Building and using MCUboot with RIOT
MCUboot began its life as the bootloader for Mynewt. It has since acquired the ability to be used as a bootloader for RIOT as well. Currently the support is limited to the nrf52dk platform.
Building the bootloader itself
In this first version, a prebuilt Mynewt binary is downloaded at compile time. This binary was compiled to do an integrity check, but not a signature check. In order to configure the bootloader for signature check it is necessary to re-compile it either with Mynewt or Zephyr, following the provided instructions.
In the next version, it is planned to compile MCUboot using RIOT, which should be able to boot any of the supported OS images.
Building Applications for the bootloader
A compatible MCUboot image can be compiled by typing:
The only variable which needs to be set is
IMAGE_VERSION loaded with a valid formatted value. The format is
export IMAGE_VERSION= 1.1.1+1. This variable can be either exported in the Makefile or manually, prior to the compilation process.
The goal is to produce an ELF file which is linked to be flashed at a
BOOTLOADER_OFFSET offset rather than the beginning of ROM. MCUboot also expects an image padded with some specific headers containing the version information, and trailer type-length-value records (TLVs) with hash and signing information. This is done through the imgtool.py application, which is executed automatically by the RIOT build system.
Signing the application
The application will be automatically signed with the provided key. If no key is provided, a new key will be automatically generated. The default key type is RSA-2048.
In order to use your provided key, you need to recompile the bootloader using you public key, either in Zephyr or Mynewt by following the provided procedure for the selected OS.
Flashing the application
The application can be flashed by typing:
make flash-mcuboot. This will flash both the bootloader and the application.