• State Verified Answer
  • Replies 12 replies
  • Subscribers 72 subscribers
  • Views 5074 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 258520
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

NCS recommended MCUboot enabled apps build and flash methods

n.sakamoto

I am testing smp_srv (bluetooth) with NCS 1.3.2.
I don't know how to build and flash related apps for MCU boot in NCS.
MCUboot is unable to boot smp_srv even after running as documented.
All sample code related to MCUboot will fail to start the application.

1. Is this smp_srv build correct in NCS? Or what is the recommended build method?
2. How do you do the flash method related to MCU boot recommended by NCS?
I don't use west sign -t imgtool because it doesn't seem to be recommended by NCS.
I'm flashing merged.hex with west flash.


[challenged command]
cd ~/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr
west build -b nrf52dk_nrf52832 -d build_nrf52dk_nrf52832 . -- -DOVERLAY_CONFIG=overlay-bt.conf
west flash -d build_nrf52dk_nrf52832


nRF Connect SDK 1.3.2
Ubuntu 20.04.1 LTS

SEGGER J-Link V6.86e - Real time terminal output
J-Link OB-SAM3U128-V2-NordicSemi compiled Mar 17 2020 14:43:00 V1.0, SN=682102400
Process: JLinkExe
[00:00:00.003,753] <inf> mcuboot: Starting bootloader
[00:00:00.010,467] <inf> mcuboot: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[00:00:00.021,667] <inf> mcuboot: Boot source: none
[00:00:00.027,770] <inf> mcuboot: Swap type: none
[00:00:00.244,415] <err> mcuboot: Image in the primary slot is not valid!
[00:00:00.252,838] <err> mcuboot: Unable to find bootable image

Parents
  • +1

    Reverting CONFIG_BOOT_SIGNATURE_KEY_FILE in prj.conf of MCUboot to the original file name and executing "imgtool.py getpub" to rebuild it solved the problem.
    1.edit mcuboot prj.conf
    [bootloader/mcuboot/boot/zephyr/prj.conf]
    #CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048-new.pem" <-comment
    CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" <-Revert to old code
    2.
    ./scripts/imgtool.py getpub -k root-rsa-2048.pem


    When I built mcuboot when bootloader / mcuboot / root-rsa-2048.pem did not exist, the build failed.
    An error will occur if root-rsa-2048.pem'is missing.
    Could not build with the newly generated root-rsa-2048-new.pem.
    Is the method of specifying the key pair wrong?

    error:
    FileNotFoundError: [Errno 2] No such file or directory: '/home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/root-rsa-2048.pem'

    1.edit mcuboot prj.conf
    [bootloader/mcuboot/boot/zephyr/prj.conf]
    CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048-new.pem" <-set new file
    #CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" <-comment
    2.
    ./scripts/imgtool.py getpub -k root-rsa-2048-new.pem


    [smp_srv build log]

    ncs@ubuntu:~/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr$ west build -b nrf52dk_nrf52832  -d build_nrf52dk_nrf52832 . -- -DOVERLAY=overlay-bt.conf
-- west build: generating a build system
Including boilerplate (Zephyr base): /home/ncs/ncs/v1.3.2/zephyr/cmake/app/boilerplate.cmake
-- Application: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr
-- Zephyr version: 2.3.0-rc1 (/home/ncs/ncs/v1.3.2/zephyr)
-- Found Python3: /usr/bin/python3.8 (found suitable exact version "3.8.5") found components: Interpreter 
-- Board: nrf52dk_nrf52832
-- Found west: /home/ncs/.local/bin/west (found suitable version "0.7.2", minimum required is "0.7.1")

-- Found dtc: /usr/bin/dtc (found suitable version "1.5.0", minimum required is "1.4.6")
-- Found toolchain: gnuarmemb (/home/ncs/gnuarmemb)
-- Found BOARD.dts: /home/ncs/ncs/v1.3.2/zephyr/boards/arm/nrf52dk_nrf52832/nrf52dk_nrf52832.dts
-- Generated zephyr.dts: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/zephyr.dts
-- Generated devicetree_unfixed.h: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/include/generated/devicetree_unfixed.h
Parsing /home/ncs/ncs/v1.3.2/zephyr/Kconfig
Loaded configuration '/home/ncs/ncs/v1.3.2/zephyr/boards/arm/nrf52dk_nrf52832/nrf52dk_nrf52832_defconfig'
Merged configuration '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/prj.conf'
Merged configuration '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52dk_nrf52832.conf'
Configuration saved to '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/.config'
Kconfig header saved to '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 9.3.1
-- The CXX compiler identification is GNU 9.3.1
-- The ASM compiler identification is GNU
-- Found assembler: /home/ncs/gnuarmemb/bin/arm-none-eabi-gcc
-- Cache files will be written to: /home/ncs/.cache/zephyr

