MCUBoot signing images

Question

Hello,

I have already setup a basic firmware update project, using MCUBoot as a single stage bootloader.
I can download and install the image from an HTTP server and it's working fine.

I now need to go one step further and implement signing. I have already looked at the documentation of Image Tool (developer.nordicsemi.com/.../imgtool.html), but it's not fully clear to me.

I have generated a .pem file, which I placed in my project folder. This is where I'm at ...

By simply adding the following line to my prj.conf, the default key is still used.

CONFIG_BOOT_SIGNATURE_KEY_FILE="Absolute path to my *.pem file"

Documentation states to call "imgtool.py getpub" to extract the public key ... but where am I supposed to integrate it ? The is not file boot/zephyr/keys.c as written in the doc.

Could you please enlighten me of the signing process.
There are a lot of info on the forum, but it's not all recent and I have the feeling that the signing processed has evolved.

Thanks in advance.

Vincent

Vincent44 · Accepted Answer

Alright, no need to use imgtool (except for initial key generation). Its functions are already handled by nRF SDK. Got it. 
 
 I believe I fixed what was wrong. For the record. 
 
 First, I might have some issue with the path string formatting. This : 
 CONFIG_BOOT_SIGNATURE_KEY_FILE="C:\Users\vince\Desktop
RF9160\Mes_Applications\myApp\my_bootloader_key__1.pem" 
 has been changed to : 
 CONFIG_BOOT_SIGNATURE_KEY_FILE="C:/Users/vince/Desktop/nRF9160/Mes_Applications/myApp/my_bootloader_key__1.pem" 
 
 Second, I provided this config in the main project prj.conf instead of the bootloader/mcuboot/boot/zephyr/prj.conf 
 
 Finally, I added the following command. Also making sure that provided key was indeed ECSDA-256 format. 
 CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y 
 
 Everything is now working as expected ! 
 Thanks.

MCUBoot signing images

Top Replies