Introduce new Kconfig option MCUBOOT_ENCRYPTION_KEY_FILE. If the
string is not empty Cmake will try to encrypt the final binaries using
the given key file.
Signed-off-by: Helge Juul <helge@fastmail.com>
Add --pad to imgtool.py command line arguments when generating confirmed
images, otherwise the image contains no trailer magic for writing the
confirmed status.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
When CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is set and the build system
successfully creates signed outputs, use them as the default artifacts
to flash.
This flashes the non-confirmed variant regardless of
CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE, allowing POST code in the
application to confirm the image or not. Since this is used primarily
from development, I'd hesitate to assume the confirmed image is good.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Add new Kconfig options which depend on CONFIG_BOOTLOADER_MCUBOOT:
- CONFIG_MCUBOOT_SIGNATURE_KEY_FILE: the path to the key pair which
should be used to sign the image, in PEM format. This is sent to
imgtool via 'west sign' when set to produce zephyr.signed.bin and
zephyr.signed.hex files as needed.
- CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS: additional arguments to pass to
imgtool.
- CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE: also generate
zephyr.signed.confirmed.{bin,hex}
Add build system support for these options.
This makes a separate 'west sign' step unnecessary when using MCUboot,
if the application image is properly configured with the location of
the key file.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>