You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are trying to use MCUboot with signature validation. For actual releases, we plan to use MCUBOOT_HW_KEY setting to have the production key stored externally to MCUboot.
However, for development, we would like to use a dummy development key. Our end goal is that a development bootloader accepts images signed by either the production key or development key. Release bootloader should only accept images signed by the production key.
Sadly, MCUBOOT_HW_KEY only supports using single key (to my knowledge). We tried disabling MCUBOOT_HW_KEY for development bootloaders & stored the keys directly but this causes an issue, because production images are signed with --public-key-format full and development images with --public-key-format hash.
This means that even if we have both keys in the development bootloader, a production image gets rejected, because it does not have the expected data in the TLV.
Is there a way to achieve what we're trying?
The text was updated successfully, but these errors were encountered:
Uh oh!
There was an error while loading. Please reload this page.
We are trying to use MCUboot with signature validation. For actual releases, we plan to use
MCUBOOT_HW_KEY
setting to have the production key stored externally to MCUboot.However, for development, we would like to use a dummy development key. Our end goal is that a development bootloader accepts images signed by either the production key or development key. Release bootloader should only accept images signed by the production key.
Sadly,
MCUBOOT_HW_KEY
only supports using single key (to my knowledge). We tried disablingMCUBOOT_HW_KEY
for development bootloaders & stored the keys directly but this causes an issue, because production images are signed with--public-key-format full
and development images with--public-key-format hash
.This means that even if we have both keys in the development bootloader, a production image gets rejected, because it does not have the expected data in the TLV.
Is there a way to achieve what we're trying?
The text was updated successfully, but these errors were encountered: