2020-06-24 01:52:50 -04:00
|
|
|
set(BOOTLOADER_OFFSET ${CONFIG_BOOTLOADER_OFFSET_IN_FLASH})
|
2019-05-09 22:53:08 -04:00
|
|
|
|
2019-05-10 03:25:25 -04:00
|
|
|
# Do not generate flash file when building bootloader
|
2019-07-22 10:04:03 -04:00
|
|
|
if(BOOTLOADER_BUILD OR NOT CONFIG_APP_BUILD_BOOTLOADER)
|
2019-05-10 03:25:25 -04:00
|
|
|
return()
|
2018-10-19 15:02:55 -04:00
|
|
|
endif()
|
|
|
|
|
2018-01-11 21:49:13 -05:00
|
|
|
# Glue to build the bootloader subproject binary as an external
|
|
|
|
# cmake project under this one
|
|
|
|
#
|
|
|
|
#
|
2019-05-09 22:53:08 -04:00
|
|
|
idf_build_get_property(build_dir BUILD_DIR)
|
|
|
|
set(BOOTLOADER_BUILD_DIR "${build_dir}/bootloader")
|
2022-08-20 05:36:14 -04:00
|
|
|
set(BOOTLOADER_ELF_FILE "${BOOTLOADER_BUILD_DIR}/bootloader.elf")
|
2018-01-16 00:50:15 -05:00
|
|
|
set(bootloader_binary_files
|
2022-08-20 05:36:14 -04:00
|
|
|
"${BOOTLOADER_ELF_FILE}"
|
2019-01-21 22:45:45 -05:00
|
|
|
"${BOOTLOADER_BUILD_DIR}/bootloader.bin"
|
|
|
|
"${BOOTLOADER_BUILD_DIR}/bootloader.map"
|
2018-02-26 23:45:30 -05:00
|
|
|
)
|
2018-01-16 00:50:15 -05:00
|
|
|
|
2019-05-10 03:25:25 -04:00
|
|
|
idf_build_get_property(project_dir PROJECT_DIR)
|
|
|
|
|
2020-02-24 14:51:41 -05:00
|
|
|
# There are some additional processing when CONFIG_SECURE_SIGNED_APPS. This happens
|
|
|
|
# when either CONFIG_SECURE_BOOT_V1_ENABLED or CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES.
|
2019-05-10 03:25:25 -04:00
|
|
|
# For both cases, the user either sets binaries to be signed during build or not
|
|
|
|
# using CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES.
|
|
|
|
#
|
|
|
|
# Regardless, pass the main project's keys (signing/verification) to the bootloader subproject
|
|
|
|
# via config.
|
|
|
|
if(CONFIG_SECURE_SIGNED_APPS)
|
|
|
|
add_custom_target(gen_secure_boot_keys)
|
|
|
|
|
2020-02-24 14:51:41 -05:00
|
|
|
if(CONFIG_SECURE_BOOT_V1_ENABLED)
|
2019-05-10 03:25:25 -04:00
|
|
|
# Check that the configuration is sane
|
|
|
|
if((CONFIG_SECURE_BOOTLOADER_REFLASHABLE AND CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH) OR
|
|
|
|
(NOT CONFIG_SECURE_BOOTLOADER_REFLASHABLE AND NOT CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH))
|
|
|
|
fail_at_build_time(bootloader "Invalid bootloader target: bad sdkconfig?")
