From bdcfc859d4b8b4c000a2a46906080e086d048686 Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Tue, 4 Aug 2020 02:22:55 -0700 Subject: [PATCH] boot: zephyr: Use private key Change adds using own private key for MCUBoot bootloader. Signed-off-by: Marek Pieta --- boot/zephyr/CMakeLists.txt | 5 +++++ boot/zephyr/Kconfig | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6cdb024e..abe931e5 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -231,9 +231,14 @@ if(CONFIG_MCUBOOT_SERIAL) ) endif() +# CONF_FILE points to the KConfig configuration file of the bootloader +get_filename_component(CONF_DIR ${CONF_FILE} DIRECTORY) + if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + elseif(EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) else() set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 10cd8855..f1ec0a72 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -128,6 +128,11 @@ config BOOT_SIGNATURE_KEY_FILE string "PEM key file" default "" help + You can use either absolute or relative path. + In case relative path is used, the build system assumes that it starts + from the directory where the MCUBoot KConfig configuration file is + located. If the key file is not there, the build system uses relative + path that starts from the MCUBoot repository root directory. The key file will be parsed by imgtool's getpub command and a .c source with the public key information will be written in a format expected by MCUboot.