Hello,
I have an application with mcuboot that works and I can generate all the files needed following the manuals.
Looking for the production, we want the signed file to flash the microcontroller, and the encrypted file for the updates.
But, when i compile the project to create the encrypted file, the signed file is not there.
There is any way to get both?
I was looking for the script that generates this files but in the BLD file i just can see the script to create the signed file like this:
<images> <image path="${BuildArtifactFileBaseName}.bin.signed">python ${workspace_loc:Bootloader}/ra/fsp/src/rm_mcuboot_port/rm_mcuboot_port_sign.py sign --header-size 0x200 --align 128 .... ${BuildArtifactFileName} ${BuildArtifactFileBaseName}.bin.signed</image> <image path="${BuildArtifactFileBaseName}.bin.signed" security="n">python ${workspace_loc:Bootloader}/ra/fsp/src/rm_mcuboot_port/rm_mcuboot_port_sign.py sign --header-size 0x200 --align 128 ... ${BuildArtifactFileName} ${BuildArtifactFileBaseName}.bin.signed</image> </images>
Who inserts the encrypted tag?
Thanks.
Have you setup the Python signing tool as described on section 3.2 ?
www.renesas.com/.../ra6-basic-secure-bootloader-using-mcuboot-and-internal-code-flash
Hello.
Finally, i made a change in the script, and now i have both files.
In main.py file, in function sign i added this just before image create:
# if encrypted and signed file, then make first the signed without encrypted file too. if enckey is not None and key is not None: #Removing the ".encrypted" tail name outfilelength = len(outfile) newoutfile = outfile[:outfilelength-10] print (f'Generating signed non encrypted file {newoutfile}') img.create(key, public_key_format, None, dependencies, boot_record, custom_tlvs, int(encrypt_keylen), clear, baked_signature, pub_key, vector_to_sign) img.save(newoutfile, hex_addr) #Let the image be reset to start again img.load(infile)
main.zip
I attached my final script file here.