2016-08-17 11:08:22 -04:00
|
|
|
#
|
|
|
|
# Bootloader component
|
|
|
|
#
|
|
|
|
# The bootloader is not a real component that gets linked into the project.
|
|
|
|
# Instead it is an entire standalone project ( in src/) that gets built in
|
|
|
|
# the upper projects build directory. This Makefile.projbuild provides the
|
|
|
|
# glue to build the bootloader project from the original project. It
|
|
|
|
# basically runs Make in the src/ directory but it needs to zero some variables
|
2016-08-19 02:30:39 -04:00
|
|
|
# the ESP-IDF project.mk makefile exports first, to not let them interfere.
|
2016-08-17 11:08:22 -04:00
|
|
|
#
|
2016-10-21 02:44:34 -04:00
|
|
|
ifndef IS_BOOTLOADER_BUILD
|
2016-08-17 11:08:22 -04:00
|
|
|
|
|
|
|
BOOTLOADER_COMPONENT_PATH := $(COMPONENT_PATH)
|
2016-10-06 03:05:51 -04:00
|
|
|
BOOTLOADER_BUILD_DIR=$(abspath $(BUILD_DIR_BASE)/bootloader)
|
2016-08-18 00:36:15 -04:00
|
|
|
BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin
|
2016-08-17 11:08:22 -04:00
|
|
|
|
2016-11-04 01:05:00 -04:00
|
|
|
# signing key path is resolved relative to the project directory
|
2016-11-03 02:33:30 -04:00
|
|
|
SECURE_BOOT_SIGNING_KEY=$(abspath $(call dequote,$(CONFIG_SECURE_BOOT_SIGNING_KEY)))
|
|
|
|
export SECURE_BOOT_SIGNING_KEY # used by bootloader_support component
|
2016-10-31 19:50:16 -04:00
|
|
|
|
2016-10-04 00:03:48 -04:00
|
|
|
# Custom recursive make for bootloader sub-project
|
2016-10-06 03:29:34 -04:00
|
|
|
BOOTLOADER_MAKE=+$(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/src \
|
2016-11-13 22:48:10 -05:00
|
|
|
V=$(V) BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR)
|
2016-10-04 00:03:48 -04:00
|
|
|
|
2016-08-24 00:26:13 -04:00
|
|
|
.PHONY: bootloader-clean bootloader-flash bootloader $(BOOTLOADER_BIN)
|
2016-08-17 11:08:22 -04:00
|
|
|
|
2016-11-09 21:20:55 -05:00
|
|
|
$(BOOTLOADER_BIN): $(SDKCONFIG_MAKEFILE)
|
2016-11-10 20:29:38 -05:00
|
|
|
$(BOOTLOADER_MAKE) $@
|
2016-08-17 11:08:22 -04:00
|
|
|
|
2016-08-18 05:11:27 -04:00
|
|
|
clean: bootloader-clean
|
|
|
|
|
2016-10-31 19:50:16 -04:00
|
|
|
ifdef CONFIG_SECURE_BOOTLOADER_DISABLED
|
|
|
|
# If secure boot disabled, bootloader flashing is integrated
|
|
|
|
# with 'make flash' and no warnings are printed.
|
|
|
|
|
2016-08-18 00:36:15 -04:00
|
|
|
bootloader: $(BOOTLOADER_BIN)
|
2016-11-10 22:44:10 -05:00
|
|
|
@echo $(SEPARATOR)
|
2016-08-18 04:59:38 -04:00
|
|
|
@echo "Bootloader built. Default flash command is:"
|
2016-11-07 20:00:38 -05:00
|
|
|
@echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^"
|
2016-08-17 11:08:22 -04:00
|
|
|
|
2016-08-18 05:11:27 -04:00
|
|
|
ESPTOOL_ALL_FLASH_ARGS += 0x1000 $(BOOTLOADER_BIN)
|
|
|
|
|
2016-08-17 11:08:22 -04:00
|
|
|
bootloader-flash: $(BOOTLOADER_BIN)
|
2016-11-07 20:00:38 -05:00
|
|
|
$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
|
2016-10-04 00:03:48 -04:00
|
|
|
|
2016-10-31 19:50:16 -04:00
|
|
|
else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
|
2016-11-10 23:40:58 -05:00
|
|
|
|
|
|
|
#### TEMPORARILY DISABLE THIS OPTION
|
|
|
|
ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
|
|
|
|
bootloader:
|
|
|
|
@echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device"
|
|
|
|
@echo "If you flash this bootloader, you will be left with an non-updateable bootloader that is missing features."
