- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- MCUXpresso Software and Tools
- :
- MCUXpresso SDK
- :
- Re: MCUBoot example
MCUBoot example
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
MCUBoot example
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I tried mcuboot_opensource and ota_mcuboot_basic examples.
For educational purposes, I would like to try using unsigned images. I am already able to create an unsigned image with imgtool, but I don't know how to configure the mcuboot example.
Could you please tell me how to do that?
regards
Max
diego_charles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mastupristi
thank you for your interest! I just want to let you know that am currently checking this, as currently, I do not have guidelines for doing this.
Diego
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the meantime, I've made some changes that make this thing work, but I don't know if they're the “right” ones.
file source/sblconfig.h, commented some lines to disable signatore:
//#define CONFIG_BOOT_SIGNATURE
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048
file bootutil/nxp_port/boot.c, modified checks to call CRYPTO_InitHardware() when
file bootutil/nxp_port/keys.c, commented a line to avoid error if no signature is defined:
#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
/* This error assumes that a signature algorithm must be specified;
it does not accept the case where there is no signature. */
//#error "No public key available for given signing algorithm."
#endif
Do you think this is the right thing to do?
I propose that we modify the example to support this case as well.
regards
Max
diego_charles
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mastupristi
Thank you for your reply and patience.
We do not have guidelines to get this example at this moment, so let me try to answer as best I can right now.
Regarding, Do you think this is the right thing to do?
I agree with you, at this moment it seems to me that this approach helps to disable secure boot on the MCUBoot, however I have not been able to test.
I think that after disabling secure boot on the bootlader, the next is to sign the target image but without the keys. This means calling the imgtool with some simple commands. I have been looking and I found a porting guide made by a third party, that could help as reference ( it is not official or recommended by us) but I think it provides an idea, see the Creating an MCUboot Image from this article https://interrupt.memfault.com/blog/mcuboot-overview#fn:4
Regarding, I propose that we modify the example to support this case as well.
Thank you for your suggestion , I will share this to the SDK team, but I can not promise anything. An argument against would be the push from the MCUBoot to standarize using signed images and our MCUXpresso Secure Provisioning Tool allowing you generate only signed images for the MCUBoot. But, I agree with you for didactical purposes.
Best regards,
Diego
