• State Not Answered
  • Replies 12 replies
  • Subscribers 70 subscribers
  • Views 3468 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 257351
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Documentation on generating/using custom signing key for FOTA in nRF Connect SDK

Cody

Hello Nordic Team,

Over the course of development I have had to reverse engineer and pick apart various sources (DevZone, Google, Zephyr documentation, etc) in order to figure out how to properly generate and utilize a custom, private signing key for our FOTA images. I currently have a working solution but it feels more like a hack and as I frequently test on the master branch to prepare for upcoming changes, it appears that the method I am using is generating warnings.


My question is: is there any official documentation and/or guide on how to properly generate and sign images using a custom signing key and how that is integrated into a project (ie asset_tracker)?

I want to make sure that I am doing it right and that it is properly integrated into my project and build system.

Thanks,
Cody

Parents Reply Children
  • 0 in reply to Simon

    Hey @Simon,


    I reviewed the the other ticket and I am now on nRF Connect SDK v1.4.2, in the thread someone mentions that in v1.4.0+ you only need to provide the following lines in the mcuboot configuration file:

    CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
CONFIG_BOOT_SIGNATURE_KEY_FILE="custom_key_rsa-2048.pem"

    That appears to be in line with the asset_tracker/connectivity bridge examples in v1.4.2 where they have a mcuboot_overlay-rsa.conf file in the root and then added to the MCUBoot configuration in CMakeLists. with the following code:

    list(APPEND mcuboot_OVERLAY_CONFIG
  "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot_overlay-rsa.conf"
  )

    Doing so in my project still leads to the following scary warning message from MCUBoot -

    ---------------------------------------------------------
    --- WARNING: Using default MCUBoot key, it should not ---
    --- be used for production. ---
    ---------------------------------------------------------

    Do you know if I am doing something wrong? What's weird is I think it is still working, if I put a log statement in mcuboot.cmake where that message is printed out, my custom defined signature key file is being set....

    # Set default key
if (NOT DEFINED mcuboot_key_file)
message(WARNING "
  ---------------------------------------------------------
  --- WARNING: Using default MCUBoot key, it should not ---
  --- be used for production.                           ---
  ---------------------------------------------------------
  \n"
)
set(mcuboot_key_file ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
message(WARNING "mcuboot_key_file ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}")
endif()

    Thanks,
    Cody

  • 0 in reply to Cody

    The warning just tells you that you're using the default key from NCS, and you should definitely not use this key on the deivices that goes out to production, as it will make your devices unprotected. That key is only meant for testing. You should geneate your own keys for the production versions.

  • 0 in reply to Simon

    I have generated my own private key and am following the same/similar setup as asset_tracker/connectivity bridge in nRF Connect SDK v1.4.2.

    It is very strange though because CONFIG_BOOT_SIGNATURE_KEY_FILE is being set to my custom key file name and appears to be utilized.

    CMake Warning at /Users/crsharff/Development_Tools/ncs_v1.4/nrf/cmake/mcuboot.cmake:125 (message):


        ---------------------------------------------------------
        --- WARNING: Using default MCUBoot key, it should not ---
        --- be used for production.                           ---
        ---------------------------------------------------------

CMake Warning at /Users/crsharff/Development_Tools/ncs_v1.4/nrf/cmake/mcuboot.cmake:133 (message):
  mcuboot_key_file /cody-custom-rsa-2048.pem

    Doing more research it appears that this error is shown because the following code block doesn't set the mcuboot_key_file because mcuboot_CONF_DIR and mcuboot_CONF_DIR appear undefined.

      if (DEFINED mcuboot_CONF_FILE)
    message(WARNING "DEFINED mcuboot_CONF_FILE")
    get_filename_component(mcuboot_CONF_DIR ${mcuboot_CONF_FILE} DIRECTORY)
    if (EXISTS ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
      message(WARNING "EXISTS ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}")
      set(mcuboot_key_file ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    endif()
  endif()

  # Set default key
  if (NOT DEFINED mcuboot_key_file)
    message(WARNING "
      ---------------------------------------------------------
      --- WARNING: Using default MCUBoot key, it should not ---
      --- be used for production.                           ---
      ---------------------------------------------------------
      \n"
    )
    set(mcuboot_key_file ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    message(WARNING "mcuboot_key_file ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}")
  endif()

  • 0 in reply to Cody

    I'll look into it tomorrow morning (CET).

  • 0 in reply to Simon

    Thanks Simon, much appreciated. The more I delve into it the more it looks like its just an issue with the logic inside mcuboot.cmake. It will print the scary message 100% of the time as long as mcuboot_CONF_FILE is not defined and mcuboot_CONF_FILE being defined does not look like a requirement for CONFIG_BOOT_SIGNATURE_KEY_FILE to be properly set by the MCUBoot overlay configuration file in my project.

    Found this other thread on the DevZone that seems to be discussing a lot of the same issues: devzone.nordicsemi.com/.../problem-with-signing-images-for-ota-dfu

Related