CONFIG_BOOT_SIGNATURE_KEY_FILE doesn't correctly get propagated to MCUBoot build

Question

I'm setting CONFIG_BOOT_SIGNATURE_KEY_FILE while building an application with the nRF SDK 1.3.0 from the command line using west: 
 west build -t flash -p auto -b playerdata_edge_v2_0_3 edge -DCONFIG_BOOT_SIGNATURE_KEY_FILE=\"edge-v2-production.pem\" 
 I see from the application ninja logs that this is correctly signing the image with the specified key (albeit, it assumes that the key is located in `bootloader/mcuboot`, but I can live with that). 
 However, the public key baked into the MCUBoot build is incorrectly being extracted from the default MCUBoot key, as we can see from the MCUBoot ninja logs: 
 build zephyr/autogen-pubkey.c: CUSTOM_COMMAND /Users/hayden/development/PlayerData/edge-v2/bootloader/mcuboot/root-rsa-2048.pem || zephyr/driver_validation_h_target zephyr/kobj_types_h_target zephyr/offsets zephyr/offsets_h zephyr/parse_syscalls_target zephyr/syscall_list_h_target zephyr/zephyr_generated_headers
 COMMAND = cd /Users/hayden/development/PlayerData/edge-v2/build/mcuboot && /Users/hayden/development/PlayerData/edge-v2/env/bin/python3.8 /Users/hayden/development/PlayerData/edge-v2/bootloader/mcuboot/scripts/imgtool.py getpub -k /Users/hayden/development/PlayerData/edge-v2/bootloader/mcuboot/root-rsa-2048.pem > /Users/hayden/development/PlayerData/edge-v2/build/mcuboot/zephyr/autogen-pubkey.c
 DESC = Generating zephyr/autogen-pubkey.c
 restat = 1

It looks like the config variable isn't being correctly passed through to the MCUBoot build. 
 I've tried adding it to the `SHARED_MULTI_IMAGE_VARIABLES` list from my application CMakeLists.txt: 
 list(APPEND SHARED_MULTI_IMAGE_VARIABLES CONFIG_BOOT_SIGNATURE_KEY_FILE) 
 The variable is now being set in `extra_kconfig_options.conf`, however it is missing quotes so the toolchain is refusing to accept it: 
 /Users/hayden/development/PlayerData/edge-v2/build/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf:2: warning: malformed string literal in assignment to BOOT_SIGNATURE_KEY_FILE (defined at /Users/hayden/development/PlayerData/edge-v2/bootloader/mcuboot/zephyr/Kconfig:38). Assignment ignored. 
 CONFIG_BOOT_SIGNATURE_KEY_FILE=edge-v2-production.pem 
 
 Is this a bug, or am I not setting the right config options here?

markuckermann · Accepted Answer

For what it's worth, I've run into the same issue and fixed it by: 
 Adding: 
 
 # Build system doesn't allow passing of CONFIG_BOOT_SIGNATURE_KEY_FILE # So we leverage cmake configure_file. This needs to be at the top! if ( DEFINED mcuboot_CONF_FILE) configure_file (configuration/_common/child_image/mcuboot_min.conf.in "${mcuboot_CONF_FILE}" ) endif () 
 
 to the top of the CMakeLists.txt 
 
 Add CONFIG_BOOT_SIGNATURE_KEY_FILE="@MCUBOOT_KEY_FILE@" 
 to mcuboot_min.conf.in 
 
 And pass

- DMCUBOOT_KEY_FILE= { key_filename } ' on the command line

Mateusz · Answer

I did the following in my project's CMakeLists.txt: 
 set(CONFIG_BOOT_SIGNATURE_KEY_FILE ${CMAKE_CURRENT_SOURCE_DIR}/test_data/private_key.pem)
set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/test_data/private_key.pem\") 
 The mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE has to be escaped for some reason, I learned this from another thread (don't have the link anymore). 
 This appears to work fine in v2.5.0.

CONFIG_BOOT_SIGNATURE_KEY_FILE doesn't correctly get propagated to MCUBoot build

Top Replies