Custom keys with updatable bootloader

Hi Mustafa, 
I did a test and it worked for me. I used CONFIG_SB_SIGNING_KEY_FILE="C:/Pathtoyourkey/mykey2.pem" and can see that the key file is used.

Attached is my project. Both MCUBoot and B0 use customized key files. 
 blinky_smp_uart_mykey_b0.zip

Thanks Hung, 

Actually, I've tried to debug the value CONFIG_SB_SIGNING_KEY_FILE in CMake of the bootloader in nrf but it seems that it always contains an empty string despite the assigned value in the prj.conf of the project.

Hey Hung, I have debugged it here and it seems that CONFIG_SB_SIGNING_KEY_FILE is always empty.

\nrf\subsys\bootloader\cmake\debug_keys.cmake 

# Check if debug sign key should be generated.
if( "${CONFIG_SB_SIGNING_KEY_FILE}" STREQUAL "")
  message(WARNING "
    --------------------------------------------------------------
    --- WARNING: Using generated NSIB public/private key-pair. ---
    --- It should not be used for production.                  ---
    --- See CONFIG_SB_SIGNING_KEY_FILE                         ---
    --------------------------------------------------------------
    \n"
  )

for a kind of workaround, I modified the default value to the absolute path of my key then it works fine.

I would say that modifying the default might not be the best solution. 

If you compile the code I sent with a wrong .pem file (file not exist) do you see any error ? 
For example if I set the path to the file to a wrong path

, I would receive this error: 

When I assign invlaid file location then I get an error as yours, but when I assign a valid key location then I get this message (is very strange) 

Hi Mustafa, 

It must be something wrong with cmake that it couldn't pass the CONFIG_SB_SIGNING_KEY_FILE to the bootloader. You can try to add -DSB_SIGNING_KEY_FILE=/path/to/my/pem' as the extra CMake Arguments to see if it help. 

Also please try to compile the nrf_desktop sample and select board nrf52840dk_nrf52840 . In that sample we do the same as in my example. It uses CONFIG_SB_SIGNING_KEY_FILE="configuration/nrf52840dk_nrf52840/b0_private.pem".

 Please check if you also see that the default key (meaning CONFIG_SB_SIGNING_KEY_FILE is blank) is used or not. 

Hi Hung, 

I found something weird, in my project when I choose the board ( nrf52840dk) then it works fine and the assigned key in prj.conf is detected well. but when I choose (nrf5340dk cpuapp board) then I get the warning message. 

Hi Hung, 

I found something weird, in my project when I choose the board ( nrf52840dk) then it works fine and the assigned key in prj.conf is detected well. but when I choose (nrf5340dk cpuapp board) then I get the warning message. 

Hi Mustafa, 
I don't see that problem when I built my example or build the nrfdesktop example with nRF5340dk_nrf5340_cpuapp. 
Maybe you can try compile nrfdesktop on a fresh clone of the SDK?