nrf52nordic-semi

Getting error "undefined reference to `ecdsa_pub_key_len'" when attempting to sign an MCUBoot binary file for a Nordic nRF52840


I'm building firmware in SDK 2.6.2 with MCU Bootloader in order to be able to perform Bluetooth updates. In trying to sign the file, I ran into issues.

I created a key using:

py imgtool.py keygen -k FirmwareTorq.pem -t rsa-2048

And I put the path to the key file in CMakeLists.txt:

set(CONFIG_BOOT_SIGNATURE_KEY_FILE ${CMAKE_CURRENT_SOURCE_DIR}/../FirmwareTorq.pem)
set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/../FirmwareTorq.pem\")

My prj.conf contains:

# Enable MCUboot and FOTA
CONFIG_BOOTLOADER_MCUBOOT=y
CONFIG_NCS_SAMPLE_MCUMGR_BT_OTA_DFU=y

The output indicates that it found the key file, but has an error (highlighted below). Here is the output from the build:

Building Firmware
C:\WINDOWS\system32\cmd.exe /d /s /c "west build --build-dir c:/git/BL/Firmware/build c:/git/BL/Firmware"

[0/117] Performing build step for 'mcuboot_subimage'
[1/6] Linking C executable zephyr\zephyr_pre0.elf
FAILED: zephyr/zephyr_pre0.elf zephyr/zephyr_pre0.map C:/git/BL/Firmware/build/mcuboot/zephyr/zephyr_pre0.map
cmd.exe /C "cd . && C:\ncs\toolchains\cf2149caf2\opt\zephyr-sdk\arm-zephyr-eabi\bin\arm-zephyr-eabi-gcc.exe -gdwarf-4 zephyr/CMakeFiles/zephyr_pre0.dir/misc/empty_file.c.obj -o zephyr\zephyr_pre0.elf zephyr/CMakeFiles/offsets.dir/./arch/arm/core/offsets/offsets.c.obj -fuse-ld=bfd -T zephyr/linker_zephyr_pre0.cmd -Wl,-Map=C:/git/BL/Firmware/build/mcuboot/zephyr/zephyr_pre0.map -Wl,--whole-archive app/libapp.a zephyr/libzephyr.a zephyr/arch/common/libarch__common.a zephyr/arch/arch/arm/core/libarch__arm__core.a zephyr/arch/arch/arm/core/cortex_m/libarch__arm__core__cortex_m.a zephyr/arch/arch/arm/core/mpu/libarch__arm__core__mpu.a zephyr/lib/libc/minimal/liblib__libc__minimal.a zephyr/lib/libc/common/liblib__libc__common.a zephyr/soc/soc/arm/nordic_nrf/libsoc__arm__nordic_nrf.a zephyr/drivers/clock_control/libdrivers__clock_control.a zephyr/drivers/console/libdrivers__console.a zephyr/drivers/flash/libdrivers__flash.a zephyr/drivers/gpio/libdrivers__gpio.a zephyr/drivers/pinctrl/libdrivers__pinctrl.a zephyr/drivers/serial/libdrivers__serial.a zephyr/drivers/timer/libdrivers__timer.a modules/nrf/lib/fprotect/lib..__nrf__lib__fprotect.a modules/nrf/lib/fatal_error/lib..__nrf__lib__fatal_error.a modules/nrf/drivers/hw_cc3xx/lib..__nrf__drivers__hw_cc3xx.a modules/mcuboot/boot/bootutil/zephyr/libmcuboot_util.a modules/hal_nordic/nrfx/libmodules__hal_nordic__nrfx.a modules/segger/libmodules__segger.a -Wl,--no-whole-archive zephyr/kernel/libkernel.a -L"c:/ncs/toolchains/cf2149caf2/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/thumb/v7e-m+fp/hard" -LC:/git/BL/Firmware/build/mcuboot/zephyr -lgcc zephyr/arch/common/libisr_tables.a -mcpu=cortex-m4 -mthumb -mabi=aapcs -mfpu=fpv4-sp-d16 -mfloat-abi=hard -mfp16-format=ieee -Wl,--gc-sections -Wl,--build-id=none -Wl,--sort-common=descending -Wl,--sort-section=alignment -Wl,-u,_OffsetAbsSyms -Wl,-u,_ConfigAbsSyms -nostdlib -static -Wl,-X -Wl,-N -Wl,--orphan-handling=warn -Wl,-no-pie C:/ncs/v2.6.2/nrfxlib/crypto/nrf_cc310_platform/lib/cortex-m4/hard-float/no-interrupts/libnrf_cc310_platform_0.9.19.a C:/ncs/v2.6.2/nrfxlib/crypto/nrf_cc310_bl/lib/cortex-m4/hard-float/no-interrupts/libnrf_cc310_bl_0.9.12.a && cmd.exe /C "cd /D C:\git\BL\Firmware\build\mcuboot\zephyr && C:\ncs\toolchains\cf2149caf2\opt\bin\cmake.exe -E true""
c:/ncs/toolchains/cf2149caf2/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe: app/libapp.a(keys.c.obj):C:/ncs/v2.6.2/bootloader/mcuboot/boot/zephyr/keys.c:52: undefined reference to `ecdsa_pub_key'
c:/ncs/toolchains/cf2149caf2/opt/zephyr-sdk/arm-zephyr-eabi/bin/../lib/gcc/arm-zephyr-eabi/12.2.0/../../../../arm-zephyr-eabi/bin/ld.bfd.exe: app/libapp.a(keys.c.obj):(.rodata.bootutil_keys+0x4):

