:orphan:

.. title:: CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE

.. kconfig:: CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE

CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE
##################################

*Path to the mcuboot encryption key file*

Type: ``string``

Help
====

.. code-block:: none

    The file contains the public key that is used to encrypt the
    ephemeral key that encrypts the image. The corresponding
    private key is hard coded in the MCUboot source code and is
    used to decrypt the ephemeral key that is embedded in the
    image. The file is in PEM format.

    If set to a non-empty value, the build system tries to
    sign and encrypt the final binaries using a 'west sign -t imgtool'
    command. The binaries are placed in the build directory at
    zephyr/zephyr.signed.encrypted.bin and
    zephyr/zephyr.signed.encrypted.hex.

    The file names can be customized with CONFIG_KERNEL_BIN_NAME.
    The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
    and CONFIG_BUILD_OUTPUT_HEX.

    This option should either be an absolute path or a path relative to
    the west workspace topdir.
    Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'

    If left empty, you must encrypt the Zephyr binaries manually.

Direct dependencies
===================

\ :kconfig:`MCUBOOT_SIGNATURE_KEY_FILE <CONFIG_MCUBOOT_SIGNATURE_KEY_FILE>` != "" && \ :kconfig:`BOOTLOADER_MCUBOOT <CONFIG_BOOTLOADER_MCUBOOT>`

*(Includes any dependencies from ifs and menus.)*

Default
=======

- ""

Kconfig definition
==================



At ``Kconfig.zephyr:591``

Included via ``Kconfig:8``

Menu path: (Top) → Boot Options → MCUboot bootloader support

.. code-block:: kconfig

    config MCUBOOT_ENCRYPTION_KEY_FILE
    	string "Path to the mcuboot encryption key file"
    	default ""
    	depends on MCUBOOT_SIGNATURE_KEY_FILE != "" && BOOTLOADER_MCUBOOT
    	help
    	  The file contains the public key that is used to encrypt the
    	  ephemeral key that encrypts the image. The corresponding
    	  private key is hard coded in the MCUboot source code and is
    	  used to decrypt the ephemeral key that is embedded in the
    	  image. The file is in PEM format.
	  
    	  If set to a non-empty value, the build system tries to
    	  sign and encrypt the final binaries using a 'west sign -t imgtool'
    	  command. The binaries are placed in the build directory at
    	  zephyr/zephyr.signed.encrypted.bin and
    	  zephyr/zephyr.signed.encrypted.hex.
	  
    	  The file names can be customized with CONFIG_KERNEL_BIN_NAME.
    	  The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
    	  and CONFIG_BUILD_OUTPUT_HEX.
	  
    	  This option should either be an absolute path or a path relative to
    	  the west workspace topdir.
    	  Example: './bootloader/mcuboot/enc-rsa2048-pub.pem'
	  
    	  If left empty, you must encrypt the Zephyr binaries manually.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*