CONFIG_SB_PUBLIC_KEY_FILES

Public Key PEM files

Type: string

Help

Comma-separated list of absolute paths to public key pem files.
The provision hex file will contain a list of hashes of public keys.
The first public key hash is the one corresponding to the private
signing key used to sign the image. See SB_SIGNING_KEY_FILE.
The hashes of the public keys specified in this configuration will be
placed after the aforementioned public key hash, in the order
they appear in this config. The order is significant since if an image
is successfully validated against a public key in the list, all
public keys before it in the list will be invalidated.
Example value: ~/keys/pk1.pem,~/keys/pk2.pem,~/keys/pk3.pem
If config is an empty string, 2 generated debug files will be used.

Direct dependencies

SECURE_BOOT

(Includes any dependencies from ifs and menus.)

Default

  • “”

Kconfig definition

At <nRF>/subsys/bootloader/Kconfig:96

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:33<Zephyr>/modules/Kconfig:6<nRF>/doc/_build/kconfig/Kconfig.modules:2<nRF>/Kconfig.nrf:92<nRF>/subsys/Kconfig:8

Menu path: (Top) → Modules → nrf (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrf) → Nordic nRF Connect → Bootloader → Use Secure Bootloader

config SB_PUBLIC_KEY_FILES
    string "Public Key PEM files"
    default ""
    depends on SECURE_BOOT
    help
      Comma-separated list of absolute paths to public key pem files.
      The provision hex file will contain a list of hashes of public keys.
      The first public key hash is the one corresponding to the private
      signing key used to sign the image. See SB_SIGNING_KEY_FILE.
      The hashes of the public keys specified in this configuration will be
      placed after the aforementioned public key hash, in the order
      they appear in this config. The order is significant since if an image
      is successfully validated against a public key in the list, all
      public keys before it in the list will be invalidated.
      Example value: ~/keys/pk1.pem,~/keys/pk2.pem,~/keys/pk3.pem
      If config is an empty string, 2 generated debug files will be used.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)