esp-idf/components/bootloader/subproject/CMakeLists.txt

cmake_minimum_required(VERSION 3.16)

if(NOT SDKCONFIG)
    message(FATAL_ERROR "Bootloader subproject expects the SDKCONFIG variable to be passed "
        "in by the parent build process.")
endif()

if(NOT IDF_PATH)
    message(FATAL_ERROR "Bootloader subproject expects the IDF_PATH variable to be passed "
        "in by the parent build process.")
endif()

if(NOT IDF_TARGET)
    message(FATAL_ERROR "Bootloader subproject expects the IDF_TARGET variable to be passed "
        "in by the parent build process.")
endif()

# A number of these components are implemented as config-only when built in the bootloader
set(COMPONENTS
    bootloader
    esptool_py
    esp_hw_support
    esp_system
    freertos
    hal
    partition_table
    soc
    bootloader_support
    log
    spi_flash
    micro-ecc
    main
    efuse
    esp_system
    newlib)

# Make EXTRA_COMPONENT_DIRS variable to point to the bootloader_components directory
# of the project being compiled
set(PROJECT_EXTRA_COMPONENTS "${PROJECT_SOURCE_DIR}/bootloader_components")
if(EXISTS ${PROJECT_EXTRA_COMPONENTS})
    list(APPEND EXTRA_COMPONENT_DIRS "${PROJECT_EXTRA_COMPONENTS}")
endif()

# Consider each directory in project's bootloader_components as a component to be compiled
file(GLOB proj_components RELATIVE ${PROJECT_EXTRA_COMPONENTS} ${PROJECT_EXTRA_COMPONENTS}/*)
foreach(component ${proj_components})
  # Only directories are considered as components
  if(IS_DIRECTORY ${curdir}/${child})
    list(APPEND COMPONENTS ${component})
  endif()
endforeach()

set(BOOTLOADER_BUILD 1)
include("${IDF_PATH}/tools/cmake/project.cmake")
set(common_req log esp_rom esp_common esp_hw_support newlib)
idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")
idf_build_set_property(__OUTPUT_SDKCONFIG 0)
project(bootloader)

idf_build_set_property(COMPILE_DEFINITIONS "BOOTLOADER_BUILD=1" APPEND)
idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)

idf_component_get_property(main_args esptool_py FLASH_ARGS)
idf_component_get_property(sub_args esptool_py FLASH_SUB_ARGS)

# String for printing flash command
string(REPLACE ";" " " esptoolpy_write_flash
    "${ESPTOOLPY} --port=(PORT) --baud=(BAUD) ${main_args} "
    "write_flash ${sub_args}")

string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")
string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")

# Suppress warning: "Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY"
set(ignore_signing_key "${SECURE_BOOT_SIGNING_KEY}")

if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)
        set(key_digest_len 192)
    else()
        set(key_digest_len 256)
    endif()

    get_filename_component(bootloader_digest_bin
        "bootloader-reflash-digest.bin"
        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")

    get_filename_component(secure_bootloader_key
        "secure-bootloader-key-${key_digest_len}.bin"
        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")

    add_custom_command(OUTPUT "${secure_bootloader_key}"
        COMMAND ${ESPSECUREPY} digest_private_key
            --keylen "${key_digest_len}"
            --keyfile "${SECURE_BOOT_SIGNING_KEY}"
            "${secure_bootloader_key}"
        VERBATIM)

    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
        add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")
    else()
        if(NOT EXISTS "${secure_bootloader_key}")
            message(FATAL_ERROR
                "No pre-generated key for a reflashable secure bootloader is available, "
                "due to signing configuration."
                "\nTo generate one, you can use this command:"
                "\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"
                "\nIf a signing key is present, then instead use:"
                "\n\t${espsecurepy} digest_private_key "
                "--keylen (192/256) --keyfile KEYFILE "
                "${secure_bootloader_key}")
        endif()
        add_custom_target(gen_secure_bootloader_key)
    endif()

