- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- MCUXpresso软件和工具
- :
- MCUXpresso SDK
- :
- Re: Using ECDSA-P265 (and ED25519) signature in mcuboot
Using ECDSA-P265 (and ED25519) signature in mcuboot
Using ECDSA-P265 (and ED25519) signature in mcuboot
08-22-2025
04:27 AM
824 次查看
mastupristi
Senior Contributor I
Hi,
I'm trying mcuboot_opensource and ota_mcuboot_basic examples.
The example use rsa2048 out-of-the-box and works well.
Since ecdsa key pair are also provided (files bootutil/nxp_port/keys/sign-ecdsa-p256-*), I would like to try this type of signature.
I have replaced
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048
with
#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256
then I have signed the ota_mcuboot_basic binary:
python3 imgtool.py sign \
--key evkmimxrt1020_mcuboot_opensource_v2.2.0/bootutil/nxp_port/keys/sign-ecdsa-p256-priv.pem \
--align 4 \
--header-size 0x400 \
--pad-header \
--slot-size 0x100000 \
--max-sectors 800 \
--version "1.1" \
evkmimxrt1020_ota_mcuboot_basic.bin \
evkmimxrt1020_ota_mcuboot_basic_signed_ecdsap256.bin
But it doesn't work.
Which steps do I need to do to make it works?
The further test for me is to use ed25519, that is not provided out-of-the-box in the examples. Could you list the steps to make is works as well?
regards
Max
3 回复数
08-26-2025
11:50 AM
778 次查看
diego_charles
NXP TechSupport
Hi @mastupristi
Which MCU are you using? I want to test with you on the same platform.
Have you updated the MCUBoot to contain the public ECDSA_P256 key?
Diego
08-26-2025
11:50 PM
766 次查看
mastupristi
Senior Contributor I
Which MCU are you using?
RT1021. I'm testing on MIMXRT1020-EVK
Have you updated the MCUBoot to contain the public ECDSA_P256 key?
Yes, this is done automatically by the example..
in source/mcux_config.h I have substituted #define CONFIG_BOOT_ENCRYPT_RSA with #define CONFIG_BOOT_ENCRYPT_ECDSA_P256
In file source/sblconfig.h I have substituted
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048
with
#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256
in file bootutil/nxp_port/keys.c the correct key file should be selected based on the definitions:
#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
#error "No public key available for given signing algorithm."
#endif
best regards
Max
09-30-2025
10:57 PM
446 次查看
diego_charles
NXP TechSupport
Hi @mastupristi
I am sorry for the delay.
I noticed that none of our i.MX RT samples for MCUboot use the key you want. But the MCXN and MCXA examples for MCUBoot use the ecdsa-p256. I think the source could help us as a reference.
Diego
