esp-idf/components/bootloader_support/CMakeLists.txt

idf_build_get_property(target IDF_TARGET)

if(${target} STREQUAL "linux")
    return() # This component is not supported by the POSIX/Linux simulator
endif()

set(srcs
    "src/bootloader_common.c"
    "src/bootloader_common_loader.c"
    "src/bootloader_clock_init.c"
    "src/bootloader_mem.c"
    "src/bootloader_random.c"
    "src/bootloader_efuse.c"
    "src/flash_encrypt.c"
    "src/secure_boot.c"
    )

if(NOT CONFIG_IDF_ENV_FPGA)
    # For FPGA ENV, bootloader_random implementation is implemented in `bootloader_random.c`
    list(APPEND srcs "src/bootloader_random_${IDF_TARGET}.c")
endif()

if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)
    list(APPEND srcs
        "bootloader_flash/src/bootloader_flash.c"
        "bootloader_flash/src/flash_qio_mode.c"
        "bootloader_flash/src/bootloader_flash_config_${IDF_TARGET}.c"
        )
endif()

if(CONFIG_APP_BUILD_TYPE_APP_2NDBOOT)
    list(APPEND srcs
        "src/bootloader_utility.c"
        "src/flash_partitions.c"
        "src/esp_image_format.c"
        )
endif()

if(BOOTLOADER_BUILD OR CONFIG_APP_BUILD_TYPE_RAM)
    set(include_dirs "include" "bootloader_flash/include"
        "private_include")
    set(priv_requires micro-ecc spi_flash efuse esp_bootloader_format esp_app_format)
    list(APPEND srcs
    "src/bootloader_init.c"
    "src/bootloader_clock_loader.c"
    "src/bootloader_console.c"
    "src/bootloader_console_loader.c"
    "src/${IDF_TARGET}/bootloader_sha.c"
    "src/${IDF_TARGET}/bootloader_soc.c"
    "src/${IDF_TARGET}/bootloader_${IDF_TARGET}.c"
    )
    list(APPEND priv_requires hal)
    if(CONFIG_ESP_ROM_REV0_HAS_NO_ECDSA_INTERFACE)
        list(APPEND srcs
            "src/${IDF_TARGET}/bootloader_ecdsa.c")
    endif()
else()
    list(APPEND srcs
        "src/idf/bootloader_sha.c")
    set(include_dirs "include" "bootloader_flash/include")
    set(priv_include_dirs "private_include")
    # heap is required for `heap_memory_layout.h` header
    set(priv_requires spi_flash mbedtls efuse heap esp_bootloader_format esp_app_format)
endif()

if(BOOTLOADER_BUILD)
    list(APPEND srcs "src/bootloader_panic.c")
    if(CONFIG_SECURE_FLASH_ENC_ENABLED)
        list(APPEND srcs "src/flash_encryption/flash_encrypt.c"
                         "src/${IDF_TARGET}/flash_encryption_secure_features.c")
    endif()

    if(CONFIG_SECURE_SIGNED_ON_BOOT)
        if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
            list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_bootloader.c")
        endif()
        if(CONFIG_SECURE_BOOT_V1_ENABLED)
            list(APPEND srcs "src/secure_boot_v1/secure_boot.c"
                             "src/${IDF_TARGET}/secure_boot_secure_features.c")
        endif()

        if(CONFIG_SECURE_BOOT_V2_ENABLED)
            list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_bootloader.c"
                             "src/secure_boot_v2/secure_boot.c"
                             "src/${IDF_TARGET}/secure_boot_secure_features.c")
        endif()
    endif()
else()
    if(CONFIG_SECURE_SIGNED_ON_UPDATE)
        if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
            list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_app.c")
        endif()

        if(CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME)
            list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_app.c")
            list(APPEND srcs "src/secure_boot_v2/secure_boot_rsa_signature.c")
        endif()
        if(CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)
            list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_app.c")
            list(APPEND srcs "src/secure_boot_v2/secure_boot_ecdsa_signature.c")
        endif()
    endif()
endif()

