MCU Boot - Using Hardware Keys for Verification

Hi,

To quote you from another post:
"Is Mcuboot Hardware Key feature supported on NCS 1.8.0?"

No , it not supported in nRF Connect SDK 1.8.0.

I might therefore not be able to help you too much with the your implementation for this.
Fell free to ask though, and I will answer what I can.

||

I noticed that imgtool.py does not provide an option for generating key hashes.

Are there any reasons why, e.g. not the right tool?

Are there scripts that do this or plans to add such?

I will have to look some more into this, and will return with an answer by end of Wednesday.

||

I also found this page describing shortcut/workarounds for the ECDSA signature: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/ecdsa.html#

What is the current state of this issue? 

From our Documentation structure:
"The local MCUboot documentation is a slightly extended version of the official MCUboot documentation, containing some additions specific to Nordic Semiconductor."

The issue you mention here is from the official MCUboot documentation on the ECDSA signature format. If you want a status on this, you will need to contact them directly.

Regards,
Sigurd Hellesvik

Hi,

To quote you from another post:
"Is Mcuboot Hardware Key feature supported on NCS 1.8.0?"

No , it not supported in nRF Connect SDK 1.8.0.

I might therefore not be able to help you too much with the your implementation for this.
Fell free to ask though, and I will answer what I can.

||

I noticed that imgtool.py does not provide an option for generating key hashes.

Are there any reasons why, e.g. not the right tool?

Are there scripts that do this or plans to add such?

I will have to look some more into this, and will return with an answer by end of Wednesday.

||

I also found this page describing shortcut/workarounds for the ECDSA signature: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/ecdsa.html#

What is the current state of this issue? 

From our Documentation structure:
"The local MCUboot documentation is a slightly extended version of the official MCUboot documentation, containing some additions specific to Nordic Semiconductor."

The issue you mention here is from the official MCUboot documentation on the ECDSA signature format. If you want a status on this, you will need to contact them directly.

Regards,
Sigurd Hellesvik

I noticed that imgtool.py does not provide an option for generating key hashes.

Are there any reasons why, e.g. not the right tool?

Are there scripts that do this or plans to add such?

Imgtool is automatically generating hash by default if the argument "--public-key-format" is used.

"The --public-key-format argument can be used to distinguish where the public key is stored for image authentication. The hash option is used by default, in which case only the hash of the public key is added to the TLV area (the full public key is incorporated into the bootloader)." [1]

Nordic Semiconductor does not supply any command line tools for generating key hashes which I am aware of.

Since many of your questions are MCUboot related, you likely get better answers if you contact MCUboot directly.
See https://www.mcuboot.com/contact/

Regards,
Sigurd Hellesvik