Hi
I'm wondering if anyone have had any success or problems with generating and using secure DFU keys under Linux?
I'm using the latest nrfutil from: github.com/.../pc-nrfutil
SHA1: e5303b994611b1122116ebd07c2185d5a0645d1d
And I'm running Debian (unstable)
[EDIT] I initially forgot to mention the SDK and SD versions and some other things
I'm using s132_nrf52_3.0.0_softdevice.hex from nRF5_SDK_12.1.0_0d23e2a
And the code is running on a custom board containing a nRF52832-QFAA (B0)
[End EDIT]
I generate the private key using:
nrfutil keys generate test.pem
I generate the pubilc key using:
nrfutil keys display --key pk --format code test.pem --out_file src/bootloader/keys/test_key.c
I build the zip archive using:
nrfutil pkg generate --application /tmp/app.hex --key-file test.pem --sd-req 0x8C --hw-version 52 --application-version 0 /tmp/g3_test.zip
I can verify / dump the content of the public key inside dfu_req_handling.c by calling:
NRF_LOG_HEXDUMP_INFO(crypto_key_pk.p_le_data, crypto_key_pk.len);
Proving that the key has successfully been used and linked into the .hex file
However the DFU upload using nRF Connect on my Android phone fails on the line:
err_code = nrf_crypto_verify(NRF_CRYPTO_CURVE_SECP256R1, &crypto_key_pk, &hash_data, &crypto_sig);
The error code returned is:
NRF_ERROR_INVALID_DATA If the signature did not match the provided hash or digest.
If I bypass the signature check by not returning NRF_DFU_RES_CODE_INVALID_OBJECT the DFU update completes without any further errors or problems.
Any feedback will be appreciated.