Multi-key support with MCUBOOT_HW_KEYS
#2311
Comments
|
It's possible that #2305 might fit your needs |
|
Ah I see. We decided to scrap that expectation for now but I'll keep an eye on that PR. Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
We are trying to use MCUboot with signature validation. For actual releases, we plan to use
MCUBOOT_HW_KEYsetting to have the production key stored externally to MCUboot.However, for development, we would like to use a dummy development key. Our end goal is that a development bootloader accepts images signed by either the production key or development key. Release bootloader should only accept images signed by the production key.
Sadly,
MCUBOOT_HW_KEYonly supports using single key (to my knowledge). We tried disablingMCUBOOT_HW_KEYfor development bootloaders & stored the keys directly but this causes an issue, because production images are signed with--public-key-format fulland development images with--public-key-format hash.This means that even if we have both keys in the development bootloader, a production image gets rejected, because it does not have the expected data in the TLV.
Is there a way to achieve what we're trying?
The text was updated successfully, but these errors were encountered: