帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

MCUBoot example

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

MCUBoot example

2 周之前
165 次查看
mastupristi
Senior Contributor I

Hi,

I tried mcuboot_opensource and ota_mcuboot_basic examples.

For educational purposes, I would like to try using unsigned images. I am already able to create an unsigned image with imgtool, but I don't know how to configure the mcuboot example.

Could you please tell me how to do that?

 

regards

Max

标记 (2)
0 项奖励
回复
3 回复数

1 周之前
106 次查看
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

thank you for your interest! I  just want to let you know that am currently checking this, as currently, I do not have guidelines for doing this. 

Diego

0 项奖励
回复

1 周之前
87 次查看
mastupristi
Senior Contributor I

Hi @diego_charles 

In the meantime, I've made some changes that make this thing work, but I don't know if they're the “right” ones.

file source/sblconfig.h,  commented some lines to disable signatore:

//#define CONFIG_BOOT_SIGNATURE
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048

 

file bootutil/nxp_port/boot.c, modified checks to call  CRYPTO_InitHardware() when 

 

file bootutil/nxp_port/keys.c, commented a line to avoid error if no signature is defined:

#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
/* This error assumes that a signature algorithm must be specified;
it does not accept the case where there is no signature. */
//#error "No public key available for given signing algorithm."
#endif

 

Do you think this is the right thing to do?
I propose that we modify the example to support this case as well.

 

regards

Max

回复

3 小时之前
6 次查看
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

Thank you for your reply and patience.

We do not have guidelines to get this example at this moment, so let me try to answer as best I can right now. 

RegardingDo you think this is the right thing to do?

I agree with you, at this moment it seems to me that this approach helps to disable secure boot on the MCUBoot, however I have not been able to test. 

I think that after disabling secure boot on the bootlader, the  next is to sign the target image but without the keys. This means calling the imgtool with some simple commands. I have been looking and I found a porting guide made by a third party, that could help as reference ( it is not official or recommended by us)  but I think it provides an idea, see the Creating an MCUboot Image from this article https://interrupt.memfault.com/blog/mcuboot-overview#fn:4

RegardingI propose that we modify the example to support this case as well.  

Thank you for your suggestion , I will share this to the SDK team, but I can not promise anything. An argument against would be the push from the MCUBoot to standarize using signed images and our MCUXpresso Secure Provisioning Tool allowing you generate only signed images for the MCUBoot. But, I agree with you for didactical purposes.

Best regards, 

Diego

0 项奖励
回复