How to validate signature check requirements

Einar Thorsrud said:

(IMPORTANT) I want to download this package to the device using a 'SWD debug port' -- not by any generic DFU workflows.

No problem. As long as your merged hex file includes a bootloader settings page, the app will start and everything will work after programming via SWD. Note that you need to specify here as well that there should be a signature verification, so that the correct signature is part of the generated settings page.

I am sorry but I do not know how to "specify here as well that there should be a signature verification" -- I am using JLINK over SWD so what would be the workflow for specifying signature verification at boot up?

Einar Thorsrud said:

Then I want to power cycle and reboot the device and ensure that I can FORCE the device to FAIL the boot up validation by using a 'WRONG' key somewhere in the process that leads to the generation of the single HEX file in (2) above.

To do this, just supply a dummy hex file instead of the correct hex file when generating the bootloader settings page. Then the signature will not be valid for the actual hex file, and the bootloader will not start the application.

Do you mean a dummy 'key file' instead of 'hex file' ?

Einar Thorsrud said:

(IMPORTANT) I want to download this package to the device using a 'SWD debug port' -- not by any generic DFU workflows.

No problem. As long as your merged hex file includes a bootloader settings page, the app will start and everything will work after programming via SWD. Note that you need to specify here as well that there should be a signature verification, so that the correct signature is part of the generated settings page.

I am sorry but I do not know how to "specify here as well that there should be a signature verification" -- I am using JLINK over SWD so what would be the workflow for specifying signature verification at boot up?

Einar Thorsrud said:

Then I want to power cycle and reboot the device and ensure that I can FORCE the device to FAIL the boot up validation by using a 'WRONG' key somewhere in the process that leads to the generation of the single HEX file in (2) above.

To do this, just supply a dummy hex file instead of the correct hex file when generating the bootloader settings page. Then the signature will not be valid for the actual hex file, and the bootloader will not start the application.

Do you mean a dummy 'key file' instead of 'hex file' ?

Hi,

RMV said:

I am sorry but I do not know how to "specify here as well that there should be a signature verification" -- I am using JLINK over SWD so what would be the workflow for specifying signature verification at boot up?

This is not related to programming itself. The points is that you need to specify the validation method when you generate the bootloader settings page so that it is properly signed. Specifically you need to use --app-boot-validation VALIDATE_ECDSA_P256_SHA256. You can type nrfutil settings generate --help for more details on settings page generation.

RMV said:

Do you mean a dummy 'key file' instead of 'hex file' ?

No, I ment hex file, but you will get the same effect by changing the key file. Essentially, you need both the correct data and correct key to generate a valid signature. So replacing any of the two when generating the bootloader settings page would cause subsequent signature verification to fail (as expected).