You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add details on how to configure the MCUboot image by adding a
sysbuild/mcuboot.conf file to the application directory.
Signed-off-by: Eivind Jølsgard <[email protected]>
Copy file name to clipboardExpand all lines: doc/nrf-bm/app_dev/dfu/bootloader_keys.rst
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,6 +43,8 @@ Using a key in a project
43
43
************************
44
44
45
45
Once a key has been generated, it can be used in a project by setting the :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_KEY_FILE` sysbuild Kconfig option to the absolute path of the generated ``.pem`` key file.
46
+
For most of the samples, you must create a :file:`sysbuild.conf` file in your application directory and add the sysbuild configuation here.
47
+
You can also provide the sysbuild Kconfig option during compilation.
46
48
47
49
.. _ug_bootloader_kmu:
48
50
@@ -78,7 +80,9 @@ MCUboot can invalidate image verification keys through the ``CONFIG_BOOT_KEYS_RE
78
80
Enable this option during the MCUboot build process if there is a risk that images signed with a compromised key might contain critical vulnerabilities.
79
81
The revocation of keys is triggered when both the firmware loader and SoftDevice are using a newer key.
80
82
81
-
Number of available key slots is set by ``CONFIG_BOOT_SIGNATURE_KMU_SLOTS`` Kconfig option. These slots has to be properly provisioned. For more information refer to `Performing KMU provisioning`_.
83
+
The number of available key slots is set by the ``CONFIG_BOOT_SIGNATURE_KMU_SLOTS`` Kconfig option.
84
+
These slots have to be properly provisioned.
85
+
For more information refer to `Performing KMU provisioning`_.
82
86
83
87
.. caution::
84
88
You must enable the ``CONFIG_BOOT_KEYS_REVOCATION`` Kconfig option when creating your project.
@@ -87,3 +91,7 @@ Number of available key slots is set by ``CONFIG_BOOT_SIGNATURE_KMU_SLOTS`` Kcon
87
91
88
92
A valid signature verification must precede any key invalidation.
89
93
The last remaining key cannot be invalidated.
94
+
95
+
To enable the Kconfig options for the MCUboot image, edit the :file:`sysbuild/mcuboot.conf` file in your application directory.
96
+
For most of the samples, you must create the :file:`sysbuild` folder and the :file:`sysbuild/mcuboot.conf` file must be created.
97
+
This file applies to the MCUboot image only and is edited the same way as the :file:`prj.conf` file is used for your application image.
0 commit comments