• State Verified Answer
  • Replies 3 replies
  • Subscribers 75 subscribers
  • Views 1567 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 305678
Options

MCUBoot CONFIG_BOOT_SIGNATURE_KEY_FILE is not working.

Woo-chan Kim

I'm trying to apply DFU with MCUboot and SMP BT protocol

to signing with my key.
I try to set CONFIG_SIGNATURE_KEY_FILE in CMakeList.txt

set(BOOT_SIGNATURE_KEY_FILE
    $ENV{HOME}/Project/nRFConnectProject/caresix.pem
)

if(DEFINED BOOT_SIGNATURE_KEY_FILE)
    set(CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${BOOT_SIGNATURE_KEY_FILE}\"")
    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    set(hci_rpmsg_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    message("Signing Key is applied: ${mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE}")
endif()

But, Building project is failed and got following message.

FAILED: zephyr/net_core_app_update.bin 
cd /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/modules/mcuboot && /opt/nordic/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-objcopy --input-target=ihex --output-target=binary --gap-fill=0xff /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/hci_rpmsg/zephyr/signed_by_b0_app.hex /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_to_sign.bin && /opt/nordic/ncs/toolchains/v2.3.0/bin/python3.9 /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py sign --key /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/"/Users/woochankim/Project/nRFConnectProject/caresix.pem" --header-size 0x200 --align 4 --version 0.0.0+0 --pad-header --slot-size 0x78000 /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_to_sign.bin /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_update.bin
Traceback (most recent call last):
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py", line 22, in <module>
    main.imgtool()
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 365, in sign
    key = load_key(key) if key else None
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 85, in load_key
    key = keys.load(keyfile)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/keys/__init__.py", line 46, in load
    with open(path, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/nordic/ncs/v2.3.0/bootloader/mcuboot//Users/woochankim/Project/nRFConnectProject/caresix.pem'
[78/383] Generating ../../zephyr/net_core_app_signed.hex
FAILED: zephyr/net_core_app_signed.hex 
cd /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/modules/mcuboot && /opt/nordic/ncs/toolchains/v2.3.0/bin/python3.9 /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py sign --key /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/"/Users/woochankim/Project/nRFConnectProject/caresix.pem" --header-size 0x200 --align 4 --version 0.0.0+0 --pad-header --slot-size 0x78000 /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/hci_rpmsg/zephyr/signed_by_b0_app.hex /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_signed.hex
Traceback (most recent call last):
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py", line 22, in <module>
    main.imgtool()
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 365, in sign
    key = load_key(key) if key else None
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 85, in load_key
    key = keys.load(keyfile)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/keys/__init__.py", line 46, in load
    with open(path, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/nordic/ncs/v2.3.0/bootloader/mcuboot//Users/woochankim/Project/nRFConnectProject/caresix.pem'

finally I can find where the key path generated.
<zephyr_base>/nrf/modules/mcuboot/CMakeLists.txt

there is a bug

  if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    set(mcuboot_key_file ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
  elseif (DEFINED mcuboot_CONF_DIR)
    if (EXISTS ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
      set(mcuboot_key_file ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    endif()
  endif()

Absolute path always failed, because KCONFIG String CONFIG_BOOT_SIGNATURE_KEY_FILE wrapped with double quotes.

So, we need to fix this problem.
temporary, i add this code front of upper code.

separate_arguments(CONFIG_BOOT_SIGNATURE_KEY_FILE
    UNIX_COMMAND ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
)

thanks!!

github.com/.../56453

  • 0

    Hello,

    FileNotFoundError: [Errno 2] No such file or directory: '/opt/nordic/ncs/v2.3

    The error looks like the Application is not able to find the file you have defined. I guess you have set the key file wrongly.

    Where is your key file located? Adding custom key file is described here. Did you set the path in prj.conf file by setting CONFIG_SB_SIGNING_KEY_FILE= path/custom/key/file.

    Please expect some delay after this response as we are thinly staffed due to the Easter vacation here in Norway.

    Kind Regards,

    Abhijith

  • 0 in reply to Menon
    Hi,
    I have correctly set the key file.
    check the following full cmake file.
    #
# Copyright (c) 2018 Nordic Semiconductor
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
cmake_minimum_required(VERSION 3.20.0)

list(APPEND ZEPHYR_EXTRA_MODULES
    ${CMAKE_CURRENT_LIST_DIR}/../CaresixLibs
)

set(BOOT_SIGNATURE_KEY_FILE
    $ENV{HOME}/Project/nRFConnectProject/caresix.pem
)

if(DEFINED BOOT_SIGNATURE_KEY_FILE)
    set(CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${BOOT_SIGNATURE_KEY_FILE}\"")
    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    set(hci_rpmsg_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    message("Signing Key is applied: ${mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE}")
endif()

if(${BOARD} STREQUAL "nrf5340dk_nrf5340_cpuapp" OR
    ${BOARD} STREQUAL "nrf5340dk_nrf5340_cpuapp_ns")

  if(DEFINED SHIELD)
    string(REPLACE " " ";" SHIELD_LIST "${SHIELD}")
    message("nRF5340DK SHIELD Configurations")
    foreach(sh IN_LIST SHIELD_LIST)
      if (${sh} STREQUAL "nrf21540_ek_fwd")
          message("Find nRF21540-ek")
          list(APPEND hci_rpmsg_OVERLAY_CONFIG 
            ${CMAKE_CURRENT_LIST_DIR}/conf/hci_rpmsg/nrf5340dk_nrf5340_rf_fem.conf
          )
        break()
      endif()
    endforeach()
  endif()

endif()

if(${BOARD} STREQUAL "nk100_3_0_cpuapp" OR ${BOARD} STREQUAL "nk100_3_0_cpuapp_ns")
  message("NK100 Rev3.0 Configurations")
  list(APPEND OVERLAY_CONFIG
    ${CMAKE_CURRENT_LIST_DIR}/conf/boards/nk100_3_0_cpuapp.conf
  )
  list(APPEND hci_rpmsg_OVERLAY_CONFIG 
    ${CMAKE_CURRENT_LIST_DIR}/conf/hci_rpmsg/nk100_3_0_cpunet.conf
  )
  list(APPEND mcuboot_OVERLAY_CONFIG
    ${CMAKE_CURRENT_LIST_DIR}/conf/mcuboot/nk100_3_0.conf
  )
endif()

find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(NONE VERSION 0.0.1)

# NORDIC SDK APP START
target_sources(app PRIVATE
  src/main.c
)

# NORDIC SDK APP END
zephyr_library_include_directories(.)
    In my working environment, it makes wrong shell script like
    /opt/nordic/ncs/toolchains/v2.3.0/bin/python3.9 /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py sign --key /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/"/Users/woochankim/Project/nRFConnectProject/caresix.pem" --header-size 0x200 --align 4 --version 0.0.0+0 --pad-header --slot-size 0x78000 /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/hci_rpmsg/zephyr/signed_by_b0_app.hex /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_signed.hex
    I think you should check `/nrf/modules/mcuboot/CMakeLists.txt` file.
    thanks!
  • +1

    Hello,

    I missed this case somehow after the Easter vacation. I discussed this with my colleague but missed to convey this to you. The bug you reported here belongs to MCUboot and it should be reported in MCUboot project, not in Devzone or Zephyr.

    And I think there is a mistake in setting the variable but I need to test this. I will test this next week (Tuesday) and will get back to you.

    Kind Regards,

    Abhijith

Related
Terms of service