set(requires soc) #unfortunately the header directly uses SOC registers

idf_component_register(SRCS "${srcs}"
                    INCLUDE_DIRS "${include_dirs}"
                    PRIV_INCLUDE_DIRS "${priv_include_dirs}"
                    REQUIRES "${requires}"
                    PRIV_REQUIRES "${priv_requires}")

if(NOT BOOTLOADER_BUILD)
    if(CONFIG_SECURE_SIGNED_ON_UPDATE)
        if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME OR CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME OR
           CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)
            target_link_libraries(${COMPONENT_LIB} PRIVATE idf::app_update)
        endif()
    endif()
endif()

if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME))
    if(BOOTLOADER_BUILD)
        # Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed
        # in the library.
        if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
            # We generate the key from the signing key. The signing key is passed from the main project.
            get_filename_component(secure_boot_signing_key
                "${SECURE_BOOT_SIGNING_KEY}"
                ABSOLUTE BASE_DIR "${project_dir}")
            get_filename_component(secure_boot_verification_key
                "signature_verification_key.bin"
                ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
            add_custom_command(OUTPUT "${secure_boot_verification_key}"
                COMMAND ${ESPSECUREPY}
                extract_public_key --keyfile "${secure_boot_signing_key}"
                "${secure_boot_verification_key}"
                DEPENDS ${secure_boot_signing_key}
                VERBATIM)
        else()
            # We expect to 'inherit' the verification key passed from main project.
            get_filename_component(secure_boot_verification_key
                ${SECURE_BOOT_VERIFICATION_KEY}
                ABSOLUTE BASE_DIR "${project_dir}")
        endif()
    else()  # normal app build
        idf_build_get_property(project_dir PROJECT_DIR)

        if(CONFIG_SECURE_BOOT_VERIFICATION_KEY)
            # verification-only build supplies verification key
            set(secure_boot_verification_key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY})
            get_filename_component(secure_boot_verification_key
                ${secure_boot_verification_key}
                ABSOLUTE BASE_DIR "${project_dir}")
        else()
            # sign at build time, extracts key from signing key
            set(secure_boot_verification_key "${CMAKE_BINARY_DIR}/signature_verification_key.bin")
            get_filename_component(secure_boot_signing_key
                ${CONFIG_SECURE_BOOT_SIGNING_KEY}
                ABSOLUTE BASE_DIR "${project_dir}")

            add_custom_command(OUTPUT "${secure_boot_verification_key}"
                COMMAND ${ESPSECUREPY}
                extract_public_key --keyfile "${secure_boot_signing_key}"
                "${secure_boot_verification_key}"
                WORKING_DIRECTORY ${project_dir}
                DEPENDS ${secure_boot_signing_key}
                VERBATIM)
        endif()
    endif()

    # Embed the verification key in the binary (app & bootloader)
    #
    target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY"
        RENAME_TO signature_verification_key_bin)
    set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
        APPEND PROPERTY ADDITIONAL_CLEAN_FILES
        "${secure_boot_verification_key}")
endif()

if(BOOTLOADER_BUILD)
    target_link_libraries(${COMPONENT_LIB} INTERFACE "-u abort")
    # esp_bootloader_desc structure is added as an undefined symbol because otherwise the
    # linker will ignore this structure as it has no other files depending on it.
    target_link_libraries(${COMPONENT_LIB} INTERFACE "-u esp_bootloader_desc")
endif()
refactor(linux): excluded all non-Linux components from build * All components which won't build (yet) on Linux are excluded. This enables switching to Linux in an application without explicitly setting COMPONENTS to main in the main CMakeLists.txt. * ESP Timer provides headers for Linux now * automatically disabling LWIP in Kconfig if it is not available doc(linux): brought section "Component Linux/Mock Support Overview" up to date 2023-08-28 14:02:08 +08:00			`idf_build_get_property(target IDF_TARGET)`

			`if(${target} STREQUAL "linux")`
			`return() # This component is not supported by the POSIX/Linux simulator`
			`endif()`

support for esp32s2beta 2019-08-18 13:31:09 +08:00			`set(srcs`
cmake: some formatting fixes Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-06-21 14:29:32 +08:00			`"src/bootloader_common.c"`
bootloader: fix section placement issues found by the check script Summary of changes: - bootloader_clock split into _clock_init and _clock_loader. Only esp_clk_apb_freq is in *_clock_loader. - bootloader_common moved out of loader; functions needed in loader (or, referenced from bootloader_utility) were moved into bootloader_common_loader.c. - assert and abort moved into bootloader_panic, made part of the loader - rtc_clk and rtc_time made part of loader 2020-07-08 10:42:50 +02:00			`"src/bootloader_common_loader.c"`
			`"src/bootloader_clock_init.c"`
bootloader_support: mem-related initializations using cpu abstractions 2020-02-03 18:12:32 +08:00			`"src/bootloader_mem.c"`
cmake: some formatting fixes Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-06-21 14:29:32 +08:00			`"src/bootloader_random.c"`
feature: add ram loadable app support 2023-01-30 18:03:41 +08:00			`"src/bootloader_efuse.c"`
bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example flash_enctryption: enabled flash encryption example on esp32s2 bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2 flash_encryption: added secure boot features to flash enctryption for esp32s2 bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig. flash_encryption: removed secure boot version 1 from esp32s2 encryption code flash_encryption: added CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2 flash_encryption: fixed the count of left plaintext flash flash_encryption: disable dcache and icache download when using encryption in release mode flash_encryption: add cache potentally insecure options for s2 chips flash_encryption: fixed bug which bricked some chips in relase mode 2020-03-11 14:48:56 -03:00			`"src/flash_encrypt.c"`
secure_boot: Checks secure boot efuses ESP32 V1 and V2 - protection bits. ESP32xx V2: revoke bits, protection bits - refactor efuse component - adds some APIs for esp32 chips as well as for esp32xx chips 2021-01-26 04:27:03 +08:00			`"src/secure_boot.c"`
Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00			`)`
build system: Initial cmake support, work in progress 2018-01-12 13:49:13 +11:00
fix(rng): only build bootloader_random apis once 2023-10-19 15:57:36 +08:00			`if(NOT CONFIG_IDF_ENV_FPGA)`
			# For FPGA ENV, bootloader_random implementation is implemented in `bootloader_random.c`
			`list(APPEND srcs "src/bootloader_random_${IDF_TARGET}.c")`
			`endif()`

feature: add ram loadable app support 2023-01-30 18:03:41 +08:00			`if(NOT CONFIG_APP_BUILD_TYPE_PURE_RAM_APP)`
			`list(APPEND srcs`
			`"bootloader_flash/src/bootloader_flash.c"`
			`"bootloader_flash/src/flash_qio_mode.c"`
			`"bootloader_flash/src/bootloader_flash_config_${IDF_TARGET}.c"`
			`)`
			`endif()`

			`if(CONFIG_APP_BUILD_TYPE_APP_2NDBOOT)`
			`list(APPEND srcs`
			`"src/bootloader_utility.c"`
			`"src/flash_partitions.c"`
			`"src/esp_image_format.c"`
			`)`
			`endif()`

