This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Override MCUBoot build directory

Hello,

It appears as though nRF Connect does not currently support building encrypted images, so I am trying to implement it myself.

Part of creating encrypted images is providing the encryption key in mcuboot/boot/zephyr/keys.c

To that end, I have copied mcuboot into my project directory and edited that file. However, I'm unsure how to direct the build system to build from my copy of mcuboot and not from the one installed by nRF Connect.

Note that I am able to build encrypted images by editing keys.c in the nRF Connect installation and editing the nrf/modules/mcuboot/CMakeLists.txt to provide the "--encrypted" argument to imgtool.py. This proves that building encrypted images is possible, however I would like to avoid editing the installed SDK as several projects will be built against it, each with their own encryption.

Ideally I'd like to leverage the nRF Connect build as well since it figures out things like the header size and alignment to pass to imgtool. This would allow me to build a template that can work across projects as well.

Is it possible to point the build system to my copy of mcuboot?
Or is there perhaps another way to build encrypted images?

Thank you very much!

Parents
  • Hi Sachrmed, 

    I haven't tried to build MCUBoot with encrypted image myself, but could you give me more information on the limitation you found in NCS that encrypted image can't be use ? 
    As far as I know it's at least supported by MCUBoot ? https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/encrypted_images.html

    Regarding your question, if you have a look at CMakeLists.txt in zephyr.txt folder you can find this: 

    So mcuboot.cmake is included when you enable CONFIG_BOOTLOADER_MCUBOOT. If you have a look inside mcuboot.cmake you can see the build system used to include the child image. 

    In addition in multi_image.cmake you can find CONFIG_NCS_MCUBOOT_IN_BUILD is added when CONFIG_BOOTLOADER_MCUBOOT. You may want to include it in your application configuration. 

    If you use partition manager, then you need to look into pm.yml.tfm as well. 

Reply
  • Hi Sachrmed, 

    I haven't tried to build MCUBoot with encrypted image myself, but could you give me more information on the limitation you found in NCS that encrypted image can't be use ? 
    As far as I know it's at least supported by MCUBoot ? https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/mcuboot/encrypted_images.html

    Regarding your question, if you have a look at CMakeLists.txt in zephyr.txt folder you can find this: 

    So mcuboot.cmake is included when you enable CONFIG_BOOTLOADER_MCUBOOT. If you have a look inside mcuboot.cmake you can see the build system used to include the child image. 

    In addition in multi_image.cmake you can find CONFIG_NCS_MCUBOOT_IN_BUILD is added when CONFIG_BOOTLOADER_MCUBOOT. You may want to include it in your application configuration. 

    If you use partition manager, then you need to look into pm.yml.tfm as well. 

Children
No Data
Related