    add_custom_command(OUTPUT "${bootloader_digest_bin}"
        COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
        COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
        -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
        MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"
        DEPENDS gen_secure_bootloader_key gen_project_binary
        VERBATIM)

    add_custom_target(gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
endif()

if(CONFIG_SECURE_BOOT_V2_ENABLED)
    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
        get_filename_component(secure_boot_signing_key
            "${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")

        if(NOT EXISTS "${secure_boot_signing_key}")
        message(FATAL_ERROR
            "Secure Boot Signing Key Not found."
            "\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."
            "\nTo generate one, you can use this command:"
            "\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")
        endif()

        set(bootloader_unsigned_bin "bootloader-unsigned.bin")
        add_custom_command(OUTPUT ".signed_bin_timestamp"
            COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
            "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"
            -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"
            "from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
            > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
            DEPENDS "${build_dir}/.bin_timestamp"
            VERBATIM
            COMMENT "Generated the signed Bootloader")
    else()
        add_custom_command(OUTPUT ".signed_bin_timestamp"
        VERBATIM
        COMMENT "Bootloader generated but not signed")
    endif()

    add_custom_target(gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
endif()

if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
    add_custom_command(TARGET bootloader.elf POST_BUILD
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
        COMMAND ${CMAKE_COMMAND} -E echo
            "One-time flash command is:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
        COMMAND ${CMAKE_COMMAND} -E echo
            "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
        VERBATIM)
elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    add_custom_command(TARGET bootloader.elf POST_BUILD
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "Bootloader built and secure digest generated."
        COMMAND ${CMAKE_COMMAND} -E echo
            "Secure boot enabled, so bootloader not flashed automatically."
        COMMAND ${CMAKE_COMMAND} -E echo
            "Burn secure boot key to efuse using:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"
        COMMAND ${CMAKE_COMMAND} -E echo
            "First time flash command is:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "To reflash the bootloader after initial flash:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "* After first boot, only re-flashes of this kind (with same key) will be accepted."
        COMMAND ${CMAKE_COMMAND} -E echo
            "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
        DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin
        VERBATIM)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND (CONFIG_IDF_TARGET_ESP32S2 OR CONFIG_IDF_TARGET_ESP32C3))
    add_custom_command(TARGET bootloader.elf POST_BUILD
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    COMMAND ${CMAKE_COMMAND} -E echo
        "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "To sign the bootloader with additional private keys."
    COMMAND ${CMAKE_COMMAND} -E echo
        "\t${espsecurepy} sign_data -k secure_boot_signing_key2.pem -v 2 \
--append_signatures -o signed_bootloader.bin build/bootloader/bootloader.bin"
    COMMAND ${CMAKE_COMMAND} -E echo
        "Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    DEPENDS gen_signed_bootloader
    VERBATIM)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED)
    add_custom_command(TARGET bootloader.elf POST_BUILD
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    COMMAND ${CMAKE_COMMAND} -E echo
        "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    DEPENDS gen_signed_bootloader
    VERBATIM)
endif()
tools: Increase the minimal supported CMake version to 3.16 This updates the minimal supported version of CMake to 3.16, which in turn enables us to use more CMake features and have a cleaner build system. This is the version that provides most new features and also the one we use in our latest docker image for CI. 2022-05-27 04:10:51 -04:00			`cmake_minimum_required(VERSION 3.16)`
build system: Initial cmake support, work in progress 2018-01-11 21:49:13 -05:00
cmake: Add partition table, and .bin file targets 2018-01-18 23:47:49 -05:00			`if(NOT SDKCONFIG)`
cmake: Use cmake_lint project, tidy up all CMake source files 2018-02-26 23:45:30 -05:00			`message(FATAL_ERROR "Bootloader subproject expects the SDKCONFIG variable to be passed "`
			`"in by the parent build process.")`
cmake: Add partition table, and .bin file targets 2018-01-18 23:47:49 -05:00			`endif()`
build system: Initial cmake support, work in progress 2018-01-11 21:49:13 -05:00
cmake: Fix issues when IDF_PATH is not set in environment Support cases where IDF_PATH may be passed in on the cmake command line, or inferred from a (hardcoded absolute or relative) path to project.cmake 2018-06-15 00:59:45 -04:00			`if(NOT IDF_PATH)`
			`message(FATAL_ERROR "Bootloader subproject expects the IDF_PATH variable to be passed "`
			`"in by the parent build process.")`
			`endif()`

