zephyr: imgtool: sim: support multiple keys#1
Open
JPHutchins wants to merge 1 commit intomainfrom
Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR extends MCUboot’s signing-key support to allow two embedded verification keys (same signature type) in Zephyr builds and the simulator, and updates imgtool to emit distinct symbol names so multiple keys of the same type can be linked together.
Changes:
- Zephyr: add
CONFIG_BOOT_SIGNATURE_KEY_FILE_2and generate/embed a second public key (with distinct symbol names) when configured. - imgtool: add
--name-suffixtogetpub/getpubhashforlang-c/lang-rustoutputs, plus tests and docs. - Simulator: embed multiple ED25519 verification keys behind a new
sig-second-keyfeature and add multi-key sim test coverage.
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| sim/tests/core.rs | Adds simulator integration tests covering primary/secondary/unknown signing keys. |
| sim/src/tlv.rs | Introduces SigningKey selection and uses different key material for ED25519 signatures. |
| sim/src/lib.rs | Exposes tlv module publicly so integration tests can access SigningKey. |
| sim/src/image.rs | Adds helpers to build images signed with a selected key and new secondary-slot test images. |
| sim/src/ed25519_pub_key_2-rs.txt | Adds autogenerated ED25519 secondary public key bytes for sim. |
| sim/src/ed25519_pub_key_unknown-rs.txt | Adds autogenerated “unknown” ED25519 public key bytes for sim negative tests. |
| sim/mcuboot-sys/csupport/keys.c | Adds optional second embedded verification key and computes key count from array size. |
| sim/mcuboot-sys/build.rs | Adds sig-second-key feature wiring and enforces it only with ED25519 in sim. |
| sim/mcuboot-sys/Cargo.toml | Declares sig-second-key feature for simulator bootloader build. |
| sim/Cargo.toml | Wires sig-second-key feature through to mcuboot-sys. |
| scripts/tests/test_keys.py | Adds tests verifying --name-suffix affects emitted symbol names and is rejected for raw/pem. |
| scripts/imgtool/main.py | Implements --name-suffix options for getpub/getpubhash and validates encoding constraints. |
| scripts/imgtool/keys/general.py | Adds name_suffix support to C/Rust public key and hash emitters. |
| root-ed25519-2.pem | Adds secondary ED25519 private key material for simulator/Zephyr test usage. |
| root-ed25519-unknown.pem | Adds “unknown” ED25519 private key material for simulator negative tests. |
| docs/signed_images.md | Documents Zephyr’s primary/secondary signing key configuration knobs. |
| docs/readme-zephyr.md | Updates Zephyr docs to describe two-key support and constraints. |
| docs/imgtool.md | Documents imgtool --name-suffix behavior and encoding restrictions. |
| boot/zephyr/sample.yaml | Adds a Zephyr sample test configuration exercising the second signing key option. |
| boot/zephyr/keys.c | Adds optional second key entry and computes bootutil_key_cnt from array size. |
| boot/zephyr/Kconfig | Introduces BOOT_SIGNATURE_KEY_FILE_2 with appropriate dependencies. |
| boot/zephyr/CMakeLists.txt | Generates and compiles a second public key source file with --name-suffix _2. |
| .github/workflows/sim.yaml | Adds CI coverage for sig-ed25519 sig-second-key simulator feature set. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| &ram, | ||
| &dep, | ||
| ImageManipulation::None, | ||
| Some(0), |
Collaborator
Author
There was a problem hiding this comment.
Needs further investigation.
Comment on lines
+189
to
+190
| """Map from keygen key_type names to the shortname() each key class emits, | ||
| which is the prefix used in the autogenerated C/Rust symbol names.""" |
Collaborator
Author
There was a problem hiding this comment.
Amazing that you cost $$
Comment on lines
+148
to
+149
| 'signing keys in the same image. Ignored for PEM/raw ' | ||
| 'encodings (those emit no identifiers).') |
| valid_hash_encodings[0])) | ||
| @click.option('--name-suffix', 'name_suffix', metavar='SUFFIX', default='', | ||
| help='Append SUFFIX to the emitted C symbol names (lang-c ' | ||
| 'encoding only). Ignored for raw encoding.') |
zephyr: support 2 signing keys Add optional kconfig BOOT_SIGNATURE_KEY_FILE_2. Update keys.c to support multiple keys of the same type. imgtool: add --name-suffix to getpub Update documentation and test coverage. sim: tests for multiple ed25519 keys Update sim test cases to cover multiple keys. Signed-off-by: JP Hutchins <jp@intercreate.io>
JPHutchins
force-pushed
the
feature-zephyr-multiple-signing-keys
branch
from
e035433 to
13aca63
Compare
JPHutchins
requested review from
aldenhaase,
davedesro,
intercreate-gab,
kylermconnelly and
robhelvestine
davedesro
approved these changes
Apr 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
zephyr: support 2 signing keys
Add optional kconfig BOOT_SIGNATURE_KEY_FILE_2. Update keys.c to support multiple keys of the same type.
imgtool: add --name-suffix to getpub
Update documentation and test coverage.
sim: tests for multiple ed25519 keys
Update sim test cases to cover multiple keys.
Upstream PR is in draft here: mcu-tools#2701