undefined reference to `ecdsa_pub_key_len'

collect2.exe: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
[11/117] Linking C static library zephyr\arch\arch\arm\core\mpu\libarch__arm__core__mpu.a
FAILED: modules/mcuboot/mcuboot_subimage-prefix/src/mcuboot_subimage-stamp/mcuboot_subimage-build mcuboot/zephyr/zephyr.hex mcuboot/zephyr/zephyr.elf C:/git/BL/Firmware/build/modules/mcuboot/mcuboot_subimage-prefix/src/mcuboot_subimage-stamp/mcuboot_subimage-build C:/git/BL/Firmware/build/mcuboot/zephyr/zephyr.hex C:/git/BL/Firmware/build/mcuboot/zephyr/zephyr.elf
cmd.exe /C "cd /D C:\git\BL\Firmware\build\mcuboot && C:\ncs\toolchains\cf2149caf2\opt\bin\cmake.exe --build . --"
[13/117] Linking C static library zephyr\arch\arch\arm\core\cortex_m\libarch__arm__core__cortex_m.a
[14/117] Linking C static library zephyr\lib\libc\common\liblib__libc__common.a
[15/117] Building C object zephyr/soc/soc/arm/nordic_nrf/CMakeFiles/soc__arm__nordic_nrf.dir/validate_enabled_instances.c.obj
[16/117] Linking C static library zephyr\lib\libc\picolibc\liblib__libc__picolibc.a
[17/117] Building C object zephyr/subsys/mgmt/mcumgr/mgmt/CMakeFiles/subsys__mgmt__mcumgr__mgmt.dir/src/mgmt.c.obj
[18/117] Building C object zephyr/subsys/mgmt/mcumgr/util/CMakeFiles/subsys__mgmt__mcumgr__util.dir/src/zcbor_bulk.c.obj
[19/117] Building C object zephyr/subsys/mgmt/mcumgr/smp/CMakeFiles/subsys__mgmt__mcumgr__smp.dir/src/smp.c.obj
ninja: build stopped: subcommand failed.
FATAL ERROR: command exited with status 1: 'C:\ncs\toolchains\cf2149caf2\opt\bin\cmake.EXE' --build 'c:\git\BL\Firmware\build'

I saw references to setting config values starting with:

CONFIG_BOOT_SIGNATURE_TYPE

but tried

CONFIG_BOOT_SIGNATURE_TYPE_RSA_2048

and it generated an error.

Your input is greatly appreciated!


Solution

  • You only need to set the key for the mcuboot child image. From my example here:

    set(mcuboot_CONFIG_BOOT_SIGNATURE_KEY_FILE \"${CMAKE_CURRENT_SOURCE_DIR}/custom_key_dir/custom_priv.pem\")
    

    I also had to set CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 in an MCUboot overlay, but that is since I used ECDSA. For RSA you would have to set the same for RSA yes, but remember to set it in child_image/mcuboot.conf or similar to set it for the child image.

    Does this fix the issue?