• State Not Answered
  • Replies 10 replies
  • Subscribers 74 subscribers
  • Views 2252 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 302790
Options

Custom keys with updatable bootloader

Mustafa

Hey,

I'm trying to assign custom keys to the immutable nrf secure bootloader and to the updatable mcuboot, but without luck. I still get warning messages from both bootloaders regarding development keys still being used 

snapshots of the prj.conf and mcuboot.conf

mcuboot.conf

CONFIG_BOOT_SIGNATURE_KEY_FILE="priv.pem"
CONFIG_BOOT_ENCRYPT_RSA=n
CONFIG_BOOT_SIGNATURE_TYPE_RSA=n
CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y 
CONFIG_BOOT_UPGRADE_ONLY=y
CONFIG_LOG=y
CONFIG_LOG_MODE_MINIMAL=y
CONFIG_FW_INFO_FIRMWARE_VERSION=8

prj.conf

# DFU

CONFIG_FW_INFO=y
CONFIG_FW_INFO_FIRMWARE_VERSION=3

# mcuboot updatable Bootloader
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_MCUMGR=y
CONFIG_MCUMGR_SMP_BT=y
CONFIG_MCUMGR_SMP_BT_AUTHEN=n
CONFIG_MCUMGR_SMP_BT_CONN_PARAM_CONTROL=y
CONFIG_MCUMGR_CMD_IMG_MGMT=y
CONFIG_MCUMGR_CMD_OS_MGMT=y

CONFIG_IMG_MANAGER=y
CONFIG_MCUBOOT_IMG_MANAGER=y
CONFIG_IMG_ERASE_PROGRESSIVELY=y
CONFIG_NRF53_UPGRADE_NETWORK_CORE=y
# # Enable statistics and statistic names.
# CONFIG_STATS=y
# CONFIG_STATS_NAMES=y
# CONFIG_MCUMGR_CMD_STAT_MGMT=y

# Enable MCUmgr Packet Reassembly feature over Bluetooth and its
# configuration dependencies. MCUmgr buffer size is optimized to fit one SMP
# packet divided into five Bluetooth Write Commands, transmitted with the
# maximum possible MTU value: 498 bytes.
CONFIG_MCUMGR_SMP_REASSEMBLY_BT=y
CONFIG_MCUMGR_BUF_SIZE=2475
CONFIG_OS_MGMT_MCUMGR_PARAMS=y

# Enable custom SMP request to erase settings partition.
# CONFIG_MCUMGR_GRP_ZEPHYR_BASIC=y
# CONFIG_MCUMGR_GRP_BASIC_CMD_STORAGE_ERASE=y

# Nordic Secure Immutable Bootloader
CONFIG_SECURE_BOOT=y
CONFIG_SB_SIGNING_KEY_FILE="priv.pem"
CONFIG_BUILD_S1_VARIANT=y
# Need to lower the number of counter slots to be able to update several times. Do not know the best number yet.
CONFIG_SB_NUM_VER_COUNTER_SLOTS=120
CONFIG_MCUBOOT_IMAGE_VERSION="2.2.2"

the project structure

my_project

    - child_image
        - mcuboot.conf
        -priv.pem
 

     - src
     - prj.conf
     - priv.pem

even I've tried to assign the key directly inside the bootloader/mcuboot/boot/zephyr/prj.conf but I got the same result even though the output log shows that priv.pem is used


  The key type is ecdsa-p256 

updating the bootloader and the application works fine but still uses the development keys. 

 

Could you please tell me what else I can do to solve this problem?

I really appreciate any help you can provide.

SDK; v2.2

soc: nrf5340

Parents
  • 0

    Hi Mustafa, 
    I did a test and it worked for me. I used CONFIG_SB_SIGNING_KEY_FILE="C:/Pathtoyourkey/mykey2.pem" and can see that the key file is used.

    Attached is my project. Both MCUBoot and B0 use customized key files. 
     blinky_smp_uart_mykey_b0.zip

  • 0 in reply to Hung Bui

    Thanks Hung, 

    Actually, I've tried to debug the value CONFIG_SB_SIGNING_KEY_FILE in CMake of the bootloader in nrf but it seems that it always contains an empty string despite the assigned value in the prj.conf of the project.

  • 0 in reply to Mustafa

    Hi Mustafa, 
    Which exact key was empty and which exact file you looked at ? Could you take a screenshot  ? 
    Have you tried to change the key and test if you can update MCBoot when you change the key but test with the MCUBoot image signed by the previous key  ? 

