This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Override MCUBoot build directory

Hello,

It appears as though nRF Connect does not currently support building encrypted images, so I am trying to implement it myself.

Part of creating encrypted images is providing the encryption key in mcuboot/boot/zephyr/keys.c

To that end, I have copied mcuboot into my project directory and edited that file. However, I'm unsure how to direct the build system to build from my copy of mcuboot and not from the one installed by nRF Connect.

Note that I am able to build encrypted images by editing keys.c in the nRF Connect installation and editing the nrf/modules/mcuboot/CMakeLists.txt to provide the "--encrypted" argument to imgtool.py. This proves that building encrypted images is possible, however I would like to avoid editing the installed SDK as several projects will be built against it, each with their own encryption.

Ideally I'd like to leverage the nRF Connect build as well since it figures out things like the header size and alignment to pass to imgtool. This would allow me to build a template that can work across projects as well.

Is it possible to point the build system to my copy of mcuboot?
Or is there perhaps another way to build encrypted images?

Thank you very much!

Parents
  • Hi Sachrmed, 
    I'm sorry for late response. It was Easter vacation in Norway last week. 

    I will check with the developers to see if there is any solution to do "--encrypt" without modify the SDK and let  you know what I find. 

  • No problem! Thanks for looking into that.
    I'm looking forward to seeing if you can come up with a solution.

  • Hi Sachrmed, 

    I got the response from the team. I don't have the solution on how you can configure to choose your own mcuboot but the explanation why encrypted image is not fully supported in our solution. 

    The main reason is the security concern. We don't want to provide a solution that you would use a single master key for all of your devices.  Since there isn't a way to secure store the key on nRF52 flash, when one of the device is hacked and the master key is extracted you have the risk that all your device can be hacked using the same master key. 

Reply
  • Hi Sachrmed, 

    I got the response from the team. I don't have the solution on how you can configure to choose your own mcuboot but the explanation why encrypted image is not fully supported in our solution. 

    The main reason is the security concern. We don't want to provide a solution that you would use a single master key for all of your devices.  Since there isn't a way to secure store the key on nRF52 flash, when one of the device is hacked and the master key is extracted you have the risk that all your device can be hacked using the same master key. 

Children
Related