=== child image mcuboot - nrf52dk_nrf52832 begin ===
Including boilerplate (Zephyr base): /home/ncs/ncs/v1.3.2/zephyr/cmake/app/boilerplate.cmake
-- Application: /home/ncs/ncs/v1.3.2/bootloader/mcuboot/boot/zephyr
-- Zephyr version: 2.3.0-rc1 (/home/ncs/ncs/v1.3.2/zephyr)
-- Found Python3: /usr/bin/python3.8 (found suitable exact version "3.8.5") found components: Interpreter 
-- Board: nrf52dk_nrf52832
-- Found west: /home/ncs/.local/bin/west (found suitable version "0.7.2", minimum required is "0.7.1")
-- Found dtc: /usr/bin/dtc (found suitable version "1.5.0", minimum required is "1.4.6")
-- Found toolchain: gnuarmemb (/home/ncs/gnuarmemb)
-- Found BOARD.dts: /home/ncs/ncs/v1.3.2/zephyr/boards/arm/nrf52dk_nrf52832/nrf52dk_nrf52832.dts
-- Found devicetree overlay: /home/ncs/ncs/v1.3.2/bootloader/mcuboot/boot/zephyr/dts.overlay
-- Generated zephyr.dts: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/mcuboot/zephyr/zephyr.dts
-- Generated devicetree_unfixed.h: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/mcuboot/zephyr/include/generated/devicetree_unfixed.h
Parsing /home/ncs/ncs/v1.3.2/bootloader/mcuboot/boot/zephyr/Kconfig
Loaded configuration '/home/ncs/ncs/v1.3.2/zephyr/boards/arm/nrf52dk_nrf52832/nrf52dk_nrf52832_defconfig'
Merged configuration '/home/ncs/ncs/v1.3.2/bootloader/mcuboot/boot/zephyr/prj.conf'
Configuration saved to '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/mcuboot/zephyr/.config'
Kconfig header saved to '/home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/mcuboot/zephyr/include/generated/autoconf.h'
-- The C compiler identification is GNU 9.3.1
-- The CXX compiler identification is GNU 9.3.1
-- The ASM compiler identification is GNU
-- Found assembler: /home/ncs/gnuarmemb/bin/arm-none-eabi-gcc
-- Cache files will be written to: /home/ncs/.cache/zephyr
-- Configuring done
-- Generating done
-- Build files have been written to: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/mcuboot
=== child image mcuboot - nrf52dk_nrf52832 end ===

-- Configuring done
-- Generating done
CMake Warning:
  Manually-specified variables were not used by the project:

    OVERLAY


-- Build files have been written to: /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832
-- west build: building application
[1/266] Preparing syscall dependency handling

[9/266] Performing build step for 'mcuboot_subimage'
[1/239] Preparing syscall dependency handling

