Failed in building signed application binary

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Failed in building signed application binary

2,108 次查看
shengs
Contributor II

i.MX-RT1180 MCUBOOT 

你好,我在尝试运行MCUBOOT的例程,在编译OTA例程时无法生成signed固件,请帮忙看看原因。

我的环境:

MCUXpresso IDE v11.10.0

MIMXRT1180-EVK board (SCH-50577 REV C3)

SDK v2.16.000

我按默认步骤导入evkmimxrt1180_mcuboot_opensource_cm33例子,编译下载后可以正常运行,该例子readme.md里有如下描述,我的理解是搭配的OTA例子,比如evkmimxrt1180_ota_mcuboot_server_enet_cm33,需要通过post-build steps生成signed的固件。

shengs_1-1722923164640.png

于是,我按照默认步骤导入evkmimxrt1180_ota_mcuboot_server_enet_cm33

在Release模式下编译.axf文件成功,但执行post-build steps时出错,提示“Requested section .boot_hdr not found!”。请问如何解决?

shengs_0-1722922887722.png

 

标记 (2)
0 项奖励
回复
5 回复数

2,031 次查看
shengs
Contributor II

Solved by local FAE.

0 项奖励
回复

2,064 次查看
shengs
Contributor II

I think there is no need to run the image_hash_tool.py for OTA example. Because the OTA application image is loader by MCUBOOT bootloader, not the BOOT ROM of RT1180. 

Can you provide the post build script to sign the OTA application image? I tried several time refer to the readme.md, but failed to load OTA image.

0 项奖励
回复

2,003 次查看
Sam_Gao
NXP Employee
NXP Employee

Hi @shengs ,

Thanks to your question, if you want to know how to create signed AHAB for i.MXRT118x devices, please refer to this https://spsdk.readthedocs.io/en/latest/examples/rt118x/rt118x_secure_boot.html#prepare-the-environme...

Please note the resulting image must be programmed into the external memory via blhost tool.

 

Please let me know if my understanding is wrong.

B.R,

Sam

0 项奖励
回复

1,981 次查看
shengs
Contributor II

Thanks for your information!

What do you mean the signed AHAB? Can you explain it?

 

The original purpose of this topic is to sign OTA  firmware that can be loaded by MCUBOOT example. I did the following steps, then it works.

1. copy "mcuboot_opensource" directory from SDK to OTA example project's "scripts" directory.

2. delete the original post build steps script, and replaced with "python ../scripts/mcuboot_opensource/scripts/imgtool.py sign --key ../keys/sign-rsa2048-priv.pem --align 4 --header-size 0x400 --pad-header --slot-size 0x200000 --version "1.0.2" evkmimxrt1180_ota_mcuboot_server_enet_cm33.bin ota_example_SIGNED_APP2_V1.0.2.bin"

3. build OTA example, right click the evkmimxrt1180_ota_mcuboot_server_enet_cm33.axf file in the Project Explorer, click "Binary Utilities"->"Create binary". Then build again. So I have the signed bin file.

0 项奖励
回复

1,739 次查看
Sam_Gao
NXP Employee
NXP Employee

Hi @shengs 

Hope you are doing well, my apologies for the delayed response. 

It seems this issue is fixed about how to sign in RT1180 by local FAE's support. 

Let me update some details for you, and please feel free to tell me if you have any questions.

1. There is known issue about `ota_mcuboot_server_enet_cm33` or  `mcuboot_opensource_cm33` for RT1180 SDK as you mentioned, please see below picture and comments(ota_mcuboot_server_enet_cm33\scripts\mcuxpresso\readme), it seems be not able to work with IDE + image_hash_tool.py, and you have to use imgtool to do that.

Sam_Gao_0-1726829536524.png

2. About AHB, please see MCU-OTA SBL and SFW User Guide to find 5.1.1 High Assurance Boot (HAB),It is the high-assurance boot feature in the system boot ROM, that detects and prevents the execution of unauthorized software (malware) during the boot sequence.
HAB uses asymmetric cryptography to sign the image. The bootable image can be signed by the CST tool (another one tool). 

Sam_Gao_1-1726829712042.png

3. I assume that you want to know how OTA works, please see the reference as below.

  1. FOTA Design for SBL and SFW
  2. Implement Second Bootloader on i.MX RT10xx Series

 

 

 

0 项奖励
回复