Hi Nordic providers of solutions to problems great and small.
Good mornings.
We have been going through the OTA/DFU process for a signed image as the final step of our product and noticed some awkwardness in the nRF Connect SDK work flow for image signing and for placing the public key in mcuboot.
The typical workflow in product developement requires developers to only get access to the public key that has to get placed in mcuboot. The folks that sign the image have some statutatory requirements where they are held accountable to any leaks of the private key so the private key is known only to a very small team.
Currently the build setup for mcuboot and a signed image requires private key access to the developers which is awkward.
I did look at the case below but its solution was a bit hazy.
Placing the C struct of the public key into the keys.c
Help to to pull the signing out of the build process and make it an explicit and separate step to generate a signed image from an unsigned image.
Thanks for the support
David
