Error about MCUBOOT_BUILD_STRATEGY_FROM_SOURCE when trying to provide a signing key

I want to do firmware updates over BLE. To do that I added these settings to my prj.conf which I mostly got from the smp_svr example:

This "works" but it uses the default signing key. So I added CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="signing_key.pem" according to this answer but I got this message during build:

If I follow that advice and set CONFIG_BOOT_SIGNATURE_KEY_FILE I get these messages:

But it doesn't seem like MCUBOOT_BUILD_STRATEGY_FROM_SOURCE is a valid prj.conf setting for an NCS project?

I'm on NCS 1.9.1.

Parents
  • Hi,

    If I follow that advice and set CONFIG_BOOT_SIGNATURE_KEY_FILE

    The message instructed you to consider setting CONFIG_MCUBOOT_SIGNATURE_KEY_FILE. Did you set CONFIG_BOOT_SIGNATURE_KEY_FILE instead? If so, to which value?

    Best regards,
    Dejan

  • Are you referring to the last sentence of the message? If I understand the message correctly, it encourages me to remove (= set to the default, an empty string) CONFIG_MCUBOOT_SIGNATURE_KEY_FILE again just to get rid of the message. But then I would still not have a custom signing key.

  • Hi,

    Could you specify the way how you built your project?

    Best regards,
    Dejan

  • Here's my complete prj.conf:

    If you just create a new project in VSCode and hit Build, you should get a message about the default key being used.

    If you then add CONFIG_MCUBOOT_SIGNATURE_KEY_FILE you should see the message about it being ignored.

  • Hi,

    Similar to what is shown in the configuration file for nrf_desktop sample, you should put CONFIG_BOOT_SIGNATURE_KEY_FILE in the configuration file for the child image. Inside your project directory, create child_image directory with mcuboot.conf file where you put your mcuboot configuration. If you still have an issue, try adding CONFIG_BOOT_SIGNATURE_KEY_FILE in both prj.conf and in child_image/mcuboot.conf

    You can read more about default configuration for multi-image build, signing binaries and adding custom signature key file.

    Best regards,
    Dejan

Reply
  • Hi,

    Similar to what is shown in the configuration file for nrf_desktop sample, you should put CONFIG_BOOT_SIGNATURE_KEY_FILE in the configuration file for the child image. Inside your project directory, create child_image directory with mcuboot.conf file where you put your mcuboot configuration. If you still have an issue, try adding CONFIG_BOOT_SIGNATURE_KEY_FILE in both prj.conf and in child_image/mcuboot.conf

    You can read more about default configuration for multi-image build, signing binaries and adding custom signature key file.

    Best regards,
    Dejan

Children
  • Ok, I tried that but I'm still getting the "WARNING: Using default MCUBoot key" message.

    Is this the correct directory structure?

  • Hi,

    Could you provide more information on what you tried?

    Best regards,
    Dejan

  • I created the directory/file structure and put CONFIG_BOOT_SIGNATURE_KEY_FILE="image_sign.pem" into it. Then I hit "Build" again. It said "ninja: no work to do." I hit the "Pristine Build" button (the circular arrow). The "WARNING: Using default MCUBoot key" message appeared in the terminal again.

    But I just noticed something... it seems it is looking for the key in the SDK directory instead of the project! And only because it didn't find the file there, it used the default key.

    I put an absolute path there now and it seems to be using the file now. So with an absolute path to the key file it seems to work.

  • I wrote too early. While the build now works, it seems I am no longer able to do OTA updates. I flashed it via SWD the first time and now when I try to do an OTA update in Device Manager I always get "Invalid value (3)". I will try putting the setting in both config files...

  • No success, still "Invalid value (3)".