    The CONFIG_SB_SIGNING_KEY_FILE is fed to B0 from inside \nrf\subsys\bootloader\cmake\debug_keys.cmake 

    # Check if debug sign key should be generated.
if( "${CONFIG_SB_SIGNING_KEY_FILE}" STREQUAL "")
  message(WARNING "
    --------------------------------------------------------------
    --- WARNING: Using generated NSIB public/private key-pair. ---
    --- It should not be used for production.                  ---
    --- See CONFIG_SB_SIGNING_KEY_FILE                         ---
    --------------------------------------------------------------
    \n"
  )

  set(DEBUG_SIGN_KEY ${PROJECT_BINARY_DIR}/GENERATED_NON_SECURE_SIGN_KEY_PRIVATE.pem)
  set(SIGNATURE_PRIVATE_KEY_FILE ${DEBUG_SIGN_KEY})
  add_custom_command(
    OUTPUT
    ${DEBUG_SIGN_KEY}
    COMMAND
    ${PRIV_CMD}
    --out ${DEBUG_SIGN_KEY}
    WORKING_DIRECTORY ${APPLICATION_BINARY_DIR}
    COMMENT
    "Generating signing key"
    USES_TERMINAL
    )
  add_custom_target(
    debug_sign_key_target
    DEPENDS
    ${DEBUG_SIGN_KEY}
    )
  set(SIGN_KEY_FILE_DEPENDS debug_sign_key_target)
else()
  # Resolve path.
  if(IS_ABSOLUTE ${CONFIG_SB_SIGNING_KEY_FILE})
    set(SIGNATURE_PRIVATE_KEY_FILE ${CONFIG_SB_SIGNING_KEY_FILE})
  else()
    set(SIGNATURE_PRIVATE_KEY_FILE
      ${CMAKE_SOURCE_DIR}/${CONFIG_SB_SIGNING_KEY_FILE})
  endif()

  if (NOT EXISTS ${SIGNATURE_PRIVATE_KEY_FILE})
    message(FATAL_ERROR "Config points to non-existing PEM file '${SIGNATURE_PRIVATE_KEY_FILE}'")
  endif()
endif()

    CONFIG_SB_SIGNING_KEY_FILE  value is assigned to SIGNATURE_PRIVATE_KEY_FILE.

    When I tested by removing the key in the prj.conf of the application I saw this when building: 

    If I have the key set in prj.conf of the application, I don't see that warning when built: 


  • 0 in reply to Hung Bui

    Hey Hung, I have debugged it here and it seems that CONFIG_SB_SIGNING_KEY_FILE is always empty.

    \nrf\subsys\bootloader\cmake\debug_keys.cmake 

     

    # Check if debug sign key should be generated.
if( "${CONFIG_SB_SIGNING_KEY_FILE}" STREQUAL "")
  message(WARNING "
    --------------------------------------------------------------
    --- WARNING: Using generated NSIB public/private key-pair. ---
    --- It should not be used for production.                  ---
    --- See CONFIG_SB_SIGNING_KEY_FILE                         ---
    --------------------------------------------------------------
    \n"
  )

    for a kind of workaround, I modified the default value to the absolute path of my key then it works fine.

  • 0 in reply to Mustafa

    I would say that modifying the default might not be the best solution. 

    If you compile the code I sent with a wrong .pem file (file not exist) do you see any error ? 
    For example if I set the path to the file to a wrong path

    CONFIG_SB_SIGNING_KEY_FILE="C:/wrongpath/mykey2.pem"

    , I would receive this error: 

  • 0 in reply to Hung Bui

    When I assign invlaid file location then I get an error as yours, but when I assign a valid key location then I get this message (is very strange) 

  • 0 in reply to Mustafa

    Hi Mustafa, 


    It must be something wrong with cmake that it couldn't pass the CONFIG_SB_SIGNING_KEY_FILE to the bootloader. You can try to add -DSB_SIGNING_KEY_FILE=/path/to/my/pem' as the extra CMake Arguments to see if it help. 


    Also please try to compile the nrf_desktop sample and select board nrf52840dk_nrf52840 . In that sample we do the same as in my example. It uses CONFIG_SB_SIGNING_KEY_FILE="configuration/nrf52840dk_nrf52840/b0_private.pem".

     Please check if you also see that the default key (meaning CONFIG_SB_SIGNING_KEY_FILE is blank) is used or not. 

Reply
  • 0 in reply to Mustafa

    Hi Mustafa, 


    It must be something wrong with cmake that it couldn't pass the CONFIG_SB_SIGNING_KEY_FILE to the bootloader. You can try to add -DSB_SIGNING_KEY_FILE=/path/to/my/pem' as the extra CMake Arguments to see if it help. 


    Also please try to compile the nrf_desktop sample and select board nrf52840dk_nrf52840 . In that sample we do the same as in my example. It uses CONFIG_SB_SIGNING_KEY_FILE="configuration/nrf52840dk_nrf52840/b0_private.pem".

     Please check if you also see that the default key (meaning CONFIG_SB_SIGNING_KEY_FILE is blank) is used or not. 

Children
Related
Terms of service