pass IDF_TARGET variable to bootloader build process 2019-05-09 02:19:02 -04:00			`if(NOT IDF_TARGET)`
			`message(FATAL_ERROR "Bootloader subproject expects the IDF_TARGET variable to be passed "`
			`"in by the parent build process.")`
			`endif()`

Allow selection of different core for main task Closes https://github.com/espressif/esp-idf/pull/6627 2021-02-27 14:13:01 -05:00			`# A number of these components are implemented as config-only when built in the bootloader`
cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`set(COMPONENTS`
			`bootloader`
			`esptool_py`
			`esp_hw_support`
esp_common: move some headers 2021-01-25 23:54:26 -05:00			`esp_system`
Allow selection of different core for main task Closes https://github.com/espressif/esp-idf/pull/6627 2021-02-27 14:13:01 -05:00			`freertos`
cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`hal`
			`partition_table`
			`soc`
			`bootloader_support`
			`log`
			`spi_flash`
			`micro-ecc`
			`main`
bootloader: fix external 32k xtal not found error 2020-11-06 05:39:16 -05:00			`efuse`
bootloader: Allow 'silent assert' config to work in bootloader Requires adding the 'newlib' component to the bootloader project, for platform_include header. 2021-02-17 18:05:42 -05:00			`esp_system`
			`newlib)`
bootloader: override the 2nd stage bootloader Add the possibility to have user bootloader components. This is performed from an application/project, by creating bootloader components. To do so, it is required to create a `bootloader_component` directory containing the custom modules to be compiled with the bootloader. Thanks to this, two solutions are available to override the bootloader now: - Using hooks within a user bootloader component - Using a user defined `main` bootloader component to totally override the old implementation Please check the two new examples in `examples/custom_bootloader` * Closes https://github.com/espressif/esp-idf/issues/7043 2021-04-14 22:31:33 -04:00
			`# Make EXTRA_COMPONENT_DIRS variable to point to the bootloader_components directory`
			`# of the project being compiled`
			`set(PROJECT_EXTRA_COMPONENTS "${PROJECT_SOURCE_DIR}/bootloader_components")`
bootloader: don't add nonexistent directories to EXTRA_COMPONENT_DIRS 2021-10-07 10:54:34 -04:00			`if(EXISTS ${PROJECT_EXTRA_COMPONENTS})`
			`list(APPEND EXTRA_COMPONENT_DIRS "${PROJECT_EXTRA_COMPONENTS}")`
			`endif()`
bootloader: override the 2nd stage bootloader Add the possibility to have user bootloader components. This is performed from an application/project, by creating bootloader components. To do so, it is required to create a `bootloader_component` directory containing the custom modules to be compiled with the bootloader. Thanks to this, two solutions are available to override the bootloader now: - Using hooks within a user bootloader component - Using a user defined `main` bootloader component to totally override the old implementation Please check the two new examples in `examples/custom_bootloader` * Closes https://github.com/espressif/esp-idf/issues/7043 2021-04-14 22:31:33 -04:00
			`# Consider each directory in project's bootloader_components as a component to be compiled`
			`file(GLOB proj_components RELATIVE ${PROJECT_EXTRA_COMPONENTS} ${PROJECT_EXTRA_COMPONENTS}/*)`
			`foreach(component ${proj_components})`
			`# Only directories are considered as components`
			`if(IS_DIRECTORY ${curdir}/${child})`
			`list(APPEND COMPONENTS ${component})`
			`endif()`
			`endforeach()`

