boot: zephyr: Use private key

Change adds using own private key for MCUBoot bootloader. Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
zephyrproject-rtos · Aug 5, 2020 · bdcfc85 · bdcfc85
1 parent 71966db
commit bdcfc85
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
@@ -231,9 +231,14 @@ if(CONFIG_MCUBOOT_SERIAL)
     )
 endif()
 
+# CONF_FILE points to the KConfig configuration file of the bootloader
+get_filename_component(CONF_DIR ${CONF_FILE} DIRECTORY)
+
 if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "")
   if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
     set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE})
+  elseif(EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
+    set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
   else()
     set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})
   endif()

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -128,6 +128,11 @@ config BOOT_SIGNATURE_KEY_FILE
 	string "PEM key file"
 	default ""
 	help
+	  You can use either absolute or relative path.
+	  In case relative path is used, the build system assumes that it starts
+	  from the directory where the MCUBoot KConfig configuration file is
+	  located. If the key file is not there, the build system uses relative
+	  path that starts from the MCUBoot repository root directory.
 	  The key file will be parsed by imgtool's getpub command and a .c source
 	  with the public key information will be written in a format expected by
 	  MCUboot.