CMake warning: Using default MCUBoot key, it should not be used for production.

Question

I'm following the steps at https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/ug_bootloader.html#adding-a-bootloader-chain-to-your-application 
 I generated a private key using 
 openssl ecparam -name prime256v1 -genkey -noout -out priv.pem 
 Side note: I got this command from the bootloader sample readme.rst, it might be useful to include it in the docs at the link above. 
 To my prj.conf I added: 
 CONFIG_SECURE_BOOT=y
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_SB_SIGNING_KEY_FILE="priv.pem" 
 When I re-run CMake I get the warning in the title of the question. Should it not be using the private key I specified?

nrbrook · Accepted Answer

Hi Hakon, 
 Looking at that code it seems you can set a relative file using CMake: 
 set(mcuboot_key_file ${CMAKE_CURRENT_LIST_DIR}/priv.pem) 
 However, although that script picks it up, the bootloader/mcuboot/boot/zephyr/CMakeLists.txt script does not: 
 MCUBoot bootloader key file: /opt/nordic/ncs/v1.5.0-rc1/bootloader/mcuboot/priv.pem 
 You can use this to set the path used in that file: 
 set(mcuboot_key_file ${CMAKE_CURRENT_LIST_DIR}/priv.pem)
set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${mcuboot_key_file}\"") 
 Note that you must include escaped quotes. Using this approach, you don't need to use the overlay config. 
 However this is a workaround, it should really all come from one variable. You also get a warning because all mcuboot_ variables are passed to the MCUBoot CMakeLists.txt, and "key_file" is not used. 
 Thanks

CMake warning: Using default MCUBoot key, it should not be used for production.

Top Replies