Is there support in NCS for MCUboot images encrypted with a different encryption key (not the same key as the signing key)? How is that configured (via prj.conf, etc)?
Hi Denis,
There is a clarification here. Image signing is not encrypting image. What it does is to hash the image and then use the signature to sign the hash. You can read about that here.
You can also use imgtool to generate your own key file, documentation here.
There are a few of related Devzone case that can be useful :
https://devzone.nordicsemi.com/f/nordic-q-a/72365/best-process-for-signing-firmware-images-when-using-mcuboot
devzone.nordicsemi.com/.../signing-zephyr-images---west-sign
Hi Denis,
There is a clarification here. Image signing is not encrypting image. What it does is to hash the image and then use the signature to sign the hash. You can read about that here.
You can also use imgtool to generate your own key file, documentation here.
There are a few of related Devzone case that can be useful :
https://devzone.nordicsemi.com/f/nordic-q-a/72365/best-process-for-signing-firmware-images-when-using-mcuboot
devzone.nordicsemi.com/.../signing-zephyr-images---west-sign
Hi Denis,
I see. I thought you were asking for using your own signing key.
Regarding image encryption, you can find the documentation here.
I'm not too familiar with the topic but could you try follow this instruction from Simon in this case ?
I will try to get Simon to look into the case if you have any problem following his guide.