|
|
|
|
endif()
|
|
|
|
|
|
|
|
if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
|
|
|
|
set(bootloader_binary_files
|
|
|
|
${bootloader_binary_files}
|
|
|
|
"${BOOTLOADER_BUILD_DIR}/bootloader-reflash-digest.bin"
|
|
|
|
"${BOOTLOADER_BUILD_DIR}/secure-bootloader-key-192.bin"
|
|
|
|
"${BOOTLOADER_BUILD_DIR}/secure-bootloader-key-256.bin"
|
|
|
|
)
|
|
|
|
endif()
|
|
|
|
endif()
|
|
|
|
|
|
|
|
# Since keys are usually given relative to main project dir, get the absolute paths to the keys
|
|
|
|
# for use by the bootloader subproject. Replace the values in config with these absolute paths,
|
|
|
|
# so that bootloader subproject does not need to assume main project dir to obtain path to the keys.
|
|
|
|
if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
|
|
|
|
get_filename_component(secure_boot_signing_key
|
|
|
|
"${CONFIG_SECURE_BOOT_SIGNING_KEY}"
|
|
|
|
ABSOLUTE BASE_DIR "${project_dir}")
|
|
|
|
|
|
|
|
if(NOT EXISTS ${secure_boot_signing_key})
|
|
|
|
# If the signing key is not found, create a phony gen_secure_boot_signing_key target that
|
|
|
|
# fails the build. fail_at_build_time causes a cmake run next time
|
|
|
|
# (to pick up a new signing key if one exists, etc.)
|
2022-03-10 00:23:15 -05:00
|
|
|
if(CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME)
|
|
|
|
fail_at_build_time(gen_secure_boot_signing_key
|
|
|
|
"Secure Boot Signing Key ${CONFIG_SECURE_BOOT_SIGNING_KEY} does not exist. Generate using:"
|
2024-04-22 03:26:43 -04:00
|
|
|
"\tidf.py secure-generate-signing-key ${CONFIG_SECURE_BOOT_SIGNING_KEY}")
|
2022-03-10 00:23:15 -05:00
|
|
|
else()
|
|
|
|
if(CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_192_BITS)
|
|
|
|
set(scheme "ecdsa192")
|
|
|
|
elseif(CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_256_BITS)
|
|
|
|
set(scheme "ecdsa256")
|
|
|
|
endif()
|
|
|
|
fail_at_build_time(gen_secure_boot_signing_key
|
|
|
|
"Secure Boot Signing Key ${CONFIG_SECURE_BOOT_SIGNING_KEY} does not exist. Generate using:"
|
2024-04-22 03:26:43 -04:00
|
|
|
"\tidf.py secure-generate-signing-key --scheme ${scheme} ${CONFIG_SECURE_BOOT_SIGNING_KEY}")
|
2022-03-10 00:23:15 -05:00
|
|
|
endif()
|
2019-05-10 03:25:25 -04:00
|
|
|
else()
|
|
|
|
add_custom_target(gen_secure_boot_signing_key)
|
|
|
|
endif()
|
|
|
|
|
|
|
|
set(SECURE_BOOT_SIGNING_KEY ${secure_boot_signing_key}) # needed by some other components
|
|
|
|
set(sign_key_arg "-DSECURE_BOOT_SIGNING_KEY=${secure_boot_signing_key}")
|
2019-11-07 23:50:28 -05:00
|
|
|
set(ver_key_arg)
|
2019-05-10 03:25:25 -04:00
|
|
|
|
|
|
|
add_dependencies(gen_secure_boot_keys gen_secure_boot_signing_key)
|
2020-02-24 14:51:41 -05:00
|
|
|
elseif(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
|
2019-05-10 03:25:25 -04:00
|
|
|
|
|
|
|
get_filename_component(secure_boot_verification_key
|
|
|
|
${CONFIG_SECURE_BOOT_VERIFICATION_KEY}
|
|
|
|
ABSOLUTE BASE_DIR "${project_dir}")
|
|
|
|
|
|
|
|
if(NOT EXISTS ${secure_boot_verification_key})
|
|
|
|
# If the verification key is not found, create a phony gen_secure_boot_verification_key target that
|
|
|
|
# fails the build. fail_at_build_time causes a cmake run next time
|
|
|
|
# (to pick up a new verification key if one exists, etc.)
|
|
|
|
fail_at_build_time(gen_secure_boot_verification_key
|
|
|
|
"Secure Boot Verification Public Key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY} does not exist."