build system: Initial cmake support, work in progress 2018-01-11 21:49:13 -05:00			`set(BOOTLOADER_BUILD 1)`
components: update with build system changes 2019-05-09 22:53:08 -04:00			`include("${IDF_PATH}/tools/cmake/project.cmake")`
soc: don't expose unstable soc header files in public api 2022-01-05 03:17:12 -05:00			`set(common_req log esp_rom esp_common esp_hw_support newlib)`
components: update with build system changes 2019-05-09 22:53:08 -04:00			`idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")`
			`idf_build_set_property(__OUTPUT_SDKCONFIG 0)`
cmake: Allow selecting toolchain file based on config Refactor IDF "project" functionality under a wrapping of the default "project" command, so we can tweak it a bit... Will need more testing in other environments. 2018-02-14 22:38:58 -05:00			`project(bootloader)`
build system: Initial cmake support, work in progress 2018-01-11 21:49:13 -05:00
cmake: remove -D prefix from COMPILE_DEFINITIONS property Unlike COMPILE_OPTIONS, COMPILE_DEFINITIONS CMake property assumes values without the -D prefix, such as NAME or NAME=VAL. Previously, IDF build system was passing COMPILE_DEFINITIONS build property to CMake COMPILE_OPTIONS property, so -D prefix was not a problem. Now that COMPILE_DEFINITIONS CMake property is used, -D prefix has to be removed. (Note that this doesn't affect 'target_compile_definitions' function, which strips -D prefix before adding the definition to the property.) 2022-08-28 15:20:48 -04:00			`idf_build_set_property(COMPILE_DEFINITIONS "BOOTLOADER_BUILD=1" APPEND)`
components: update with build system changes 2019-05-09 22:53:08 -04:00			`idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00
esptool_py: create flash target functions 2019-12-19 20:55:02 -05:00			`idf_component_get_property(main_args esptool_py FLASH_ARGS)`
			`idf_component_get_property(sub_args esptool_py FLASH_SUB_ARGS)`

			`# String for printing flash command`
			`string(REPLACE ";" " " esptoolpy_write_flash`
			`"${ESPTOOLPY} --port=(PORT) --baud=(BAUD) ${main_args} "`
			`"write_flash ${sub_args}")`

CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")`
			`string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")`

bootloader: Suppress a Cmake warning - variables were not used by the project Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY 2021-04-10 14:36:25 -04:00			`# Suppress warning: "Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY"`
			`set(ignore_signing_key "${SECURE_BOOT_SIGNING_KEY}")`

CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)`
			`if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)`
			`set(key_digest_len 192)`
			`else()`
			`set(key_digest_len 256)`
			`endif()`

			`get_filename_component(bootloader_digest_bin`
			`"bootloader-reflash-digest.bin"`
			`ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")`

			`get_filename_component(secure_bootloader_key`
			`"secure-bootloader-key-${key_digest_len}.bin"`
			`ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")`

			`add_custom_command(OUTPUT "${secure_bootloader_key}"`
			`COMMAND ${ESPSECUREPY} digest_private_key`
			`--keylen "${key_digest_len}"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 03:25:25 -04:00			`--keyfile "${SECURE_BOOT_SIGNING_KEY}"`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`"${secure_bootloader_key}"`
			`VERBATIM)`

			`if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)`
			`add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")`
			`else()`
			`if(NOT EXISTS "${secure_bootloader_key}")`
			`message(FATAL_ERROR`
			`"No pre-generated key for a reflashable secure bootloader is available, "`
			`"due to signing configuration."`
			`"\nTo generate one, you can use this command:"`
			`"\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"`
			`"\nIf a signing key is present, then instead use:"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 03:25:25 -04:00			`"\n\t${espsecurepy} digest_private_key "`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`"--keylen (192/256) --keyfile KEYFILE "`
			`"${secure_bootloader_key}")`
			`endif()`
			`add_custom_target(gen_secure_bootloader_key)`
			`endif()`

