MCUBOOT signature key file with NCS V2.0.0

Question

Hi, we are trying to compile our project with NCS V2.0.0. Currently we are using NCS V1.8.0. In CMakeLists.txt we have this line to pass a custom signature key file to MCUBoot: 
 # MCUboot: set certificate file set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${CMAKE_CURRENT_LIST_DIR}/key/airbolt-rsa-2048.pem\"") 
 When compiling with NCS V1.8.0 we get this output and everything works: 
 
 When compiling with NCS V2.0.0 we get this error: 
 
 Next I looked in the extra_kconfig_options.conf file that was generated for MCUBoot: 
 
 Instead of putting the string between the quotation marks it was added to the end, causing the compile error. 
 Is there a better way of passing the signature key fle to MCUBoot?

Amanda Hsieh · Accepted Answer

Hi, 
 Sorry for the mistake. 
 After https://github.com/nrfconnect/sdk-nrf/commit/5393942bdf24be8424ec382f11e40083b01593c7 it is no longer possible to set a child image Kconfig string variable using the following command line flag: -Dmcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE=\"abc\" . It results in CONFIG_BOOT_SIGNATURE_KEY_FILE=abc"" being put in build/mcuboot/zephyr/misc/generated/extra_kconfig_options.conf . 
 The only workaround is using another layer of escaping: -Dmcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE=\\"abc\\" . 
 I have tested with the following command and don't get any issue. 
 west build --pristine -b nrf52840dk_nrf52840 zephyr/samples/hello_world -- -DCONFIG_BOOTLOADER_MCUBOOT=y -Dmcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE=\\"C:/NCS_2/v2.0.0/bootloader/mcuboot/enc-ec256-priv.pem\\" -DCONFIG_MCUBOOT_IMAGE_VERSION=\"0.1.2\+3\" -Dmcuboot_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y 
 
 I think this could fix the issue while using -Dmcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE with the command or setting mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE in CMake. 
 -Amanda

MCUBOOT signature key file with NCS V2.0.0

Top Replies