diff options
| author | xengineering <me@xengineering.eu> | 2025-02-24 20:36:52 +0100 |
|---|---|---|
| committer | xengineering <me@xengineering.eu> | 2025-02-24 20:40:46 +0100 |
| commit | 8563e7bdf4d4be63e52601b0fbd5557e28561454 (patch) | |
| tree | 87eda04d461ecba8b51d86f41adc2ba36cd70518 /fw/sign.sh | |
| parent | 5099b9846dcd8c62a877140f99936ea8f7101e4e (diff) | |
| download | iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.tar iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.tar.zst iot-contact-8563e7bdf4d4be63e52601b0fbd5557e28561454.zip | |
fw: Use custom MCUboot signing key
Using the MCUboot default key adds nearly not security at all.
Diffstat (limited to 'fw/sign.sh')
| -rwxr-xr-x | fw/sign.sh | 15 |
1 files changed, 12 insertions, 3 deletions
@@ -12,15 +12,24 @@ set -euf ROOT="$(dirname "$0")" MCUBOOT="${ROOT}/zephyrproject/bootloader/mcuboot" IMGTOOL="${MCUBOOT}/scripts/imgtool.py" -KEY="${MCUBOOT}/root-rsa-2048.pem" INPUT="${ROOT}/../build/fw/zephyr/zephyr.bin" OUTPUT="${INPUT}.signed" +if test $# -ne 1 +then + echo "Please provide the path to the MCUboot signing key as single argument." + exit 1 +fi + +key="$1" + python $IMGTOOL sign \ --version 0.0.0 \ --header-size 0x200 \ --slot-size 0xc0000 \ - --key "${KEY}" \ + --key "${key}" \ "${INPUT}" \ - "${OUTPUT}" + "${OUTPUT}" > /dev/null + +echo "Signed application firmware: ${OUTPUT}" |