-
CONFIG_MCUBOOT_SIGNATURE_KEY_FILE
¶
Path to the mcuboot signing key file
Type: string
Help¶
The file contains a key pair whose public half is verified by your target’s MCUboot image. The file is in PEM format.
If set to a non-empty value, the build system tries to sign the final binaries using a ‘west sign -t imgtool’ command. The signed binaries are placed in the build directory at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME. The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN and CONFIG_BUILD_OUTPUT_HEX.
This option should contain an absolute path to the same file as the BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. (The MCUboot config option is used for the MCUboot bootloader image; this option is for your application which is to be loaded by MCUboot. The MCUboot config option can be a relative path from the MCUboot repository root; this option’s behavior is undefined for relative paths.)
If left empty, you must sign the Zephyr binaries manually.
Default¶
“”
Kconfig definition¶
At <Zephyr>/Kconfig.zephyr:412
Included via <Zephyr>/Kconfig:8
Menu path: (Top) → Boot Options → MCUboot bootloader support
config MCUBOOT_SIGNATURE_KEY_FILE
string "Path to the mcuboot signing key file"
default ""
depends on BOOTLOADER_MCUBOOT
help
The file contains a key pair whose public half is verified
by your target's MCUboot image. The file is in PEM format.
If set to a non-empty value, the build system tries to
sign the final binaries using a 'west sign -t imgtool' command.
The signed binaries are placed in the build directory
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.
This option should contain an absolute path to the same file
as the BOOT_SIGNATURE_KEY_FILE option in your MCUboot
.config. (The MCUboot config option is used for the MCUboot
bootloader image; this option is for your application which
is to be loaded by MCUboot. The MCUboot config option can be
a relative path from the MCUboot repository root; this option's
behavior is undefined for relative paths.)
If left empty, you must sign the Zephyr binaries manually.
(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)