You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Question:
Can somebody help me to clarify if it is correct that sysbuild is setting values of both CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE and CONFIG_BOOT_ENCRYPTION_KEY_FILE based on SB_CONFIG_BOOT_ENCRYPTION_KEY_FILE ?
Details: CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE according to the documentation should specify path to the public part of the encryption key, which is used by image tool to encrypt ephemeral key used to encrypt the Application image.
MCUBoot's CONFIG_BOOT_ENCRYPTION_KEY_FILE is supposed to be private part of the key to be hardcoded to bootloader binary and used for decrypting ephemeral key which is part of Application image.
I can not find any reasonable explanation why only private part of the key is being used and setting of CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE as a path to private key seems to be a bug in sysbuild files, but I may be missing something.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Question:
Can somebody help me to clarify if it is correct that sysbuild is setting values of both
CONFIG_MCUBOOT_ENCRYPTION_KEY_FILEandCONFIG_BOOT_ENCRYPTION_KEY_FILEbased onSB_CONFIG_BOOT_ENCRYPTION_KEY_FILE?Details:
CONFIG_MCUBOOT_ENCRYPTION_KEY_FILEaccording to the documentation should specify path to the public part of the encryption key, which is used by image tool to encrypt ephemeral key used to encrypt the Application image.However, sysbuild is setting value of
CONFIG_MCUBOOT_ENCRYPTION_KEY_FILEbased onSB_CONFIG_BOOT_ENCRYPTION_KEY_FILE(https://github.com/zephyrproject-rtos/zephyr/blob/v4.2.0/share/sysbuild/image_configurations/MAIN_image_default.cmake), which according to the documentation should contain path to the private part of the encryption key.MCUBoot's
CONFIG_BOOT_ENCRYPTION_KEY_FILEis supposed to be private part of the key to be hardcoded to bootloader binary and used for decrypting ephemeral key which is part of Application image.In the sysbuild files is clearly visible, that
SB_CONFIG_BOOT_ENCRYPTION_KEY_FILEis used to set value of bothCONFIG_BOOT_ENCRYPTION_KEY_FILE(https://github.com/zephyrproject-rtos/zephyr/blob/v4.2.0/share/sysbuild/images/bootloader/CMakeLists.txt) as well asCONFIG_MCUBOOT_ENCRYPTION_KEY_FILE.I can not find any reasonable explanation why only private part of the key is being used and setting of
CONFIG_MCUBOOT_ENCRYPTION_KEY_FILEas a path to private key seems to be a bug in sysbuild files, but I may be missing something.Regards,
Mirek
Beta Was this translation helpful? Give feedback.
All reactions