[234/239] Linking C executable zephyr/zephyr_prebuilt.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       36060 B        48 KB     73.36%
            SRAM:       23608 B        64 KB     36.02%
        IDT_LIST:          72 B         2 KB      3.52%
[239/239] Linking C executable zephyr/zephyr.elf
[255/266] Linking C executable zephyr/zephyr_prebuilt.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:      177420 B     224768 B     78.93%
            SRAM:       32280 B        64 KB     49.26%
        IDT_LIST:         136 B         2 KB      6.64%
[263/266] Generating ../../zephyr/app_...../../zephyr/app_moved_test_update.hex
FAILED: zephyr/app_update.bin zephyr/app_signed.hex zephyr/app_test_update.hex zephyr/app_moved_test_update.hex 
cd /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/modules/mcuboot && /usr/bin/python3.8 /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/scripts/imgtool.py sign --key /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/root-rsa-2048.pem --header-size 0x200 --align 4 --version 0.0.0+0 --slot-size 0x37000 --pad-header /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/mcuboot_primary_app.hex /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_signed.hex && /home/ncs/gnuarmemb/bin/arm-none-eabi-objcopy --input-target=ihex --output-target=binary /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/mcuboot_primary_app.hex /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_to_sign.bin && /usr/bin/python3.8 /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/scripts/imgtool.py sign --key /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/root-rsa-2048.pem --header-size 0x200 --align 4 --version 0.0.0+0 --slot-size 0x37000 --pad-header /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_to_sign.bin /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_update.bin && /usr/bin/python3.8 /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/scripts/imgtool.py sign --key /home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/root-rsa-2048.pem --header-size 0x200 --align 4 --version 0.0.0+0 --slot-size 0x37000 --pad-header --pad /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/mcuboot_primary_app.hex /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_test_update.hex && /home/ncs/gnuarmemb/bin/arm-none-eabi-objcopy --input-target=ihex --output-target=ihex --change-address 0x37000 /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_test_update.hex /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832/zephyr/app_moved_test_update.hex
Traceback (most recent call last):
  File "/home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/scripts/imgtool.py", line 20, in <module>
    main.imgtool()
  File "/home/ncs/.local/lib/python3.8/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/ncs/.local/lib/python3.8/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/home/ncs/.local/lib/python3.8/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/ncs/.local/lib/python3.8/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/ncs/.local/lib/python3.8/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/ncs/ncs/v1.3.2/bootloader/mcuboot/scripts/imgtool/main.py", line 294, in sign
    key = load_key(key) if key else None
  File "/home/ncs/ncs/v1.3.2/bootloader/mcuboot/scripts/imgtool/main.py", line 72, in load_key
    key = keys.load(keyfile)
  File "/home/ncs/ncs/v1.3.2/bootloader/mcuboot/scripts/imgtool/keys/__init__.py", line 44, in load
    with open(path, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/home/ncs/ncs/v1.3.2/zephyr/../bootloader/mcuboot/root-rsa-2048.pem'
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: /usr/bin/cmake --build /home/ncs/ncs/v1.3.2/zephyr/samples/subsys/mgmt/mcumgr/smp_svr/build_nrf52dk_nrf52832

  • 0 in reply to n.sakamoto

    I decided to avoid the problem by using the generated private key without changing the original file name, hoping that the problem that CONFIG_BOOT_SIGNATURE_KEY_FILE is not reflected in MCU boot will be solved by version upgrade.

  • 0 in reply to n.sakamoto

    I'm sorry for the delay on this. I have not looked into this topic (singing, keys, etc..)  very much and I put off some time yesterday and today to get an overview of how all this works. I'm gradually getting a better understanding of this and will try to provide you with an answer soon.

    Best regards,

    Simon

  • 0 in reply to Simon

    I did some investigation into NCS v1.3.2 and it seems like you have to do the following to use your custom key:

    The reason you have to put it both places is the following: Inside bootloader\mcuboot\boot\zephyr\CMakeLists.txt (where the public key autogen-pubkey.c is created), it uses the key from mcuboot\boot\zephyr\prj.conf. Inside nrf\cmake\mcuboot.cmake (where the signed image app_update.bin is created), the key from <application to be signed>\prj.conf is used.
    • Next you simply flash the merged.hex file from the applications build folder. It will contain both the mcuboot and app_update.bin hex. The mcuboot should be able to boot validate and boot the application.

    I have not looked into NCS v1.4.0/master, and if this process is simplified to only set the key in one place. I can do some investigation if you would like to.

    Best regards,

    Simon

  • 0 in reply to Simon

    key pair file path is bootloader/mcuboot/root-rsa-2048-new.pem.
    However, smp_srv builds with the default root-rsa-2048.pem.

    ncs v1.4.0 seems to have solved this problem.
    Use v1.4.0. Thank you for the correction.

    I also understand that NCS does not need to extract the private key ("imgtool.py getpub").

    [imgtool.py getpub]
    ./scripts/imgtool.py getpub -k root-rsa-2048-new.pem

  • 0 in reply to Simon

    On NCS v1.4.0 you no longer need to specify the signature key file in the application, however the default key type has been changed to ECDSA. Thus, the lines you have to add to mcuboot/boot/zephyr/prj.conf to use an RSA key are:

    CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n
CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
CONFIG_BOOT_SIGNATURE_KEY_FILE="custom_key_rsa-2048.pem"

  • 0 in reply to Dominic

    Is it expected that we still get this scary message even though it appears to be working properly?

    ---------------------------------------------------------
    --- WARNING: Using default MCUBoot key, it should not ---
    --- be used for production. ---
    ---------------------------------------------------------

Reply Children
No Data
Related