• State Not Answered
  • Replies 13 replies
  • Subscribers 75 subscribers
  • Views 3837 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 242007
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Immutable bootloader private key in zephyr

Chris Burns

In trying to use a private key file to sign the application image I'm running into an issue with the PEM file. I created a PEM file using the following command:

openssl ecparam -name prime256v1 -genkey -noout -out priv.pem

as documented here: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/samples/bootloader/README.html

Then I modified my application's prj.conf file by adding these lines:

# Bootloader
CONFIG_SECURE_BOOT=y
CONFIG_SB_SIGNING_KEY_FILE="priv.pem"

The build output generates this error:

-- Using application from 'C:/Users/me/Repos/myproject'
Zephyr version: 2.0.99
-- Found PythonInterp: C:/Python37/python.exe (found suitable version "3.7.3", minimum required is "3.4")
-- Selected BOARD nrf9160_pca10090ns
-- Found west: C:/Python37/Scripts/west.exe (found suitable version "0.6.3", minimum required is "0.6.0")
-- Cache files will be written to: C:\Users\me\AppData\Local/.cache/zephyr
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090ns.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
-- Overlaying C:/Users/me/Repos/myproject/nrf9160_pca10090ns.overlay
Devicetree configuration written to C:/Users/me/Repos/myproject/build/zephyr/include/generated/generated_dts_board.conf

warning: TEST_RANDOM_GENERATOR (defined at subsys/random/Kconfig:8) was assigned the value 'y' but
got the value 'n'. You can check symbol information (including dependencies) in the 'menuconfig'
interface (see the Application Development Primer section of the manual), or in the Kconfig
reference at
http://docs.zephyrproject.org/latest/reference/kconfig/CONFIG_TEST_RANDOM_GENERATOR.html (which is
updated regularly from the master branch). See the 'Setting configuration values' section of the
Board Porting Guide as well.
Parsing Kconfig tree in C:/Users/me/Repos/myproject/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090ns_defconfig'
Merged configuration 'C:/Users/me/Repos/myproject/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/zephyr/.config'
-- The C compiler identification is GNU 7.3.1
-- The CXX compiler identification is GNU 7.3.1
-- The ASM compiler identification is GNU
-- Found assembler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe
-- Using application from 'C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm'
Zephyr version: 2.0.99
Changed board to secure nrf9160_pca10090 (NOT NS)
USING OUT OF TREE BOARD
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
-- Overlaying C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm/nrf9160_pca10090.overlay
Devicetree configuration written to C:/Users/me/Repos/myproject/build/spm/zephyr/include/generated/generated_dts_board.conf
Parsing Kconfig tree in C:/Users/me/Repos/ncs/zephyr/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090_defconfig'
Merged configuration 'C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/spm/zephyr/.config'
-- Using application from 'C:/Users/me/Repos/ncs/nrf/samples/bootloader'
Zephyr version: 2.0.99
Changed board to secure nrf9160_pca10090 (NOT NS)
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
Devicetree configuration written to C:/Users/me/Repos/myproject/build/b0/zephyr/include/generated/generated_dts_board.conf
Parsing Kconfig tree in C:/Users/me/Repos/ncs/zephyr/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090_defconfig'
Merged configuration 'C:/Users/me/Repos/ncs/nrf/samples/bootloader/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/b0/zephyr/.config'
CMake Error at C:/Users/me/Repos/ncs/nrf/subsys/bootloader/cmake/debug_keys.cmake:57 (message):
  Config points to non-existing PEM file 'priv.pem'
Call Stack (most recent call first):
  C:/Users/me/Repos/ncs/nrf/subsys/bootloader/image/CMakeLists.txt:67 (include)


-- Configuring incomplete, errors occurred!
See also "C:/Users/me/Repos/myproject/build/CMakeFiles/CMakeOutput.log".
See also "C:/Users/me/Repos/myproject/build/CMakeFiles/CMakeError.log".

The priv.pem file is in the same directory as my prj.conf file. What am I doing wrong that the build tools can't find it?

Parents
  • 0

    Here is the CMakeError.log:

    Compiling the C compiler identification source file "CMakeCCompilerId.c" failed.
Compiler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe 
Build flags: 
Id flags:  

The output was:
1
c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/lib\libc.a(lib_a-exit.o): In function `exit':
exit.c:(.text.exit+0x2c): undefined reference to `_exit'
collect2.exe: error: ld returned 1 exit status


Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" failed.
Compiler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe 
Build flags: 
Id flags:  

The output was:
1
c:/gnuarmemb/bin/../lib/gcc/arm-none-eabi/7.3.1/../../../../arm-none-eabi/lib\libc.a(lib_a-exit.o): In function `exit':
exit.c:(.text.exit+0x2c): undefined reference to `_exit'
collect2.exe: error: ld returned 1 exit status

    And here's the CMakeOutput.log:

    The target system is: Generic - 2.0.99 - arm
The host system is: Windows - 10.0.17763 - AMD64
Compiling the C compiler identification source file "CMakeCCompilerId.c" succeeded.
Compiler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe 
Build flags: 
Id flags: -c 

The output was:
0


Compilation of the C compiler identification source "CMakeCCompilerId.c" produced "CMakeCCompilerId.o"

The C compiler identification is GNU, found in "C:/Users/me/Repos/myproject/build/CMakeFiles/3.14.5/CompilerIdC/CMakeCCompilerId.o"

Compiling the CXX compiler identification source file "CMakeCXXCompilerId.cpp" succeeded.
Compiler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe 
Build flags: 
Id flags: -c 

The output was:
0


Compilation of the CXX compiler identification source "CMakeCXXCompilerId.cpp" produced "CMakeCXXCompilerId.o"

The CXX compiler identification is GNU, found in "C:/Users/me/Repos/myproject/build/CMakeFiles/3.14.5/CompilerIdCXX/CMakeCXXCompilerId.o"

Checking whether the ASM compiler is GNU using "--version" matched "(GNU assembler)|(GCC)|(Free Software Foundation)":
arm-none-eabi-gcc.exe (GNU Tools for Arm Embedded Processors 7-2018-q2-update) 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

    When setting the path to the PEM, which folder is it referencing? I put it in the same folder as my CMakeLists.txt but that isn't correct. Using an absolute path can't be the best way to do it, so

    1. Where should the PEM file be? Or
    2. How can I use a relative path?

    I'm not using the Segger IDE - just command line tools and text editors.

  • 0 in reply to Chris Burns

    Thanks for providing this information. I have forwarded it to our R&D team and will get back to asap. 

    Kind regards,
    Øyvind

Reply Children
No Data
Related
Terms of service