MCUBoot CONFIG_BOOT_SIGNATURE_KEY_FILE is not working.

Question

I'm trying to apply DFU with MCUboot and SMP BT protocol

to signing with my key.
I try to set CONFIG_SIGNATURE_KEY_FILE in CMakeList.txt

set(BOOT_SIGNATURE_KEY_FILE
    $ENV{HOME}/Project/nRFConnectProject/caresix.pem
)

if(DEFINED BOOT_SIGNATURE_KEY_FILE)
    set(CONFIG_BOOT_SIGNATURE_KEY_FILE "\"${BOOT_SIGNATURE_KEY_FILE}\"")
    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    set(hci_rpmsg_CONFIG_BOOT_SIGNATURE_KEY_FILE 
      ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
    )
    message("Signing Key is applied: ${mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE}")
endif()

But, Building project is failed and got following message.

FAILED: zephyr/net_core_app_update.bin 
cd /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/modules/mcuboot && /opt/nordic/ncs/toolchains/v2.3.0/opt/zephyr-sdk/arm-zephyr-eabi/bin/arm-zephyr-eabi-objcopy --input-target=ihex --output-target=binary --gap-fill=0xff /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/hci_rpmsg/zephyr/signed_by_b0_app.hex /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_to_sign.bin && /opt/nordic/ncs/toolchains/v2.3.0/bin/python3.9 /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py sign --key /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/"/Users/woochankim/Project/nRFConnectProject/caresix.pem" --header-size 0x200 --align 4 --version 0.0.0+0 --pad-header --slot-size 0x78000 /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_to_sign.bin /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_update.bin
Traceback (most recent call last):
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py", line 22, in <module>
    main.imgtool()
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 365, in sign
    key = load_key(key) if key else None
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 85, in load_key
    key = keys.load(keyfile)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/keys/__init__.py", line 46, in load
    with open(path, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/nordic/ncs/v2.3.0/bootloader/mcuboot//Users/woochankim/Project/nRFConnectProject/caresix.pem'
[78/383] Generating ../../zephyr/net_core_app_signed.hex
FAILED: zephyr/net_core_app_signed.hex 
cd /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/modules/mcuboot && /opt/nordic/ncs/toolchains/v2.3.0/bin/python3.9 /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py sign --key /opt/nordic/ncs/v2.3.0/bootloader/mcuboot/"/Users/woochankim/Project/nRFConnectProject/caresix.pem" --header-size 0x200 --align 4 --version 0.0.0+0 --pad-header --slot-size 0x78000 /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/hci_rpmsg/zephyr/signed_by_b0_app.hex /Users/woochankim/Project/nRFConnectProject/peripheral_lbs_rf_fem/build_nrf5340dk/zephyr/net_core_app_signed.hex
Traceback (most recent call last):
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool.py", line 22, in <module>
    main.imgtool()
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/opt/nordic/ncs/toolchains/v2.3.0/Cellar/[email protected]/3.9.6/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 365, in sign
    key = load_key(key) if key else None
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/main.py", line 85, in load_key
    key = keys.load(keyfile)
  File "/opt/nordic/ncs/v2.3.0/bootloader/mcuboot/scripts/imgtool/keys/__init__.py", line 46, in load
    with open(path, 'rb') as f:
FileNotFoundError: [Errno 2] No such file or directory: '/opt/nordic/ncs/v2.3.0/bootloader/mcuboot//Users/woochankim/Project/nRFConnectProject/caresix.pem'

finally I can find where the key path generated.
<zephyr_base>/nrf/modules/mcuboot/CMakeLists.txt

there is a bug

  if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    set(mcuboot_key_file ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
  elseif (DEFINED mcuboot_CONF_DIR)
    if (EXISTS ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
      set(mcuboot_key_file ${mcuboot_CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
    endif()
  endif()

Absolute path always failed, because KCONFIG String CONFIG_BOOT_SIGNATURE_KEY_FILE wrapped with double quotes.

So, we need to fix this problem.
temporary, i add this code front of upper code.

separate_arguments(CONFIG_BOOT_SIGNATURE_KEY_FILE
    UNIX_COMMAND ${CONFIG_BOOT_SIGNATURE_KEY_FILE}
)

thanks!!

github.com/.../56453

Menon · Accepted Answer

Hello, 
 I missed this case somehow after the Easter vacation. I discussed this with my colleague but missed to convey this to you. The bug you reported here belongs to MCUboot and it should be reported in MCUboot project , not in Devzone or Zephyr. 
 And I think there is a mistake in setting the variable but I need to test this. I will test this next week (Tuesday) and will get back to you. 
 Kind Regards, 
 Abhijith

MCUBoot CONFIG_BOOT_SIGNATURE_KEY_FILE is not working.

Top Replies