			`add_custom_command(OUTPUT "${bootloader_digest_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"`
			`COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"`
secure boot: In Reflashable mode, make sure the bootloader digest updates ... whenever the bootloader.bin is updated 2019-10-28 21:50:41 -04:00			`-o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"`
secure boot: Fix bootloader build system target for bootloader digest Closes https://github.com/espressif/esp-idf/issues/4513 2019-12-19 23:09:15 -05:00			`MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 03:25:25 -04:00			`DEPENDS gen_secure_bootloader_key gen_project_binary`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`VERBATIM)`

cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`add_custom_target(gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`endif()`

feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`if(CONFIG_SECURE_BOOT_V2_ENABLED)`
			`if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)`
Secure boot v2 support for ESP32-S2 2020-03-03 13:58:18 -05:00			`get_filename_component(secure_boot_signing_key`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`"${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")`

			`if(NOT EXISTS "${secure_boot_signing_key}")`
Secure boot v2 support for ESP32-S2 2020-03-03 13:58:18 -05:00			`message(FATAL_ERROR`
			`"Secure Boot Signing Key Not found."`
			`"\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."`
			`"\nTo generate one, you can use this command:"`
			`"\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`endif()`

			`set(bootloader_unsigned_bin "bootloader-unsigned.bin")`
			`add_custom_command(OUTPUT ".signed_bin_timestamp"`
cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"`
			`"${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"`
			`-o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"`
			`"from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"`
			`> "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`DEPENDS "${build_dir}/.bin_timestamp"`
			`VERBATIM`
			`COMMENT "Generated the signed Bootloader")`
			`else()`
			`add_custom_command(OUTPUT ".signed_bin_timestamp"`
			`VERBATIM`
Secure boot v2 support for ESP32-S2 2020-03-03 13:58:18 -05:00			`COMMENT "Bootloader generated but not signed")`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`endif()`

cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`add_custom_target(gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`endif()`

CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 03:25:25 -04:00			`add_custom_command(TARGET bootloader.elf POST_BUILD`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built. Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"One-time flash command is:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"`
			`VERBATIM)`
			`elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 03:25:25 -04:00			`add_custom_command(TARGET bootloader.elf POST_BUILD`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built and secure digest generated."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Burn secure boot key to efuse using:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
bootloader: Secure_boot name replaced by secure_boot_v1 & secure_boot_v2 - espefuse.py burn_key secure_boot is no longer used. - Secure boot V1: espefuse.py burn_key secure_boot_v1 file.bin - Secure boot V2: espefuse.py burn_key secure_boot_v2 file.bin 2020-10-15 04:48:23 -04:00			`"\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"First time flash command is:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"To reflash the bootloader after initial flash:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* After first boot, only re-flashes of this kind (with same key) will be accepted."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* Not recommended to re-use the same secure boot keyfile on multiple production devices."`
			`DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin`
			`VERBATIM)`
bootloader/esp32c3: Adds secure boot (not yet supported) 2020-12-28 08:53:02 -05:00			`elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND (CONFIG_IDF_TARGET_ESP32S2 OR CONFIG_IDF_TARGET_ESP32C3))`
Secure boot v2 support for ESP32-S2 2020-03-03 13:58:18 -05:00			`add_custom_command(TARGET bootloader.elf POST_BUILD`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built. Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"To sign the bootloader with additional private keys."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
cmake: Apply cmakelint fixes 2020-11-10 01:51:08 -05:00			`"\t${espsecurepy} sign_data -k secure_boot_signing_key2.pem -v 2 \`
			`--append_signatures -o signed_bootloader.bin build/bootloader/bootloader.bin"`
Secure boot v2 support for ESP32-S2 2020-03-03 13:58:18 -05:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`DEPENDS gen_signed_bootloader`
			`VERBATIM)`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 14:51:41 -05:00			`elseif(CONFIG_SECURE_BOOT_V2_ENABLED)`
			`add_custom_command(TARGET bootloader.elf POST_BUILD`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built. Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`DEPENDS gen_signed_bootloader`
			`VERBATIM)`
CMake : Secure Boot support added 2018-10-19 15:02:55 -04:00			`endif()`