CONFIG_MCUBOOT_SIGNATURE_KEY_FILE

Path to the mcuboot signing key file

Type: string

Help

The file contains a key pair whose public half is verified by your target’s MCUboot image. The file is in PEM format.

If set to a non-empty value, the build system tries to sign the final binaries using a ‘west sign -t imgtool’ command. The signed binaries are placed in the build directory at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.

The file names can be customized with CONFIG_KERNEL_BIN_NAME. The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN and CONFIG_BUILD_OUTPUT_HEX.

This option should contain an absolute path to the same file as the BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. (The MCUboot config option is used for the MCUboot bootloader image; this option is for your application which is to be loaded by MCUboot. The MCUboot config option can be a relative path from the MCUboot repository root; this option’s behavior is undefined for relative paths.)

If left empty, you must sign the Zephyr binaries manually.

Direct dependencies

BOOTLOADER_MCUBOOT

(Includes any dependencies from ifs and menus.)

Default

  • “”

Kconfig definition

At <Zephyr>/Kconfig.zephyr:412

Included via <Zephyr>/Kconfig:8

Menu path: (Top) → Boot Options → MCUboot bootloader support

config MCUBOOT_SIGNATURE_KEY_FILE
    string "Path to the mcuboot signing key file"
    default ""
    depends on BOOTLOADER_MCUBOOT
    help
      The file contains a key pair whose public half is verified
      by your target's MCUboot image. The file is in PEM format.

      If set to a non-empty value, the build system tries to
      sign the final binaries using a 'west sign -t imgtool' command.
      The signed binaries are placed in the build directory
      at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.

      The file names can be customized with CONFIG_KERNEL_BIN_NAME.
      The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
      and CONFIG_BUILD_OUTPUT_HEX.

      This option should contain an absolute path to the same file
      as the BOOT_SIGNATURE_KEY_FILE option in your MCUboot
      .config. (The MCUboot config option is used for the MCUboot
      bootloader image; this option is for your application which
      is to be loaded by MCUboot. The MCUboot config option can be
      a relative path from the MCUboot repository root; this option's
      behavior is undefined for relative paths.)

      If left empty, you must sign the Zephyr binaries manually.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)