			`if(BOOTLOADER_BUILD OR CONFIG_APP_BUILD_TYPE_RAM)`
bootloader: move bootloader flash support to isolate folders 2021-11-08 15:10:13 +08:00			`set(include_dirs "include" "bootloader_flash/include"`
refactor (bootloader_support): include_bootloader/ -> private_include/ 2022-06-13 14:08:36 +08:00			`"private_include")`
esp_bootloader_format: Adds bootloader description structure to read bootloader version from app Closes https://github.com/espressif/esp-idf/issues/8800 Closes https://github.com/espressif/esp-idf/issues/9132 2022-12-14 01:16:56 +08:00			`set(priv_requires micro-ecc spi_flash efuse esp_bootloader_format esp_app_format)`
Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00			`list(APPEND srcs`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`"src/bootloader_init.c"`
bootloader: fix section placement issues found by the check script Summary of changes: - bootloader_clock split into _clock_init and _clock_loader. Only esp_clk_apb_freq is in *_clock_loader. - bootloader_common moved out of loader; functions needed in loader (or, referenced from bootloader_utility) were moved into bootloader_common_loader.c. - assert and abort moved into bootloader_panic, made part of the loader - rtc_clk and rtc_time made part of loader 2020-07-08 10:42:50 +02:00			`"src/bootloader_clock_loader.c"`
bootloader: combine console code for ESP32 and S2, add USB support 2020-04-30 15:30:15 +02:00			`"src/bootloader_console.c"`
			`"src/bootloader_console_loader.c"`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`"src/${IDF_TARGET}/bootloader_sha.c"`
bootloader: Enable clock glitch detection Reset the device when clock glitch detected. Clock glitch detection is only active in bootloader 2021-08-27 09:37:52 +05:30			`"src/${IDF_TARGET}/bootloader_soc.c"`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`"src/${IDF_TARGET}/bootloader_${IDF_TARGET}.c"`
			`)`
hal: extract hal component from soc component 2020-08-08 20:15:27 +08:00			`list(APPEND priv_requires hal)`
esp32c6: Enable ECDSA based secure boot - Updated documentation for C6 2023-01-09 22:32:19 +05:30			`if(CONFIG_ESP_ROM_REV0_HAS_NO_ECDSA_INTERFACE)`
			`list(APPEND srcs`
			`"src/${IDF_TARGET}/bootloader_ecdsa.c")`
			`endif()`
build system: Initial cmake support, work in progress 2018-01-12 13:49:13 +11:00			`else()`
Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00			`list(APPEND srcs`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`"src/idf/bootloader_sha.c")`
bootloader: move bootloader flash support to isolate folders 2021-11-08 15:10:13 +08:00			`set(include_dirs "include" "bootloader_flash/include")`
refactor (bootloader_support): include_bootloader/ -> private_include/ 2022-06-13 14:08:36 +08:00			`set(priv_include_dirs "private_include")`
G0: Memory layouts are now part of heap components 2021-06-18 14:51:11 +08:00			# heap is required for `heap_memory_layout.h` header
esp_bootloader_format: Adds bootloader description structure to read bootloader version from app Closes https://github.com/espressif/esp-idf/issues/8800 Closes https://github.com/espressif/esp-idf/issues/9132 2022-12-14 01:16:56 +08:00			`set(priv_requires spi_flash mbedtls efuse heap esp_bootloader_format esp_app_format)`
build system: Initial cmake support, work in progress 2018-01-12 13:49:13 +11:00			`endif()`

secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) - ESP32 ECO3, ESP32-S2/C3/S3 2021-03-05 22:22:29 +08:00			`if(BOOTLOADER_BUILD)`
feature: add ram loadable app support 2023-01-30 18:03:41 +08:00			`list(APPEND srcs "src/bootloader_panic.c")`
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() These functions were used only for esp32 in secure_boot and flash encryption. Use idf efuse APIs instead of efuse regs. 2021-06-17 07:21:36 +08:00			`if(CONFIG_SECURE_FLASH_ENC_ENABLED)`
			`list(APPEND srcs "src/flash_encryption/flash_encrypt.c"`
			`"src/${IDF_TARGET}/flash_encryption_secure_features.c")`
			`endif()`

secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) - ESP32 ECO3, ESP32-S2/C3/S3 2021-03-05 22:22:29 +08:00			`if(CONFIG_SECURE_SIGNED_ON_BOOT)`
			`if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)`
			`list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_bootloader.c")`
			`endif()`
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() These functions were used only for esp32 in secure_boot and flash encryption. Use idf efuse APIs instead of efuse regs. 2021-06-17 07:21:36 +08:00			`if(CONFIG_SECURE_BOOT_V1_ENABLED)`
			`list(APPEND srcs "src/secure_boot_v1/secure_boot.c"`
			`"src/${IDF_TARGET}/secure_boot_secure_features.c")`
			`endif()`
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) - ESP32 ECO3, ESP32-S2/C3/S3 2021-03-05 22:22:29 +08:00
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() These functions were used only for esp32 in secure_boot and flash encryption. Use idf efuse APIs instead of efuse regs. 2021-06-17 07:21:36 +08:00			`if(CONFIG_SECURE_BOOT_V2_ENABLED)`
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-03-10 10:53:15 +05:30			`list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_bootloader.c"`
			`"src/secure_boot_v2/secure_boot.c"`
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() These functions were used only for esp32 in secure_boot and flash encryption. Use idf efuse APIs instead of efuse regs. 2021-06-17 07:21:36 +08:00			`"src/${IDF_TARGET}/secure_boot_secure_features.c")`
			`endif()`
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) - ESP32 ECO3, ESP32-S2/C3/S3 2021-03-05 22:22:29 +08:00			`endif()`
			`else()`
			`if(CONFIG_SECURE_SIGNED_ON_UPDATE)`
			`if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)`
			`list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_app.c")`
			`endif()`

