mcuboot: support multiple signing keys#1
Open
JPHutchins wants to merge 1 commit into
Open
Conversation
JPHutchins
requested review from
aldenhaase,
Copilot,
davedesro,
intercreate-gab,
kylermconnelly and
robhelvestine
|
The following west manifest projects have changed revision in this Pull Request:
Additional metadata changed:
⛔ DNM label due to: 1 project with metadata changes Note: This message is automatically posted and updated by the Manifest GitHub Action. |
There was a problem hiding this comment.
Pull request overview
Draft integration of MCUboot “multiple signing keys” support into Zephyr’s sysbuild flow, including new Kconfig/CMake plumbing, documentation, and a sample demonstrating the dual-key verification use case.
Changes:
- Switch MCUboot module source to a fork/branch carrying the multi-key feature.
- Add
*_KEY_FILE_2support across sysbuild Kconfig/CMake and expose it to app configuration. - Add a new sysbuild sample + docs/release-notes updates and a new test scenario.
Reviewed changes
Copilot reviewed 19 out of 19 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| west.yml | Points MCUboot module to a fork/feature branch for the multi-key work. |
| tests/boot/test_mcuboot/testcase.yaml | Adds a new test variant enabling the second key setting. |
| tests/boot/test_mcuboot/root-ed25519-2.pem | Adds an ED25519 key file used by the new test variant. |
| share/sysbuild/images/bootloader/Kconfig | Introduces BOOT_SIGNATURE_KEY_FILE_2 and clarifies key path semantics. |
| share/sysbuild/images/bootloader/CMakeLists.txt | Normalizes signing key paths (incl. second key) before passing to MCUboot image. |
| share/sysbuild/image_configurations/MAIN_image_default.cmake | Forwards second key path into main app Kconfig (CONFIG_MCUBOOT_SIGNATURE_KEY_FILE_2). |
| share/sysbuild/image_configurations/FIRMWARE_LOADER_image_default.cmake | Forwards second key path into firmware-loader app Kconfig. |
| scripts/ci/check_compliance.py | Allows the new Kconfig symbol in compliance checks. |
| samples/sysbuild/mcuboot_dual_key/sysbuild/mcuboot.conf | Sample-specific MCUboot config fragment. |
| samples/sysbuild/mcuboot_dual_key/sysbuild.conf | Sysbuild configuration demonstrating dual accepted verification keys. |
| samples/sysbuild/mcuboot_dual_key/src/main.c | Minimal app used by the new sysbuild sample. |
| samples/sysbuild/mcuboot_dual_key/sample.yaml | Adds test definition for the new sample. |
| samples/sysbuild/mcuboot_dual_key/prj.conf | Placeholder application config for the sample. |
| samples/sysbuild/mcuboot_dual_key/keys/prod_pubkey.pem | Public-only PEM embedded as the “production” verification key in the sample. |
| samples/sysbuild/mcuboot_dual_key/README.rst | End-to-end documentation for the dual-key sysbuild sample. |
| samples/sysbuild/mcuboot_dual_key/CMakeLists.txt | Sysbuild-enabled sample CMake wiring. |
| modules/Kconfig.mcuboot | Adds MCUBOOT_SIGNATURE_KEY_FILE_2 to expose the second key path to app builds. |
| doc/releases/release-notes-4.5.rst | Release note entry for the new sysbuild option and sample. |
| doc/build/signing/index.rst | Documents SB_CONFIG_BOOT_SIGNATURE_KEY_FILE_2 in the signing guide. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
JPHutchins
force-pushed
the
mcuboot/multiple-signing-keys
branch
2 times, most recently
from
7c86709 to
6ea44fe
Compare
Collaborator
Author
|
Good results by following the readme! |
Comment on lines
+32
to
+34
| --slot-size=${slot_size} | ||
| --overwrite-only | ||
| --align=1 |
| --key=${ZEPHYR_MCUBOOT_MODULE_DIR}/root-ed25519-2.pem | ||
| ${image}.hex ${image}.signed.prod.hex | ||
| COMMAND ${imgtool_sign} | ||
| --key=${ZEPHYR_MCUBOOT_MODULE_DIR}/root-ed25519-unknown.pem |
Comment on lines
+22
to
+24
| # and resolve relative entries against the main application directory, so an | ||
| # application can ship keys under its own source tree and reference them by | ||
| # relative path -- the same resolution cmake/mcuboot.cmake performs app-side. |
davedesro
approved these changes
May 29, 2026
Draft commit. Signed-off-by: JP Hutchins <jp@intercreate.io>
JPHutchins
force-pushed
the
mcuboot/multiple-signing-keys
branch
from
6ea44fe to
5c070ce
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft integration for mcu-tools/mcuboot#2701