Hi,
I am currently evaluating the nRF54L15 DFU single-slot sample available in NCS 3.2.1:
https://github.com/nrfconnect/sdk-nrf/tree/v3.2.1/samples/dfu/single_slot
I have a question regarding the KMU slot ID used for the bootloader public key.
With west verbose enabled, I see that the following command is used to generate keyfile.json:
west ncs-provision upload \
--keyname BL_PUBKEY \
--key <path>/bootloader/mcuboot/root-ed25519.pem \
--build-dir <path>/samples/dfu/singleMy question is: why is BL_PUBKEY used as the key name?
Based on the documentation here:
https://docs.nordicsemi.com/bundle/ncs-3.2.1/page/nrf/app_dev/device_guides/nrf54l/kmu_provision.html
I would have expected UROT_PUBKEY, since MCUboot is being used.
That said, it seems that BL_PUBKEY is in fact the correct value, because:
-
ncs-provisionmapsBL_PUBKEYto KMU slot ID 242
(https://github.com/nrfconnect/sdk-nrf/blob/v3.2.1/scripts/west_commands/ncs_provision.py#L22) -
The sample’s MCUboot configuration uses:
CONFIG_NCS_BOOT_SIGNATURE_KMU_BASE_SLOT=242
Could you clarify the intended distinction between BL_PUBKEY and UROT_PUBKEY in this context, and why the DFU single-slot MCUboot flow for nRF54L15 uses BL_PUBKEY?
Thanks in advance for the clarification.
Best regards,
Alessandro
