• State Not Answered
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 1044 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 286601
Options

nRF9160 2-stage secure boot and public/private key

Fay Luo

Hi, Nordic Team

  I’m getting started trying to use both MCUboot and NSIB for 2-stage secure boot on nRF9160, and use SEGGER as developed tool. I enable NSIB via “Configue nRF Connect SDK project”, and It works. (I check from the partition.

  Well, The problem comes when I provide public key (adding in Public key PEM file), It said that the key is duplicated (as it was automatically generated from private key), so I change to new public key (never used),and the system is warning the same.

  So I want to make sure that I need to provide only private key when I want to use my own key, for NSIB? Cuz it will automatically generate, if so what the “Public key PEM file” slot work for?

 

  Besides, if it possible to modify merged.hex file with hex file that is not signed? I think MCUboot would not allow it, but I want to make sure if there is the way.

  Thank you.

Parents
  • 0

    Hello,

      So I want to make sure that I need to provide only private key when I want to use my own key, for NSIB? Cuz it will automatically generate, if so what the “Public key PEM file” slot work for?

    You should probably look at this and this if you want to know how to use custom private keys for signing.

    Besides, if it possible to modify merged.hex file with hex file that is not signed?

    I'm not sure what this question is about, but if you want to merge a signed and an unsigned image I'm pretty sure that's not possible.

Reply
  • 0

    Hello,

      So I want to make sure that I need to provide only private key when I want to use my own key, for NSIB? Cuz it will automatically generate, if so what the “Public key PEM file” slot work for?

    You should probably look at this and this if you want to know how to use custom private keys for signing.

    Besides, if it possible to modify merged.hex file with hex file that is not signed?

    I'm not sure what this question is about, but if you want to merge a signed and an unsigned image I'm pretty sure that's not possible.

Children
  • 0 in reply to Hakon

    Thanks for your reply. I read the instruction.

     And have some questions as following:

     

    1. Where can I find the list of public key hash or provision hex file?

                I think that <public.pem> file put in “Public key PEM file” will be hash and kept in the list respectively, won’t it?

     

    1. Is it okay if I use key generated by OPENSSL while setting ‘CONFIG_SB_SIGNING_PYTHON=y’?

     

            3. As for ‘Checking the public key’ part 

                         diff build/zephyr/nrf/subsys/bootloader/generated/public.pem <(openssl ec -in priv.pem -pubout)   

           unfortunately, I cannot fine the path 'build/zephyr/nrf/subsys/bootloader/generated/public.pem' , is there is any suggession?

Related
Terms of service