OrgZephyr/mcuboot
OrgZephyr
/
mcuboot
mirror of https://github.com/zephyrproject-rtos/mcuboot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Update Zephyr image signing instructions 

Remove the obsolete `sign.sh` script, and fixup the documentation to
refer to the new tooling.

Fixes #245.

Signed-off-by: David Brown <david.brown@linaro.org>
This commit is contained in:
David Brown 2018-04-05 14:38:08 -06:00 committed by David Brown
parent 2c05f1bccf
commit 520e31ca69
2 changed files with 8 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/readme-zephyr.md
View File

@ -93,8 +93,8 @@ keys. It is important to stress that these should never be used for
production, since the private key is publicly available in this
repository. See below on how to make your own signatures.
There is a `sign.sh` script that gives some examples of how to make
these signatures.
Images can be signed with the `scripts/imgtool.py` script. It is best
to look at `samples/zephyr/Makefile` for examples on how to use this.
### Flashing the application
@ -116,11 +116,9 @@ otherwise the bootloader will revert the application.
The signing keys used by MCUboot are represented in standard formats,
and can be generated and processed using conventional tools. However,
the Mynewt project has developed some tools to make this easier, and
the `imgtool` directory contains a small program to use these tools,
as well as some additional tools for generating and extracting public
keys. If you will be using your own keys, it is recommended to build
this tool following the directions within the directory.
`scripts/imgtool.py` is able to generate key pairs in all of the
supported formats. See [the docs](imgtool.md) for more details on
this tool.
### Generating a new keypair
@ -128,11 +126,11 @@ Generating a keypair with imgtool is a matter of running the keygen
subcommand:
```
$ imgtool keygen -k mykey.pem -t rsa-2048
$ ./scripts/imgtool.py keygen -k mykey.pem -t rsa-2048
```
The argument to `-t` should be the desired key type. See the
imgtool README.rst for more details on the possible key types.
[the docs](imgtool.md) for more details on the possible key types.
### Extracting the public key
@ -142,7 +140,7 @@ bootloader. The keys live in `boot/zephyr/keys.c`, and can be
extracted using imgtool:
```
$ imgtool getpub -k mykey.pem
$ ./scripts/imgtool.py getpub -k mykey.pem
```
This will output the public key as a C array that can be dropped

48
sign.sh
View File

@ -1,48 +0,0 @@
#! /bin/sh
# This script can be used as an example of how to sign images.
source $(dirname $0)/target.sh
# RSA signatures can be made with the signing script in the scripts
# directory.
if true; then
./scripts/zep2newt.py \
--bin ../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
--key root.pem \
--sig RSA \
--out shell.signed.bin \
--vtoff 0x200 \
--word-size 8 \
--image-version 3 \
--bit --pad 0x20000
./scripts/zep2newt.py \
--bin ../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
--key root.pem \
--sig RSA \
--vtoff 0x200 \
--word-size 8 \
--image-version 2 \
--out hello.signed.bin
fi
# Currently, ECDSA signatures need to be made with the imgtool. See
# 'imgtool' for instructions on building the tool.
if false; then
imgtool sign \
--key root_ec.pem \
--header-size 0x200 \
--version 3.0 \
--align 8 \
--pad 0x20000 \
../zephyr/samples/shell/outdir/$BOARD/zephyr.bin \
shell.signed.bin
imgtool sign \
--key root_ec.pem \
--header-size 0x200 \
--version 3.0 \
../zephyr/samples/hello_world/outdir/$BOARD/zephyr.bin \
hello.signed.bin
fi