Immutable bootloader private key in zephyr

openssl ecparam -name prime256v1 -genkey -noout -out priv.pem

# Bootloader
CONFIG_SECURE_BOOT=y
CONFIG_SB_SIGNING_KEY_FILE="priv.pem"

-- Using application from 'C:/Users/me/Repos/myproject'
Zephyr version: 2.0.99
-- Found PythonInterp: C:/Python37/python.exe (found suitable version "3.7.3", minimum required is "3.4")
-- Selected BOARD nrf9160_pca10090ns
-- Found west: C:/Python37/Scripts/west.exe (found suitable version "0.6.3", minimum required is "0.6.0")
-- Cache files will be written to: C:\Users\me\AppData\Local/.cache/zephyr
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090ns.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
-- Overlaying C:/Users/me/Repos/myproject/nrf9160_pca10090ns.overlay
Devicetree configuration written to C:/Users/me/Repos/myproject/build/zephyr/include/generated/generated_dts_board.conf

warning: TEST_RANDOM_GENERATOR (defined at subsys/random/Kconfig:8) was assigned the value 'y' but
got the value 'n'. You can check symbol information (including dependencies) in the 'menuconfig'
interface (see the Application Development Primer section of the manual), or in the Kconfig
reference at
http://docs.zephyrproject.org/latest/reference/kconfig/CONFIG_TEST_RANDOM_GENERATOR.html (which is
updated regularly from the master branch). See the 'Setting configuration values' section of the
Board Porting Guide as well.
Parsing Kconfig tree in C:/Users/me/Repos/myproject/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090ns_defconfig'
Merged configuration 'C:/Users/me/Repos/myproject/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/zephyr/.config'
-- The C compiler identification is GNU 7.3.1
-- The CXX compiler identification is GNU 7.3.1
-- The ASM compiler identification is GNU
-- Found assembler: C:/gnuarmemb/bin/arm-none-eabi-gcc.exe
-- Using application from 'C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm'
Zephyr version: 2.0.99
Changed board to secure nrf9160_pca10090 (NOT NS)
USING OUT OF TREE BOARD
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
-- Overlaying C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm/nrf9160_pca10090.overlay
Devicetree configuration written to C:/Users/me/Repos/myproject/build/spm/zephyr/include/generated/generated_dts_board.conf
Parsing Kconfig tree in C:/Users/me/Repos/ncs/zephyr/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090_defconfig'
Merged configuration 'C:/Users/me/Repos/ncs/nrf/samples/nrf9160/spm/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/spm/zephyr/.config'
-- Using application from 'C:/Users/me/Repos/ncs/nrf/samples/bootloader'
Zephyr version: 2.0.99
Changed board to secure nrf9160_pca10090 (NOT NS)
-- Loading C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090.dts as base
-- Overlaying C:/Users/me/Repos/ncs/zephyr/dts/common/common.dts
Devicetree configuration written to C:/Users/me/Repos/myproject/build/b0/zephyr/include/generated/generated_dts_board.conf
Parsing Kconfig tree in C:/Users/me/Repos/ncs/zephyr/Kconfig
Loaded configuration 'C:/Users/me/Repos/ncs/zephyr/boards/arm/nrf9160_pca10090/nrf9160_pca10090_defconfig'
Merged configuration 'C:/Users/me/Repos/ncs/nrf/samples/bootloader/prj.conf'
Configuration saved to 'C:/Users/me/Repos/myproject/build/b0/zephyr/.config'
CMake Error at C:/Users/me/Repos/ncs/nrf/subsys/bootloader/cmake/debug_keys.cmake:57 (message):
  Config points to non-existing PEM file 'priv.pem'
Call Stack (most recent call first):
  C:/Users/me/Repos/ncs/nrf/subsys/bootloader/image/CMakeLists.txt:67 (include)


-- Configuring incomplete, errors occurred!
See also "C:/Users/me/Repos/myproject/build/CMakeFiles/CMakeOutput.log".
See also "C:/Users/me/Repos/myproject/build/CMakeFiles/CMakeError.log".