The latest development version of this page may be more current than this released 2.7.5 version.

CONFIG_MCUBOOT_SIGNATURE_KEY_FILE¶

Path to the mcuboot signing key file

Type: string

Help¶

The file contains a key pair whose public half is verified
by your target's MCUboot image. The file is in PEM format.

If set to a non-empty value, the build system tries to
sign the final binaries using a 'west sign -t imgtool' command.
The signed binaries are placed in the build directory
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.

The file names can be customized with CONFIG_KERNEL_BIN_NAME.
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
and CONFIG_BUILD_OUTPUT_HEX.

This option should contain a path to the same file as the
BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
may be absolute or relative to the west workspace topdir. (The MCUboot
config option is used for the MCUboot bootloader image; this option is
for your application which is to be loaded by MCUboot. The MCUboot
config option can be a relative path from the MCUboot repository
root.)

If left empty, you must sign the Zephyr binaries manually.

Direct dependencies¶

BOOTLOADER_MCUBOOT

(Includes any dependencies from ifs and menus.)

Default¶

“”

Kconfig definition¶

At Kconfig.zephyr:565

Included via Kconfig:8

Menu path: (Top) → Boot Options → MCUboot bootloader support

config MCUBOOT_SIGNATURE_KEY_FILE
    string "Path to the mcuboot signing key file"
    default ""
    depends on BOOTLOADER_MCUBOOT
    help
      The file contains a key pair whose public half is verified
      by your target's MCUboot image. The file is in PEM format.

      If set to a non-empty value, the build system tries to
      sign the final binaries using a 'west sign -t imgtool' command.
      The signed binaries are placed in the build directory
      at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.

      The file names can be customized with CONFIG_KERNEL_BIN_NAME.
      The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
      and CONFIG_BUILD_OUTPUT_HEX.

      This option should contain a path to the same file as the
      BOOT_SIGNATURE_KEY_FILE option in your MCUboot .config. The path
      may be absolute or relative to the west workspace topdir. (The MCUboot
      config option is used for the MCUboot bootloader image; this option is
      for your application which is to be loaded by MCUboot. The MCUboot
      config option can be a relative path from the MCUboot repository
      root.)

      If left empty, you must sign the Zephyr binaries manually.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)