Hi,
I'm trying mcuboot_opensource and ota_mcuboot_basic examples.
The example use rsa2048 out-of-the-box and works well.
Since ecdsa key pair are also provided (files bootutil/nxp_port/keys/sign-ecdsa-p256-*), I would like to try this type of signature.
I have replaced
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048
with
#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256
then I have signed the ota_mcuboot_basic binary:
python3 imgtool.py sign \
--key evkmimxrt1020_mcuboot_opensource_v2.2.0/bootutil/nxp_port/keys/sign-ecdsa-p256-priv.pem \
--align 4 \
--header-size 0x400 \
--pad-header \
--slot-size 0x100000 \
--max-sectors 800 \
--version "1.1" \
evkmimxrt1020_ota_mcuboot_basic.bin \
evkmimxrt1020_ota_mcuboot_basic_signed_ecdsap256.bin
But it doesn't work.
Which steps do I need to do to make it works?
The further test for me is to use ed25519, that is not provided out-of-the-box in the examples. Could you list the steps to make is works as well?
regards
Max
Hi @mastupristi
Which MCU are you using? I want to test with you on the same platform.
Have you updated the MCUBoot to contain the public ECDSA_P256 key?
Diego
Which MCU are you using?
RT1021. I'm testing on MIMXRT1020-EVK
Have you updated the MCUBoot to contain the public ECDSA_P256 key?
Yes, this is done automatically by the example..
in source/mcux_config.h I have substituted #define CONFIG_BOOT_ENCRYPT_RSA with #define CONFIG_BOOT_ENCRYPT_ECDSA_P256
In file source/sblconfig.h I have substituted
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048
with
#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256
in file bootutil/nxp_port/keys.c the correct key file should be selected based on the definitions:
#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
#error "No public key available for given signing algorithm."
#endif
best regards
Max