diff options
| author | xengineering <me@xengineering.eu> | 2025-02-24 20:36:52 +0100 |
|---|---|---|
| committer | xengineering <me@xengineering.eu> | 2025-02-24 20:40:46 +0100 |
| commit | 8563e7bdf4d4be63e52601b0fbd5557e28561454 (patch) | |
| tree | 87eda04d461ecba8b51d86f41adc2ba36cd70518 /README.md | |
| parent | 5099b9846dcd8c62a877140f99936ea8f7101e4e (diff) | |
| download | iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.tar iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.tar.zst iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.zip | |
fw: Use custom MCUboot signing key
Using the MCUboot default key adds nearly not security at all.
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 19 |
1 files changed, 16 insertions, 3 deletions
@@ -5,12 +5,25 @@ Furthermore roller shutter motors should be controlled. ## Usage -The content of this repository can be build with CMake and Ninja. +The firmware for iot-contact is cryptographically signed to only allow the +device booting a firmware from a trusted source. The required key with both the +private and the public part can be generated like this: ``` -cmake -Bbuild -GNinja +./fw/zephyrproject/bootloader/mcuboot/scripts/imgtool.py \ + keygen \ + --key ~/mcuboot/key.pem \ + --type ed25519 +``` + +The content of this repository can be build with CMake and Ninja. The signing +key is passed to include the public part into the bootloader and used to sign +the application firmware: + +``` +cmake -Bbuild -GNinja -DKEY=~/mcuboot/key.pem ninja -C build -./fw/sign.sh +./fw/sign.sh ~/mcuboot/key.pem ``` Exported files related to the printed circuit board (PCB) can be found in the |