			`if(CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME)`
			`list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_app.c")`
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-03-10 10:53:15 +05:30			`list(APPEND srcs "src/secure_boot_v2/secure_boot_rsa_signature.c")`
			`endif()`
			`if(CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)`
			`list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_app.c")`
			`list(APPEND srcs "src/secure_boot_v2/secure_boot_ecdsa_signature.c")`
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) - ESP32 ECO3, ESP32-S2/C3/S3 2021-03-05 22:22:29 +08:00			`endif()`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`endif()`
			`endif()`

Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00			`set(requires soc) #unfortunately the header directly uses SOC registers`
CMake : Secure Boot support added 2018-10-20 00:32:55 +05:30
components: use new component registration api 2019-04-28 15:38:23 +08:00			`idf_component_register(SRCS "${srcs}"`
			`INCLUDE_DIRS "${include_dirs}"`
			`PRIV_INCLUDE_DIRS "${priv_include_dirs}"`
			`REQUIRES "${requires}"`
bootloader_support: move embedding key after component registration Bootloader build requires verification key to be embedded in the binary. Under specific configs, this key is generated during build time from the signing key. Move the key generation to after the component registration, since non scriptable commands are used in the process (during early expansion) 2019-05-09 10:25:08 +08:00			`PRIV_REQUIRES "${priv_requires}")`

esp_app_format: Fixed build errors and resolved dependencies 2022-07-29 16:07:04 +05:30			`if(NOT BOOTLOADER_BUILD)`
			`if(CONFIG_SECURE_SIGNED_ON_UPDATE)`
			`if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME OR CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME OR`
			`CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)`
			`target_link_libraries(${COMPONENT_LIB} PRIVATE idf::app_update)`
			`endif()`
			`endif()`
			`endif()`

feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:21:41 +05:30			`if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME))`
secure boot: Fix bug where verification key was not embedded in app 2019-10-29 12:46:09 +11:00			`if(BOOTLOADER_BUILD)`
			`# Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed`
			`# in the library.`
			`if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)`
			`# We generate the key from the signing key. The signing key is passed from the main project.`
			`get_filename_component(secure_boot_signing_key`
			`"${SECURE_BOOT_SIGNING_KEY}"`
			`ABSOLUTE BASE_DIR "${project_dir}")`
			`get_filename_component(secure_boot_verification_key`
			`"signature_verification_key.bin"`
			`ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")`
			`add_custom_command(OUTPUT "${secure_boot_verification_key}"`
			`COMMAND ${ESPSECUREPY}`
bootloader_support: move embedding key after component registration Bootloader build requires verification key to be embedded in the binary. Under specific configs, this key is generated during build time from the signing key. Move the key generation to after the component registration, since non scriptable commands are used in the process (during early expansion) 2019-05-09 10:25:08 +08:00			`extract_public_key --keyfile "${secure_boot_signing_key}"`
			`"${secure_boot_verification_key}"`
secure boot: Fix bug where verification key was not embedded in app 2019-10-29 12:46:09 +11:00			`DEPENDS ${secure_boot_signing_key}`
			`VERBATIM)`
			`else()`
			`# We expect to 'inherit' the verification key passed from main project.`
			`get_filename_component(secure_boot_verification_key`
			`${SECURE_BOOT_VERIFICATION_KEY}`
			`ABSOLUTE BASE_DIR "${project_dir}")`
			`endif()`
			`else() # normal app build`
			`idf_build_get_property(project_dir PROJECT_DIR)`

