Main Site Documentation

Signing Device and Application


#1

Has somebody already tried to sign his application and the device with a key with MFDeploy? I just tried this feature, but also after updating the device with my key, I can still deploy every deploment file to the device - no matter if signer oder not.
Is this feature working? Or did I something wrong?


#2

This should be working. It was tested before.


#3

What can going wrong? I followed these steps:

  1. Debugging my App with VS2010 to the chipworkx module
  2. Loading the hex-file with Application Deployment - create application deployment
  3. Create a key with Create Key Pair and store the Key
  4. Sign the module with the created key with Update Device Keys (Public Key Indes: Deployment sector key
  5. Deploying the unsigned Hex-File to the signed module and being surprised, because it works.

What was going wrong? Shouldn’t it be impossible to deploy an unsigned application to a signed module?

I also tried to deploy an application which was signed with another key to the module and it also worked?

Further question: is it possible to “unsign” a module or an application?


#4

I forgot how this is done on mfdeploy (see docs), been a while but, internally in the device, there has to be a key stored in the device somehow, the public key. Once this happens, the device will still accept any file but at the end it will try to check the signature, if it doesn’t match then the device will delete the loaded file.

Maybe you are signing the file but there is another step to load the key onto the device.