Part Number: CC2745R10-Q1
Other Parts Discussed in Thread: UNIFLASH, SYSCONFIG
I have been working with binaries signed with the test keys provided in the SDK. In order to add a customer private key to sign the binaries, the following steps were followed:
1. Generating keys using:
./imgtool keygen --key ~/Desktop/app-rsa-3k-pkcs-priv.pem --type rsa-3072
./imgtool keygen --key ~/Desktop/ssb-rsa-3k-pkcs-priv.pem --type rsa-3072
./imgtool keygen --key ~/Desktop/kui-rsa-3k-pkcs-priv.pem --type rsa-3072
2. Generating the key update image using:
./sbtool init --key-update-key kui-rsa-3k-pkcs-priv.pem --app-key app-rsa-3k-pkcs-priv.pem --ssb-key ssb-rsa-3k-pkcs-priv.pem
3. Flash the application image signed by the test keys (from SDK) in the primary slot.
4. Use the generated app_kui.bin and flash it via Uniflash at an unused address in the main flash region (Eg. 0xE0000).
5. Call the following code from the current application:
7. Use the generated sb_key_ring_init.h and the generated app-rsa-3k-pkcs-priv.pem key to sign my new application, and flash in the secondary slot.
However, I'm seeing that only the older application runs, not the newer one signed with the customer private keys.
Is there a way to verify that the key update was successful? Or, is there anything being missed/incorrect in the process?
