Signature check failed - error deploying EMX application

When I deploy my application using MF Deploy I receive “error: Signature check failed for file MyImg.sig”

This is the second time this has happened to me on a brand new board. Have I done something wrong in creating the deployment image? I followed the instructions of using

Target… Application Deployment… Create Application Deployment

from a board that I programmed first using Visual Studio, and tested out OK.

I thought the problem happened last time because I didn’t sign the deployment file, but I made sure to create a new deployment file and to sign it this time, so I don’t know why I’m receiving this error.

I am sure that if I go into Studio and hit F5 to program the EMX, it will work fine, but I want to get this Application Deployment working properly as I am anticipating a larger build of boards using the EMX and need to use MF Deploy for that.

Can anyone help? Has anyone used the application deployment before OK?

(This is a continuation of an error from a previous post that left my module in nXIP state, but now I know when the signature check error occurs, I need to select “Plug-in… Clear bootloader flag” and then “Reboot CLR” to get back to normal without having to go into the GHI Bootloader.)


Your master device or firmware or destination device have different version number.

Start fresh with all devices having the exact same firmware and using the exact same SDK

Gus, both the master device and the targets are all brand new devices shipped from GHI within the past month and I should hope they are all the same… would GHI ship multiple device versions in a single batch to a contract manufacturer? I deployed the same CLR CLR2 files to them myself. The master device is from the same production batch. I will have virgin boards to use to follow this procedure and the patience to get it working.

Can GHI can provide a step-by-step procedure I can reproduce for creating/signing an application file from a new EMX module (fw img deployed by Studio& F5) and then deploying that application to a different new EMX module using MFDeploy that will not produce a “signature check failed” error? I’m sure it’s something simple I’m doing wrong but evidently there’s not enough documentation available for me to follow otherwise I wouldn’t be getting this error.

You get this error from MFDeploy when loading? or when the device boots?

Yes the signature check error occurs as soon as the deployment is complete.

What’s wrong with this procedure?

Create firmware image:

  1. Deploy application to target using Visual Studio
  2. Using MFDeploy, Create Application Deployment file “myimage.hex” and create key file, “myimage.key”


  1. Email the .hex and .key files to the customer

Customer deploys firmware image to new (or existing) boards using MFDeploy (but otherwise identical to the boards used to generate the deployment file, including CLR firmware versions):

  1. apply power and verify can ping device… TinyClr
  2. click “Erase” button to make sure there are no remnants of any old managed application
  3. select “Manage device keys… update device key”, customer selects “myimage.key” for “New Key” and “Deployment Sector Key” from drop box and clicks OK. No “old key” is required since this is a virgin EMX module from GHI.
  4. Click “Browse…” button to select fw file “myimage.hex”
  5. Click “Deploy”

This final step produces a signature check error for me as soon as programming is complete.

Omitting all the .key file steps above - to make a simpler procedure - also produces a signature check error when “Deploy” is complete.

Is the error to be ignored because it doesn’t matter and the board is still successfully programmed?

Is there a step missing?

Having tried several combinations of steps including deploying back to the original module that I used to create the deployment file in the first place, I have concluded that the signature check error message is reported all the time no matter how the deployment file or keys are setup.

The firmware (managed application) is deployed successfully despite the error message.

This is interesting! we will give it a try in near future. We are too busy bringing out the next release with new wifi and gadgeteer.


I notice that if I deploy the CLR, CLR2, Config.HEX files together with my unsigned managed application .HEX file, I do not get a signature error check message.

It is only when I deploy the files as 2-steps, first CLR,CLR2,Config then a separate deployment of just the managed application gives the signature check error.

Try these:
-Create application deployment and deploy when you are in TinyBooter mode (Up&Down buttons then reset to enter the mode). When you ping, you should get back TinyBooter.

-Test on an a completely erased device. As in update firmware procedure, this is done by entering GHI loader and erasing everything and starting fresh to rule out other problems.

-Don’t “manage device keys” until you get the first steps working. This is an extra complication…