ヘルプ
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Using ECDSA-P265 (and ED25519) signature in mcuboot

キャンセル
提案をオンにする
自動提案では、入力時に可能な一致が提案されるので検索結果を素早く絞り込むことができます。
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

Using ECDSA-P265 (and ED25519) signature in mcuboot

‎08-22-2025 04:27 AM
355件の閲覧回数
mastupristi
Senior Contributor I

Hi,

 

I'm trying mcuboot_opensource and ota_mcuboot_basic examples.

The example use rsa2048 out-of-the-box and works well.

Since ecdsa key pair are also provided (files bootutil/nxp_port/keys/sign-ecdsa-p256-*), I would like to try this type of signature.

I have replaced 

#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048


with

#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256


then I have signed the ota_mcuboot_basic binary:

python3 imgtool.py sign \
	--key evkmimxrt1020_mcuboot_opensource_v2.2.0/bootutil/nxp_port/keys/sign-ecdsa-p256-priv.pem \
        --align 4 \
	--header-size 0x400 \
	--pad-header \
	--slot-size 0x100000 \
	--max-sectors 800 \
	--version "1.1" \
        evkmimxrt1020_ota_mcuboot_basic.bin \
	evkmimxrt1020_ota_mcuboot_basic_signed_ecdsap256.bin

 

But it doesn't work.

Which steps do I need to do to make it works?

 

The further test for me is to use ed25519, that is not provided out-of-the-box in the examples. Could you list the steps to make is works as well?

 

regards

Max

タグ(3)
0 件の賞賛
返信
2 返答(返信)

‎08-26-2025 11:50 AM
309件の閲覧回数
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

Which MCU are you using?  I want to test with you on the same platform.

Have you updated the MCUBoot to contain the public ECDSA_P256 key? 

Diego

0 件の賞賛
返信

‎08-26-2025 11:50 PM
297件の閲覧回数
mastupristi
Senior Contributor I

Hi @diego_charles 

 

Which MCU are you using?

RT1021. I'm testing on MIMXRT1020-EVK

 

Have you updated the MCUBoot to contain the public ECDSA_P256 key?

Yes, this is done automatically by the example..

in source/mcux_config.h I have substituted #define CONFIG_BOOT_ENCRYPT_RSA with #define CONFIG_BOOT_ENCRYPT_ECDSA_P256
In file source/sblconfig.h I have substituted 

#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048

with

#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256

 

in file bootutil/nxp_port/keys.c the correct key file should be selected based on the definitions:

#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
#error "No public key available for given signing algorithm."
#endif

 

best regards

Max

0 件の賞賛
返信