Hello,
I have an application with mcuboot that works and I can generate all the files needed following the manuals.
Looking for the production, we want the signed file to flash the microcontroller, and the encrypted file for the updates.
But, when i compile the project to create the encrypted file, the signed file is not there.
There is any way to get both?
I was looking for the script that generates this files but in the BLD file i just can see the script to create the signed file like this:
<images> <image path="${BuildArtifactFileBaseName}.bin.signed">python ${workspace_loc:Bootloader}/ra/fsp/src/rm_mcuboot_port/rm_mcuboot_port_sign.py sign --header-size 0x200 --align 128 .... ${BuildArtifactFileName} ${BuildArtifactFileBaseName}.bin.signed</image> <image path="${BuildArtifactFileBaseName}.bin.signed" security="n">python ${workspace_loc:Bootloader}/ra/fsp/src/rm_mcuboot_port/rm_mcuboot_port_sign.py sign --header-size 0x200 --align 128 ... ${BuildArtifactFileName} ${BuildArtifactFileBaseName}.bin.signed</image> </images>
Who inserts the encrypted tag?
Thanks.
Have you setup the Python signing tool as described on section 3.2 ?
www.renesas.com/.../ra6-basic-secure-bootloader-using-mcuboot-and-internal-code-flash
yes, I did.
As far i know after some test, if the project has defined the variable MCUBOOT_IMAGE_ENC_KEY the script makes automatically the encrypted file. Now i'm trying to make a post-build command that call this script with undefined MCUBOOT_IMAGE_ENC_KEY.
My preferred way is changing the script, but this is beyond my knowledge. Any other way?
Hello.
Finally, i made a change in the script, and now i have both files.
In main.py file, in function sign i added this just before image create:
# if encrypted and signed file, then make first the signed without encrypted file too. if enckey is not None and key is not None: #Removing the ".encrypted" tail name outfilelength = len(outfile) newoutfile = outfile[:outfilelength-10] print (f'Generating signed non encrypted file {newoutfile}') img.create(key, public_key_format, None, dependencies, boot_record, custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key, vector_to_sign) img.save(newoutfile, hex_addr) #Let the image be reset to start again img.load(infile)
main.zip
I attached my final script file here.