			`if(CONFIG_SECURE_BOOT_VERIFICATION_KEY)`
			`# verification-only build supplies verification key`
			`set(secure_boot_verification_key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY})`
			`get_filename_component(secure_boot_verification_key`
			`${secure_boot_verification_key}`
			`ABSOLUTE BASE_DIR "${project_dir}")`
			`else()`
			`# sign at build time, extracts key from signing key`
			`set(secure_boot_verification_key "${CMAKE_BINARY_DIR}/signature_verification_key.bin")`
			`get_filename_component(secure_boot_signing_key`
			`${CONFIG_SECURE_BOOT_SIGNING_KEY}`
			`ABSOLUTE BASE_DIR "${project_dir}")`

			`add_custom_command(OUTPUT "${secure_boot_verification_key}"`
			`COMMAND ${ESPSECUREPY}`
			`extract_public_key --keyfile "${secure_boot_signing_key}"`
			`"${secure_boot_verification_key}"`
			`WORKING_DIRECTORY ${project_dir}`
			`DEPENDS ${secure_boot_signing_key}`
			`VERBATIM)`
			`endif()`
CMake : Secure Boot support added 2018-10-20 00:32:55 +05:30			`endif()`
build system: Initial cmake support, work in progress 2018-01-12 13:49:13 +11:00
secure boot: Fix bug where verification key was not embedded in app 2019-10-29 12:46:09 +11:00			`# Embed the verification key in the binary (app & bootloader)`
			`#`
			`target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY"`
			`RENAME_TO signature_verification_key_bin)`
bootloader_support: move embedding key after component registration Bootloader build requires verification key to be embedded in the binary. Under specific configs, this key is generated during build time from the signing key. Move the key generation to after the component registration, since non scriptable commands are used in the process (during early expansion) 2019-05-09 10:25:08 +08:00			`set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"`
build-system: replace ADDITIONAL_MAKE_CLEAN_FILES with ADDITIONAL_CLEAN_FILES ADDITIONAL_MAKE_CLEAN_FILES is deprecated and only worked with make. Replaced with the new ADDITIONAL_CLEAN_FILES (CMake 3.15) which also works with ninja. 2023-05-08 15:41:30 +08:00			`APPEND PROPERTY ADDITIONAL_CLEAN_FILES`
bootloader_support: move embedding key after component registration Bootloader build requires verification key to be embedded in the binary. Under specific configs, this key is generated during build time from the signing key. Move the key generation to after the component registration, since non scriptable commands are used in the process (during early expansion) 2019-05-09 10:25:08 +08:00			`"${secure_boot_verification_key}")`
			`endif()`
bootloader: fix section placement issues found by the check script Summary of changes: - bootloader_clock split into _clock_init and _clock_loader. Only esp_clk_apb_freq is in *_clock_loader. - bootloader_common moved out of loader; functions needed in loader (or, referenced from bootloader_utility) were moved into bootloader_common_loader.c. - assert and abort moved into bootloader_panic, made part of the loader - rtc_clk and rtc_time made part of loader 2020-07-08 10:42:50 +02:00
			`if(BOOTLOADER_BUILD)`
			`target_link_libraries(${COMPONENT_LIB} INTERFACE "-u abort")`
esp_bootloader_format: Adds bootloader description structure to read bootloader version from app Closes https://github.com/espressif/esp-idf/issues/8800 Closes https://github.com/espressif/esp-idf/issues/9132 2022-12-14 01:16:56 +08:00			`# esp_bootloader_desc structure is added as an undefined symbol because otherwise the`
			`# linker will ignore this structure as it has no other files depending on it.`
			`target_link_libraries(${COMPONENT_LIB} INTERFACE "-u esp_bootloader_desc")`
bootloader: fix section placement issues found by the check script Summary of changes: - bootloader_clock split into _clock_init and _clock_loader. Only esp_clk_apb_freq is in *_clock_loader. - bootloader_common moved out of loader; functions needed in loader (or, referenced from bootloader_utility) were moved into bootloader_common_loader.c. - assert and abort moved into bootloader_panic, made part of the loader - rtc_clk and rtc_time made part of loader 2020-07-08 10:42:50 +02:00			`endif()`