From 8563e7bdf4d4be63e52601b0fbd5557e28561454 Mon Sep 17 00:00:00 2001
From: xengineering <me@xengineering.eu>
Date: Mon, 24 Feb 2025 20:36:52 +0100
Subject: fw: Use custom MCUboot signing key

Using the MCUboot default key adds nearly not security at all.
---
 fw/sign.sh | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'fw/sign.sh')

diff --git a/fw/sign.sh b/fw/sign.sh
index 343a038..2ae31bb 100755
--- a/fw/sign.sh
+++ b/fw/sign.sh
@@ -12,15 +12,24 @@ set -euf
 ROOT="$(dirname "$0")"
 MCUBOOT="${ROOT}/zephyrproject/bootloader/mcuboot"
 IMGTOOL="${MCUBOOT}/scripts/imgtool.py"
-KEY="${MCUBOOT}/root-rsa-2048.pem"
 INPUT="${ROOT}/../build/fw/zephyr/zephyr.bin"
 OUTPUT="${INPUT}.signed"
 
 
+if test $# -ne 1
+then
+	echo "Please provide the path to the MCUboot signing key as single argument."
+	exit 1
+fi
+
+key="$1"
+
 python $IMGTOOL sign \
 	--version 0.0.0 \
 	--header-size 0x200 \
 	--slot-size 0xc0000 \
-	--key "${KEY}" \
+	--key "${key}" \
 	"${INPUT}" \
-	"${OUTPUT}"
+	"${OUTPUT}" > /dev/null
+
+echo "Signed application firmware: ${OUTPUT}"
-- 
cgit v1.2.3-70-g09d2