Dear All,
I am trying to create an application that uses the MCUBoot, so that later I can perform a FOTA operation.
From what I know so far there are some keys in the SDK that the MCUBoot prj.conf is pointing to and uses those keys to create the signed bin files.
So if someone wants to use a custom key, he could potentially replace thekey in the SDK and then it would work. But this would require to modify the SDK, which I would like to avoid completely.
While I was trying to figure out this issue, I came across this link that suggests that someone can first compile the application, including the MCUBoot and then sign it with a custom key, that felt right the exact thing I am looking for. But this unfortunately didn't work.
What I did is this:
west build -p auto -b nrf9160dk_nrf9160ns
west sign -t imgtool -- --key private-key.pem --header-size 32 --pad
And what I got is this:
Error: Header padding was not requested and image does not start with zeros FATAL ERROR: command exited with status 2: 'C:\Python37\Scripts\imgtool.EXE' sign --version 0.0.0+0 --align 4 --header-size 0 --slot-size 196608 --key private-key.pem --header-size 32 --pad C:/Users/SODAQ/Desktop/GIT_Projects/bayer_tag/build/zephyr/zephyr.bin 'C:\Users\SODAQ\Desktop\GIT_Projects\bayer_tag\build\zephyr\zephyr.signed.bin'
From what I can understand the
CONFIG_BOOTLADER_MCUBOOT=y
effectively compiles and adds the bootloader in the project, but the bootloader uses the default key of the SDK and this very undesired.
So is there any way possible to effectively sign the .hex file again with the custom private key and then be able to use the .bin file with the custom private key, without modifying the SDK at all?
Also, I am not sure what is the role of the SPM in this process.
I am using the NCS SDK v1.3.0
Thank you very much for your assistance
