Building and using MCUboot with RIOT¶
MCUboot began its life as the bootloader for Mynewt. It has since acquired the ability to be used as a bootloader for RIOT as well. Currently the support is limited to the nrf52dk platform.
Building the bootloader itself¶
In this first version, a prebuilt Mynewt binary is downloaded at compile time. This binary was compiled to do an integrity check, but not a signature check. In order to configure the bootloader for signature check it is necessary to re-compile it either with Mynewt or Zephyr, following the provided instructions.
In the next version, it is planned to compile MCUboot using RIOT, which should be able to boot any of the supported OS images.
Building Applications for the bootloader¶
A compatible MCUboot image can be compiled by typing:
The only variable which needs to be set is
with a valid formatted value. The format is
export IMAGE_VERSION= 1.1.1+1. This variable can be either
exported in the Makefile or manually, prior to the compilation process.
The goal is to produce an ELF file which is linked to be flashed at a
BOOTLOADER_OFFSET offset rather than the beginning of ROM. MCUboot
also expects an image padded with some specific headers containing the
version information, and trailer type-length-value records (TLVs) with
hash and signing information. This is done through the imgtool.py
application, which is executed automatically by the RIOT build system.
Signing the application¶
The application will be automatically signed with the provided key. If no key is provided, a new key will be automatically generated. The default key type is RSA-2048.
In order to use your provided key, you need to recompile the bootloader using you public key, either in Zephyr or Mynewt by following the provided procedure for the selected OS.
Flashing the application¶
The application can be flashed by typing:
This will flash both the bootloader and the application.