• State Not Answered
  • Replies 10 replies
  • Subscribers 25 subscribers
  • Views 506 views
  • Users 0 members are here
Attachments (6) Download All
Nordic Case Info
  • Case ID: 287150
Options

MCUBoot private key on nrf5340dk

user103684

Hi,

I work with win10 laptop, Toolchain  nrf Connect SDK 1.6.1 on a nrf5340dk. I use peripheral_uart sample.

I follow the guide:

https://devzone.nordicsemi.com/guides/nrf-connect-sdk-guides/b/software/posts/ncs-dfu

It's work well.

But now, I need to use a private MCUBoot Key like on this ticket:

https://devzone.nordicsemi.com/f/nordic-q-a/71892/cmake-warning-using-default-mcuboot-key-it-should-not-be-used-for-production

I created the priv.pem file with opennssl:

"

-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIFOsF97yRp38uZW7PJbvFAwK1Uivv6VzIA7Kw79z3Am+oAoGCCqGSM49
AwEHoUQDQgAEHYxvVXgkcjwdhVkUDEDJ7EdLO5HAdiwDLCHXcS5uH41mMAbp8rDI
Ykb+splDuAQFsxV8sxuXZYW2zg3jb4+vxg==
-----END EC PRIVATE KEY-----

"

I put priv.pem in my repertory:

D:\elect\projets_nordic_D\dfu_peripheral_uart_private_key

I created the mcuboot.conf:

I modified the prj.conf:

I modified the CmakeList.txt:

But when I build it with west I this following "fatal error":

FATAL ERROR: command exited with status 1: 'D:\elect\ncs\v1.6.1\toolchain\opt\bin\cmake.EXE' --build 'D:\elect\projets_nordic_D\dfu_peripheral_uart_private_key\build'

Could you help to understand the error and make MCUBoot private key working ?

Best regards,

Rob

Parents
  • 0

    Hi,

    Try adding these configs to your mcuboot.conf

    CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
CONFIG_PCD=y

  • 0 in reply to user81283

    Hi Øivind,

    Thank you for your answer.

    I tried to add to mcuboot.conf:

    "

    CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
    CONFIG_PCD=y

    "

    The build work, I had this message before flashing:

    "

    D:\elect\projets_nordic_D\dfu_peripheral_uart_private_key>west flash
    -- west flash: rebuilding
    [0/17] Performing build step for 'mcuboot_subimage'
    ninja: no work to do.
    [1/11] Performing build step for 'b0_subimage'
    ninja: no work to do.
    [2/7] Performing build step for 'hci_rpmsg_subimage'
    [0/5] Performing build step for 'b0n_subimage'
    ninja: no work to do.
    -- west flash: using runner nrfjprog
    Using board 960132679
    FATAL ERROR: The hex file contains data placed in the UICR, which needs a full erase before reprogramming. Run west flash again with --force, --erase, or --recover.

    "

    So I tried: "west flash recover"

    and I had this message from the Uart:

    "

    *** Booting Zephyr OS build v2.6.0-rc1-ncs1  ***
    Attempting to boot slot 0.
    No fw_info struct found.
    Attempting to boot slot 1.
    No fw_info struct found.
    No bootable image found. Aborting boot.
    "

    It look like I miss something to make image bootable...

    Here is a zip of my project:

    Best Regards,

    Rob

  • 0 in reply to user81283

    Hi Øivind,

    I tried to increase "BOOT_MAX_IMG_SECTORS" to 256 or 512 or 1024, I added "CONFIG_BOOT_MAX_IMG_SECTORS=1024" in mcuboot.conf file,

    but I still have the same error:

    "

    *** Booting Zephyr OS build v2.6.0-rc1-ncs1  ***
    Attempting to boot slot 0.
    Attempting to boot from address 0x8200.
    Verifying signature against key 0.
    Hash: 0x2e...e0
    Firmware signature verified.
    Firmware version 1
    *** Booting Zephyr OS build v2.6.0-rc1-ncs1  ***
    I: Starting bootloader
    W: Failed reading sectors; BOOT_MAX_IMG_SECTORS=1024 - too small?
    E: Unable to find bootable image

    "

    How can I go further ?

  • 0 in reply to user81283

    Hi Øivind,

    I find the problem, now it's working.

    I change the place were I have put ''mcuboot.conf", I put inside a folder called child_image and I deleate:

    "

    if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot.conf")
        list(APPEND mcuboot_OVERLAY_CONFIG
          "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot.conf"
          )
    endif()

    "

    from CmakeLists.txt file.

    Thanks you for your help.

    Best Regards,

    Rob

  • 0 in reply to user103684

    Ah, I apologize, I saw that it was in an unusual place, but I just assumed it was allowed on the older version of the SDK.

    Great job figuring it out!

    So everything is working now?

  • 0 in reply to user81283

    Hi Øivind,

    everything work well with the sample project and the nrf5340dk.

    I tryed to verify that I can update a new version with device manager, it's work too.

    Also, I tryed to change the private key and send a bad version  from device manager, and the state was:"invalid (3)"

    So it look like I need the right private key to upgrade new soft version with DFU.

    After, I tryed the same thing with my custom board and my custom soft, everything work, except that I can upgrate with any private key... So I have a problem...

    I will make a private ticket to understand why it do not work.

    Best Regards,

    Rob.

  • 0 in reply to user81283

    Hi Øivind,

    I was wrong everything work well on the nrf5340dk and on my custom board, I just forget to change the path into "mcuboot.conf".

    Thank you for all your help.

    Best Regards,

    Rob

Reply Children
No Data
Related
Terms of service