Description
We are trying to use MCUboot with signature validation. For actual releases, we plan to use MCUBOOT_HW_KEY
setting to have the production key stored externally to MCUboot.
However, for development, we would like to use a dummy development key. Our end goal is that a development bootloader accepts images signed by either the production key or development key. Release bootloader should only accept images signed by the production key.
Sadly, MCUBOOT_HW_KEY
only supports using single key (to my knowledge). We tried disabling MCUBOOT_HW_KEY
for development bootloaders & stored the keys directly but this causes an issue, because production images are signed with --public-key-format full
and development images with --public-key-format hash
.
This means that even if we have both keys in the development bootloader, a production image gets rejected, because it does not have the expected data in the TLV.
Is there a way to achieve what we're trying?