Bootloader v25 update proposal #672
Conversation
There was a problem hiding this comment.
Thanks for the PR, good move! I haven't tested it but I agree with the general approach of splitting the two. Maybe we can find a name for the sketch that explains a bit better what it does? It's about installing the keys to enable encryption, right?
Please also have a look at my other comments.
| flash.program(&ecdsa_pub_key, SIGNING_KEY_ADDR, SIGNING_KEY_SIZE); | ||
| Serial.println("Flashed 100%"); | ||
| flash.deinit(); | ||
| Serial.println("\nBootloader update complete. It's now safe to reboot or disconnect your board."); |
There was a problem hiding this comment.
This is no longer a bootloader update, so we should probably rephrase this.
There was a problem hiding this comment.
yup 💯 i had pushed the change in another branch
| @@ -0,0 +1,155 @@ | |||
| #include "FlashIAP.h" | |||
There was a problem hiding this comment.
Can we take the opportunity to add a comment section here that explains the purpose of the sketch, what it does and how it works?
The original name of this sketch was writeKeys.ino. This is exactly what is does, it writes two keys in the flash memory:
writing the key will enable MCUboot image signature checking and image swap with encryption/decryption so i decided to rename it to enableSecurity, but i agree it is not the best, any suggestion? |
Since form the next portenta batch the default bootloader version will be v25 and it will include by default MCUboot security features (as for OPTA and GIGA). My proposal is to split the bootloader management from the security feature setup because:
/cc @marqdevx