Currently, I am following guide of zephyr sample: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/README.htmlBut when I build an app with: west build -b nrf52_pca10040and then try to sign the build: west sign -t imgtool -- --key root-rsa-2048.pemlike explained in the west sign doc:https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/west/sign.htmlI get an error:=== image configuration: partition offset: 49152 (0xc000) partition size: 204800 (0x32000) text section offset: 0 (0x0) === signed binaries: bin: /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.signed.bin Usage: imgtool sign [OPTIONS] INFILE OUTFILE Error: Invalid value for "-H" / "--header-size": Minimum value for -H/--header-size is 32 FATAL ERROR: command exited with status 2: /home/voja/.virtualenvs/zephyenv/bin/imgtool sign --version 0.0.0+0 --align 4 --header-size 0 --slot-size 204800 --key root-rsa-2048.pem /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.bin /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.signed.bin
=== image configuration: partition offset: 49152 (0xc000) partition size: 204800 (0x32000) text section offset: 0 (0x0) === signed binaries: bin: /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.signed.bin Usage: imgtool sign [OPTIONS] INFILE OUTFILE Error: Invalid value for "-H" / "--header-size": Minimum value for -H/--header-size is 32 FATAL ERROR: command exited with status 2: /home/voja/.virtualenvs/zephyenv/bin/imgtool sign --version 0.0.0+0 --align 4 --header-size 0 --slot-size 204800 --key root-rsa-2048.pem /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.bin /home/voja/Documents/irnas/ncs/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build/zephyr/zephyr.signed.bin
This is happening also with other apps. For example, tried doing it with hello_world sample, and got the same result. Before compiling I added CONFIG_BOOTLOADER_MCUBOOT=y to the prj.conf file.
hello_world
CONFIG_BOOTLOADER_MCUBOOT=y
my system:zephyr version: Booting Zephyr OS build v2.1.99-ncs1nRF-Connect-SDK version v1.2.0 on the Ubuntu 18.04LTS
Do you know what might be a problem?Best regards,Vojislav.
Vojislav said:Also, I would like to know more about what each bin and hex means:app_signed.hex (signed application ready for update)app_test_update.hexapp_to_sign.binapp_update.binapp_moved_test_update…
Hi Vojislav,
First of all, you should not need to do this manually, since the partition manager should sign the application automatically when you have used CONFIG_BOOTLOADER_MCUBOOT and generates the app_signed.hex. That said, it looks like you need to specify the header size, so you could try:
west sign -t imgtool -- --key root-rsa-2048.pem -H 32
Einar
Vojislav said:Also, I would like to know more about what each bin and hex means:app_signed.hex (signed application ready for update)app_test_update.hexapp_to_sign.binapp_update.binapp_moved_test_update.hex
These are all described here: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/readme-ncs.html#mcuboot-ncs Most importantly, app_update.bin is the signed version of the application that should be used for DFU/FOTA purposes."My next question is with which key (.pem) file is this app file signed?"The pem file used is the file configured in mcuboot. This file is specified by the kconfig option BOOT_SIGNATURE_KEY_FILE in the mcuboot image (note that you have to invoke "ninja mcuboot_menuconfig" to reach the configuration of the mcuboot image instead of your normal application menuconfig."And if I flash merged.hex using jLink is that also signed with the same key?"Yes, all bootable images (only the app in your case) inside merged.hex are signed with that key. MCUBoot only support one key."Can you recommend me a please where I can read more about this?"As already mentioned - https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/readme-ncs.html#mcuboot-ncsAlso you have https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/scripts/partition_manager/partition_manager.html#hex-files explaining how merging of files work."For me problem with the current build is that I can not use app_signed.hex with nRF Connect Android App because this app requires .bin format. I am able to do an update using app_update.bin file, but I cannot use app_signed.hex"As stated above, the slightly badly named app_update.bin is the correct signed version.To avoid problems you should stick to using the automatically signed binaries/hexes and avoid using the west sign command as this is only useful for non-NCS users which does not have the benefit of automatic signing.
Hi shibshab,Thank you for clearing all up. Now it is much more clear how everything fits together. I was able to do all of this with try/fail methodology on nrf52832 and with your explanation and ref links, it is all much clearer. Unfortunately, it seems that I can not fit everything on nrf52811 which is my preferred platform at the moment. https://devzone.nordicsemi.com/f/nordic-q-a/61313/nrf52811-zephyr-with-mcubootBest regards,Vojislav