Hello everyone,
I am developping on a nRF52840 using sdk-nrf v1.8.0 and Nordic MCUboot fork as bootloader.
For security matter, we want to use the HW keys MCUboot options which enable the user to implement a function to retrieve his signing public key hash. The point is that when this option is activated, MCUboot no longer expect the Hash of the key in Firmware TLV but the key itself. (cf https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/design.html#using-hardware-keys-for-verification)
As we find convenient all generated binary by Nordic MCUboot relative Cmake (https://github.com/nrfconnect/sdk-nrf/blob/v1.9.0/modules/mcuboot/CMakeLists.txt) and would like to use them for our release build, we wonder if it is conceivable to condition the argument given to imgtool.py call on HW key configuration. It is something done for instance on trusted firmware-m (https://github.com/ARMmbed/trusted-firmware-m/blob/master/bl2/ext/mcuboot/CMakeLists.txt) on imgtool.py sign call with following line :
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Thanks for your time,
Matéo