|
|
|
|
@echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
|
|
|
|
exit 1
|
|
|
|
else
|
|
|
|
|
2016-10-31 19:50:16 -04:00
|
|
|
# One time flashing requires user to run esptool.py command themselves,
|
|
|
|
# and warning is printed about inability to reflash.
|
|
|
|
|
|
|
|
bootloader: $(BOOTLOADER_BIN)
|
|
|
|
@echo $(SEPARATOR)
|
|
|
|
@echo "Bootloader built. One-time flash command is:"
|
|
|
|
@echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $(BOOTLOADER_BIN)"
|
|
|
|
@echo $(SEPARATOR)
|
|
|
|
@echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
|
|
|
|
|
2016-11-10 23:40:58 -05:00
|
|
|
endif # IDF_INSECURE_SECURE_BOOT
|
2016-10-31 19:50:16 -04:00
|
|
|
else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
|
2016-11-03 02:33:30 -04:00
|
|
|
# Reflashable secure bootloader
|
|
|
|
# generates a digest binary (bootloader + digest)
|
2016-10-31 19:50:16 -04:00
|
|
|
|
2016-11-10 23:40:58 -05:00
|
|
|
#### TEMPORARILY DISABLE THIS OPTION
|
|
|
|
ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
|
|
|
|
bootloader:
|
|
|
|
@echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device."
|
|
|
|
@echo "If using this feature, expect to reflash the bootloader at least one more time."
|
|
|
|
@echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
|
|
|
|
exit 1
|
|
|
|
else
|
|
|
|
|
2016-11-04 01:05:00 -04:00
|
|
|
BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
|
|
|
|
SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
|
|
|
|
|
|
|
|
$(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY)
|
|
|
|
$(Q) $(ESPSECUREPY) digest_private_key -k $< $@
|
2016-10-31 19:50:16 -04:00
|
|
|
|
|
|
|
bootloader: $(BOOTLOADER_DIGEST_BIN)
|
|
|
|
@echo $(SEPARATOR)
|
|
|
|
@echo "Bootloader built and secure digest generated. First time flash command is:"
|
2016-11-03 02:33:30 -04:00
|
|
|
@echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
|
2016-10-31 19:50:16 -04:00
|
|
|
@echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $(BOOTLOADER_BIN)"
|
|
|
|
@echo $(SEPARATOR)
|
|
|
|
@echo "To reflash the bootloader after initial flash:"
|
|
|
|
@echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
|
|
|
|
@echo $(SEPARATOR)
|
|
|
|
@echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
|
2016-11-01 02:41:27 -04:00
|
|
|
@echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
|
2016-10-31 19:50:16 -04:00
|
|
|
|
2016-11-03 02:33:30 -04:00
|
|
|
$(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY)
|
|
|
|
@echo "DIGEST $(notdir $@)"
|
|
|
|
$(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
|
2016-10-31 19:50:16 -04:00
|
|
|
|
2016-11-10 23:40:58 -05:00
|
|
|
endif # IDF_INSECURE_SECURE_BOOT
|
2016-10-31 19:50:16 -04:00
|
|
|
else
|
2016-11-01 19:41:58 -04:00
|
|
|
bootloader:
|
|
|
|
@echo "Invalid bootloader target: bad sdkconfig?"
|
|
|
|
@exit 1
|
2016-10-31 19:50:16 -04:00
|
|
|
endif
|
|
|
|
|
|
|
|
all_binaries: $(BOOTLOADER_BIN)
|
|
|
|
|
2016-11-13 22:48:10 -05:00
|
|
|
bootloader-clean:
|
|
|
|
$(BOOTLOADER_MAKE) app-clean
|
|
|
|
rm -f $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)
|
2016-10-04 00:38:20 -04:00
|
|
|
|
|
|
|
$(BOOTLOADER_BUILD_DIR):
|
2016-11-10 20:29:38 -05:00
|
|
|
mkdir -p $@
|
2016-09-12 23:46:51 -04:00
|
|
|
|
2016-09-14 14:37:54 -04:00
|
|
|
else
|
2016-11-08 22:26:50 -05:00
|
|
|
CFLAGS += -D BOOTLOADER_BUILD=1 -I $(IDF_PATH)/components/esp32/include
|
2016-09-14 14:37:54 -04:00
|
|
|
|
2016-09-12 23:46:51 -04:00
|
|
|
endif
|