build/BLE/zephyr/zephyr.dts
-- Generated pickled edt: C:/Nordic/Software/BLE/build/BLE/zephyr/edt.pickle
-- Generated zephyr.dts: C:/Nordic/Software/BLE/build/BLE/zephyr/zephyr.dts
-- Generated devicetree_generated.h: C:/Nordic/Software/BLE/build/BLE/zephyr/include/generated/zephyr/devicetree_generated.h
-- Including generated dts.cmake file: C:/Nordic/Software/BLE/build/BLE/zephyr/dts.cmake

warning: Deprecated symbol DEPRECATED_UART_NRFX_UARTE_LEGACY_SHIM is enabled.

Parsing C:/Nordic/Software/BLE/Kconfig
Loaded configuration 'C:/Nordic/Software/BLE/boards/p1br2/p1br2_defconfig'
Merged configuration 'C:/Nordic/Software/BLE/prj.conf'
Merged configuration 'C:/Nordic/Software/BLE/build/BLE/zephyr/misc/generated/extra_kconfig_options.conf'
Merged configuration 'C:/Nordic/Software/BLE/build/BLE/zephyr/.config.sysbuild'
Configuration saved to 'C:/Nordic/Software/BLE/build/BLE/zephyr/.config'
Kconfig header saved to 'C:/Nordic/Software/BLE/build/BLE/zephyr/include/generated/zephyr/autoconf.h'
-- Found GnuLd: c:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk/arm-zephyr-eabi/arm-zephyr-eabi/bin/ld.bfd.exe (found version "2.38") 
-- The C compiler identification is GNU 12.2.0
-- The CXX compiler identification is GNU 12.2.0
-- The ASM compiler identification is GNU
-- Found assembler: C:/ncs/toolchains/0b393f9e1b/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-gcc.exe
=========== Generating psa_crypto_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_config ===============
=========== Generating psa_crypto_library_config ===============
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Backup: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Backup: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Backup: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Backup: CONFIG_MBEDTLS_THREADING: False
Backup: CONFIG_MBEDTLS_THREADING_ALT: True
=========== Checkpoint: backup ===============
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_C: True
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER: False
Restore: CONFIG_MBEDTLS_PSA_CRYPTO_SPM: False
Restore: CONFIG_MBEDTLS_USE_PSA_CRYPTO: True
Restore: CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT: False
Restore: CONFIG_MBEDTLS_THREADING: False
Restore: CONFIG_MBEDTLS_THREADING_ALT: True
=========== End psa_crypto_library_config ===============
-- Including signing script: C:/ncs/v3.0.1/nrf/cmake/sysbuild/image_signing.cmake
CMake Error at C:/ncs/v3.0.1/nrf/cmake/sysbuild/image_signing.cmake:45 (message):
  west sign can't find file C:NordicSoftwareBLEFOTA-KeysPrivateECDSA256.pem
  (Note: Relative paths are relative to the west workspace topdir
  "C:/ncs/v3.0.1")
Call Stack (most recent call first):
  C:/ncs/v3.0.1/nrf/cmake/sysbuild/image_signing.cmake:239 (zephyr_mcuboot_tasks)
  C:/ncs/v3.0.1/zephyr/CMakeLists.txt:2040 (include)


-- Configuring incomplete, errors occurred!
See also "C:/Nordic/Software/BLE/build/BLE/CMakeFiles/CMakeOutput.log".
See also "C:/Nordic/Software/BLE/build/BLE/CMakeFiles/CMakeError.log".
CMake Error at cmake/modules/sysbuild_extensions.cmake:514 (message):
  CMake configure failed for Zephyr project: BLE

  Location: C:/Nordic/Software/BLE
Call Stack (most recent call first):
  cmake/modules/sysbuild_images.cmake:43 (ExternalZephyrProject_Cmake)
  cmake/modules/sysbuild_default.cmake:21 (include)
  C:/ncs/v3.0.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:75 (include)
  C:/ncs/v3.0.1/zephyr/share/zephyr-package/cmake/ZephyrConfig.cmake:92 (include_boilerplate)
  C:/ncs/v3.0.1/zephyr/share/sysbuild-package/cmake/SysbuildConfig.cmake:8 (include)
  template/CMakeLists.txt:10 (find_package)


-- Configuring incomplete, errors occurred!
See also "C:/Nordic/Software/BLE/build/CMakeFiles/CMakeOutput.log".
FATAL ERROR: command exited with status 1: 'C:\ncs\toolchains\0b393f9e1b\opt\bin\cmake.EXE' -DWEST_PYTHON=C:/ncs/toolchains/0b393f9e1b/opt/bin/python.exe '-Bc:\Nordic\Software\BLE\build' -GNinja -DBOARD=p1br2/nrf52832 -DCONF_FILE=prj.conf -DCONFIG_SIZE_OPTIMIZATIONS=y -DBOARD_ROOT=c:/nordic/software/ble '-SC:\ncs\v3.0.1\zephyr\share\sysbuild' '-DAPP_DIR:PATH=c:\Nordic\Software\BLE'

 *  The terminal process terminated with exit code: 1. 
 *  Terminal will be reused by tasks, press any key to close it.

0 Sigurd Hellesvik 15 days ago in reply to Gokulnath

Try to escape all the "\"s:

"C:\\Nordic\\Software\\BLE\\FOTA-Keys\\FOTA-Private-Key-ECDSA-P256.pem"
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Gokulnath 15 days ago in reply to Sigurd Hellesvik

Hello,

No success ..

Sigurd Hellesvik said:
Try to escape all the "\"s:

Done this.

But a new development:

I've did it like this....

But I still see in logs that the default key is getting used.

Another Development 2:

I did it like this ...

Tested this & it works correctly.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel