• State Verified Answer
  • Replies 9 replies
  • Subscribers 70 subscribers
  • Views 3082 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 292882
Options

Signing and versioning an image for MCUboot

Ryjan

This recent thread and another one I read seems to address my exact issue, but the solution does not work for me. Obviously I;m missing something. I got the error: warning: BOOT_SIGNATURE_KEY_FILE was assigned the value 'key.pem' but got the value"''. The solution seems to be to add another "child_image" folder in the root project directory and but a file called "mcuboot.conf" in it. In one solution I had looked at earlier it was recommended to add "set(mcuboot_CONF_FILE ${CMAKE_CURRENT_LIST_DIR} child_image/mcuboot.conf)" to CMakeLists.txt, but I have found that it make no difference. My mcuboot.conf file looks like this:

CONFIG_MCUBOOT_BUILD_STRATEGY_FROM_SOURCE=y
CONFIG_BOOT_SIGNATURE_KEY_FILE="C:\projects\MyLifter_stopgap/sh_myl_key.pem"

And my prj.conf filelooks like this for just the boot information:

# # MCUBOOT for OTA
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_IMG_MANAGER=y
CONFIG_IMG_ENABLE_IMAGE_CHECK=y
# CONFIG_MCUBOOT_BUILD_STRATEGY_FROM_SOURCE=y
# CONFIG_BOOT_SIGNATURE_KEY_FILE="C:\projects\MyLifter_stopgap/sh_myl_key.pem"
CONFIG_MCUBOOT_IMAGE_VERSION="0.0.0+1"

I've tried moving them all into the prj.conf file and other combinations, but it fails to build in all cases.

Right now there error I am up against is:

ninja: error: 'C:projectsMyLifter_stopgap/sh_myl_key.pem', needed by 'zephyr/autogen-pubkey.c', missing and no known rule to make it

There is a warning before it that occurs when the MCUboot image is being completed that says:

warning: The choice symbol MCUBOOT_BUILD_STRATEGY_FROM_SOURCE (defined at
C:\NCS\v1.9.1\nrf\subsys\partition_manager\Kconfig.template.build_strategy:25) was
selected (set =y), but no symbol ended up as the choice selection.

It looks like there should be another option set in my configuration, but I cannot figure out what it should be.

The warning provides a link to a non existent page in the Zephyr documentation: Click here to experience the sadness of a kite stuck in a tree.

The Kconfig documentation for "MCUBOOT_BUILD_STRATEGY_FROM_SOURCE" (found here) only shows a dependency on "BOOTLOADER_MCUBOOT" which I already have defined as "CONFIG_BOOTLOADER_MCUBOOT=y" as seen above in the prj.conf snippet.

I'm not sure where to look next. Do I need to do something to properly link it to the child image? Judging by the timing of the log messages it appears to linked into the MCUboot image build, but for some reason it  is claiming that a dependency is not satisfied.

Parents
  • 0

    Hi

    I am unsure if I understand exactly what you want. But I have a question and an example.
    Then I will read through your questions again after I get the context from your new answers:

    Question

    This recent  thread


    Can you link this again? I am not able to access it.

    Example

    I have this unofficial Manual signing sample. Is it what you are looking for? If not, how is it different?

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    The link is fixed now. I'll read that manual, thanks for the suggestion. I don't see a mistake with what I have coded to set a new signing key, but it fails to build with the new key. I am using the build system to assign the new key, but it's not working for me.

  • 0 in reply to Ryjan

    Hi

    From, this, I still guess the Manual signing sample is what you need. Let me know if it is not.

    Here are some info on how I have been setting the path to the private ket for MCUBoot:

    If you have your mcuboot.conf inside the child_image/ folder, the application will look for your key in "ncs/bootloader/mcuboot/boot/zephyr/" I think.

    To work around this, you can create a "child_image/mcuboot" folder, and place the key +  a prj.conf file inside this folder, as I show in my sample. This way, mcuboot will find your key file in your own project (See Multi Image builds for the explanation of this folder setup).

    Another alternative is to use CMake to add the key yourself. To do this, you need some extra apostrophes and backslashes, but the following line into CMakeLists.txt should point to a key in the directory below your source directory. 

    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \\"${CMAKE_CURRENT_SOURCE_DIR}/../private_key.pem\\")

    (Try "message(${CMAKE_CURRENT_SOURCE_DIR}) in CMake to test the path)

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    When newly created mcuboot.conf is placed at

                    My_Project\child_image\mcuboot.conf

    It seems to be parsed.  The single line in the mcuboot.conf

                    CONFIG_BOOT_SIGNATURE_KEY_FILE ="priv_rsa2048.pem"

    causes the build to fail with a fatal error.  Could it be the pem file is not in the correct location?  I have tried both just the file name and the absolute path with the pem file located in the

    My_Project\child_image\

    Location.  Where should it be?

     

    If I create a folder as described and then place the config file inside I do not think it is parsed such as follows:

                    My_Project\child_image\mcuboot\mcuboot.conf

    I can put garbage in the mcuboot.conf file and it makes no difference and it does not change the generated autogen-public key.

     

    When I try the alternative method of adding a line to CMakeList.txt

                    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \\"${CMAKE_CURRENT_SOURCE_DIR}/../priv_rsa2048.pem\\")

     

    And put the pem file at the root of My_Project, the project builds but the autogen-publickey.c remains unchanged and the build warning about using a public key remains.  What could be wrong with this?

    Thank you

  • 0 in reply to lCannon

    Hi ICannon,

    lCannon said:
      My_Project\child_image\mcuboot\mcuboot.conf

    Per Multi Image builds this path should be My_Project/child_image/mcuboot/prj.conf.

    lCannon said:

    When I try the alternative method of adding a line to CMakeList.txt

                    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \\"${CMAKE_CURRENT_SOURCE_DIR}/../priv_rsa2048.pem\\")

     

    And put the pem file at the root of My_Project, the project builds but the autogen-publickey.c remains unchanged and the build warning about using a public key remains.  What could be wrong with this?

    The folder structure in this case should look like this:

    Is that what you have?
    Especially mark that the priv_rsa2048.pem is located outside your project folder, as set in CMake.

    Regards,
    Sigurd Hellesvik

Reply
  • 0 in reply to lCannon

    Hi ICannon,

    lCannon said:
      My_Project\child_image\mcuboot\mcuboot.conf

    Per Multi Image builds this path should be My_Project/child_image/mcuboot/prj.conf.

    lCannon said:

    When I try the alternative method of adding a line to CMakeList.txt

                    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \\"${CMAKE_CURRENT_SOURCE_DIR}/../priv_rsa2048.pem\\")

     

    And put the pem file at the root of My_Project, the project builds but the autogen-publickey.c remains unchanged and the build warning about using a public key remains.  What could be wrong with this?

    The folder structure in this case should look like this:

    Is that what you have?
    Especially mark that the priv_rsa2048.pem is located outside your project folder, as set in CMake.

    Regards,
    Sigurd Hellesvik

Children
No Data
Related