This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is it possible to rotate the signing key for secure DFU?

I already have a few devices in the field, and I'm curious if it is possible to occasionally update the signing key (e.g. to upgrade key, or compromised key, etc). If not possible for already-deployed devices, is there a way to support key rotation for things we haven't developed yet? Does anybody have any suggestions for managing the signing keys?

We are currently using nrfutil pkg generate, with the --key-file flag.

Parents Reply Children
Related