2016-11-01 19:41:58 -04:00
|
|
|
COMPONENT_ADD_INCLUDEDIRS := include
|
|
|
|
|
|
|
|
ifdef IS_BOOTLOADER_BUILD
|
2018-07-02 22:18:20 -04:00
|
|
|
# share "include_bootloader" headers with bootloader main component
|
|
|
|
COMPONENT_ADD_INCLUDEDIRS += include_bootloader
|
|
|
|
else
|
|
|
|
COMPONENT_PRIV_INCLUDEDIRS := include_bootloader
|
2016-11-01 19:41:58 -04:00
|
|
|
endif
|
|
|
|
|
2021-04-10 08:45:25 -04:00
|
|
|
COMPONENT_SRCDIRS := src \
|
|
|
|
src/secure_boot_v2 \
|
|
|
|
src/secure_boot_v1
|
2016-11-01 19:41:58 -04:00
|
|
|
|
2019-04-16 05:01:31 -04:00
|
|
|
ifndef IS_BOOTLOADER_BUILD
|
|
|
|
COMPONENT_SRCDIRS += src/idf # idf sub-directory contains platform agnostic IDF versions
|
|
|
|
else
|
|
|
|
COMPONENT_SRCDIRS += src/$(IDF_TARGET) # one sub-dir per chip
|
|
|
|
endif
|
|
|
|
|
2018-09-30 00:27:06 -04:00
|
|
|
ifndef IS_BOOTLOADER_BUILD
|
2020-07-08 04:42:50 -04:00
|
|
|
COMPONENT_OBJEXCLUDE := src/bootloader_init.o \
|
|
|
|
src/bootloader_panic.o \
|
|
|
|
src/bootloader_clock_loader.o \
|
|
|
|
src/bootloader_console.o \
|
|
|
|
src/bootloader_console_loader.o
|
2018-09-30 00:27:06 -04:00
|
|
|
endif
|
|
|
|
|
2020-01-16 22:47:08 -05:00
|
|
|
COMPONENT_OBJEXCLUDE += src/bootloader_flash_config_esp32s2.o \
|
2020-10-13 20:47:07 -04:00
|
|
|
src/bootloader_flash_config_esp32s3.o \
|
2020-12-01 08:34:53 -05:00
|
|
|
src/bootloader_flash_config_esp32c3.o \
|
2020-10-13 20:47:07 -04:00
|
|
|
src/bootloader_efuse_esp32s2.o \
|
|
|
|
src/bootloader_efuse_esp32s3.o \
|
2020-12-01 08:34:53 -05:00
|
|
|
src/bootloader_efuse_esp32c3.o \
|
2020-10-13 20:47:07 -04:00
|
|
|
src/bootloader_random_esp32s2.o \
|
2020-12-01 08:34:53 -05:00
|
|
|
src/bootloader_random_esp32s3.o \
|
|
|
|
src/bootloader_random_esp32c3.o
|
2019-08-09 01:26:49 -04:00
|
|
|
|
2021-04-10 08:45:25 -04:00
|
|
|
ifdef IS_BOOTLOADER_BUILD
|
|
|
|
ifndef CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v1/secure_boot_signatures_bootloader.o
|
|
|
|
endif
|
2021-03-05 09:22:29 -05:00
|
|
|
|
2021-04-10 08:45:25 -04:00
|
|
|
ifndef CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v2/secure_boot_signatures_bootloader.o
|
|
|
|
endif
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v1/secure_boot_signatures_app.o \
|
|
|
|
src/secure_boot_v2/secure_boot_signatures_app.o
|
|
|
|
else
|
|
|
|
ifndef CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v1/secure_boot_signatures_app.o
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifndef CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v2/secure_boot_signatures_app.o
|
|
|
|
endif
|
|
|
|
COMPONENT_OBJEXCLUDE += src/secure_boot_v1/secure_boot_signatures_bootloader.o \
|
|
|
|
src/secure_boot_v2/secure_boot_signatures_bootloader.o
|
|
|
|
endif # IS_BOOTLOADER_BUILD
|
2020-02-24 14:51:41 -05:00
|
|
|
|
|
|
|
ifndef CONFIG_SECURE_BOOT
|
|
|
|
COMPONENT_OBJEXCLUDE += src/$(IDF_TARGET)/secure_boot.o
|
|
|
|
endif
|
|
|
|
|
2016-11-03 02:33:30 -04:00
|
|
|
#
|
|
|
|
# Secure boot signing key support
|
|
|
|
#
|
2018-07-19 01:15:37 -04:00
|
|
|
ifdef CONFIG_SECURE_SIGNED_APPS
|
2016-11-03 02:33:30 -04:00
|
|
|
|
2020-02-24 14:51:41 -05:00
|
|
|
ifdef CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
|
2016-11-04 01:05:00 -04:00
|
|
|
# this path is created relative to the component build directory
|
2016-11-03 02:33:30 -04:00
|
|
|
SECURE_BOOT_VERIFICATION_KEY := $(abspath signature_verification_key.bin)
|
|
|
|
|
2016-12-18 21:06:21 -05:00
|
|
|
ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
|
|
|
|
# verification key derived from signing key.
|
|
|
|
$(SECURE_BOOT_VERIFICATION_KEY): $(SECURE_BOOT_SIGNING_KEY) $(SDKCONFIG_MAKEFILE)
|
2016-11-03 02:33:30 -04:00
|
|
|
$(ESPSECUREPY) extract_public_key --keyfile $< $@
|
2016-12-18 21:06:21 -05:00
|
|
|
else
|
|
|
|
# find the configured public key file
|
|
|
|
ORIG_SECURE_BOOT_VERIFICATION_KEY := $(call resolvepath,$(call dequote,$(CONFIG_SECURE_BOOT_VERIFICATION_KEY)),$(PROJECT_PATH))
|
|
|
|
|
|
|
|
$(ORIG_SECURE_BOOT_VERIFICATION_KEY):
|
|
|
|
@echo "Secure boot verification public key '$@' missing."
|
|
|
|
@echo "This can be extracted from the private signing key, see"
|
2020-02-24 14:51:41 -05:00
|
|
|
@echo "docs/security/secure-boot-v1.rst for details."
|
2016-12-18 21:06:21 -05:00
|
|
|
exit 1
|
|
|
|
|
|
|
|
# copy it into the build dir, so the secure boot verification key has
|
|
|
|
# a predictable file name
|
|
|
|
$(SECURE_BOOT_VERIFICATION_KEY): $(ORIG_SECURE_BOOT_VERIFICATION_KEY) $(SDKCONFIG_MAKEFILE)
|
|
|
|
$(summary) CP $< $@
|
|
|
|
cp $< $@
|
2019-05-27 02:29:43 -04:00
|
|
|
endif #CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
|
2016-11-04 01:05:00 -04:00
|
|
|
|
|
|
|
COMPONENT_EXTRA_CLEAN += $(SECURE_BOOT_VERIFICATION_KEY)
|
|
|
|
|
|
|
|
COMPONENT_EMBED_FILES := $(SECURE_BOOT_VERIFICATION_KEY)
|
|
|
|
|
2020-02-24 14:51:41 -05:00
|
|
|
endif #CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
|
2019-05-27 02:29:43 -04:00
|
|
|
endif #CONFIG_SECURE_SIGNED_APPS
|