MCUBoot example

mastupristi · ‎08-20-2025

Hi,

I tried mcuboot_opensource and ota_mcuboot_basic examples.

For educational purposes, I would like to try using unsigned images. I am already able to create an unsigned image with imgtool, but I don't know how to configure the mcuboot example.

Could you please tell me how to do that?

regards

Max

diego_charles · ‎08-26-2025

Hi @mastupristi

thank you for your interest! I just want to let you know that am currently checking this, as currently, I do not have guidelines for doing this.

Diego

mastupristi · ‎08-26-2025

Hi @diego_charles

In the meantime, I've made some changes that make this thing work, but I don't know if they're the “right” ones.

file source/sblconfig.h, commented some lines to disable signatore:

//#define CONFIG_BOOT_SIGNATURE
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
//#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048

file bootutil/nxp_port/boot.c, modified checks to call CRYPTO_InitHardware() when

file bootutil/nxp_port/keys.c, commented a line to avoid error if no signature is defined:

#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
/* This error assumes that a signature algorithm must be specified;
it does not accept the case where there is no signature. */
//#error "No public key available for given signing algorithm."
#endif

Do you think this is the right thing to do?
I propose that we modify the example to support this case as well.

regards

Max

diego_charles · ‎09-05-2025

Hi @mastupristi

Thank you for your reply and patience.

We do not have guidelines to get this example at this moment, so let me try to answer as best I can right now.

Regarding, Do you think this is the right thing to do?

I agree with you, at this moment it seems to me that this approach helps to disable secure boot on the MCUBoot, however I have not been able to test.

I think that after disabling secure boot on the bootlader, the next is to sign the target image but without the keys. This means calling the imgtool with some simple commands. I have been looking and I found a porting guide made by a third party, that could help as reference ( it is not official or recommended by us) but I think it provides an idea, see the Creating an MCUboot Image from this article https://interrupt.memfault.com/blog/mcuboot-overview#fn:4

Regarding, I propose that we modify the example to support this case as well.

Thank you for your suggestion , I will share this to the SDK team, but I can not promise anything. An argument against would be the push from the MCUBoot to standarize using signed images and our MCUXpresso Secure Provisioning Tool allowing you generate only signed images for the MCUBoot. But, I agree with you for didactical purposes.

Best regards,

Diego