|
|
|
|
"\tThis can be extracted from the private signing key."
|
2020-02-24 14:51:41 -05:00
|
|
|
"\tSee docs/security/secure-boot-v1.rst for details.")
|
2019-05-10 03:25:25 -04:00
|
|
|
else()
|
|
|
|
add_custom_target(gen_secure_boot_verification_key)
|
|
|
|
endif()
|
|
|
|
|
2019-11-07 23:50:28 -05:00
|
|
|
set(sign_key_arg)
|
2019-05-10 03:25:25 -04:00
|
|
|
set(ver_key_arg "-DSECURE_BOOT_VERIFICATION_KEY=${secure_boot_verification_key}")
|
|
|
|
|
|
|
|
add_dependencies(gen_secure_boot_keys gen_secure_boot_verification_key)
|
|
|
|
endif()
|
2019-11-07 23:50:28 -05:00
|
|
|
else()
|
|
|
|
set(sign_key_arg)
|
|
|
|
set(ver_key_arg)
|
2018-10-19 15:02:55 -04:00
|
|
|
endif()
|
|
|
|
|
2019-05-10 03:25:25 -04:00
|
|
|
idf_build_get_property(idf_path IDF_PATH)
|
|
|
|
idf_build_get_property(idf_target IDF_TARGET)
|
|
|
|
idf_build_get_property(sdkconfig SDKCONFIG)
|
2019-08-29 04:53:16 -04:00
|
|
|
idf_build_get_property(python PYTHON)
|
2019-10-09 21:46:42 -04:00
|
|
|
idf_build_get_property(extra_cmake_args EXTRA_CMAKE_ARGS)
|
2019-05-10 03:25:25 -04:00
|
|
|
|
2024-04-22 03:26:43 -04:00
|
|
|
# We cannot pass lists are a parameter to the external project without modifying the ';' separator
|
2023-07-14 03:25:02 -04:00
|
|
|
string(REPLACE ";" "|" BOOTLOADER_IGNORE_EXTRA_COMPONENT "${BOOTLOADER_IGNORE_EXTRA_COMPONENT}")
|
|
|
|
|
2019-05-10 03:25:25 -04:00
|
|
|
externalproject_add(bootloader
|
|
|
|
SOURCE_DIR "${CMAKE_CURRENT_LIST_DIR}/subproject"
|
|
|
|
BINARY_DIR "${BOOTLOADER_BUILD_DIR}"
|
2023-07-14 03:25:02 -04:00
|
|
|
# Modiying the list separator for the arguments, as such, we won't need to manually
|
|
|
|
# replace the new separator by the default ';' in the subproject
|
|
|
|
LIST_SEPARATOR |
|
2019-05-10 03:25:25 -04:00
|
|
|
CMAKE_ARGS -DSDKCONFIG=${sdkconfig} -DIDF_PATH=${idf_path} -DIDF_TARGET=${idf_target}
|
2019-08-29 04:53:16 -04:00
|
|
|
-DPYTHON_DEPS_CHECKED=1 -DPYTHON=${python}
|
2019-05-10 03:25:25 -04:00
|
|
|
-DEXTRA_COMPONENT_DIRS=${CMAKE_CURRENT_LIST_DIR}
|
2021-04-14 22:31:33 -04:00
|
|
|
-DPROJECT_SOURCE_DIR=${PROJECT_SOURCE_DIR}
|
2023-07-14 03:25:02 -04:00
|
|
|
-DIGNORE_EXTRA_COMPONENT=${BOOTLOADER_IGNORE_EXTRA_COMPONENT}
|
2019-05-10 03:25:25 -04:00
|
|
|
${sign_key_arg} ${ver_key_arg}
|
2019-11-07 22:56:13 -05:00
|
|
|
${extra_cmake_args}
|
2019-05-10 03:25:25 -04:00
|
|
|
INSTALL_COMMAND ""
|
|
|
|
BUILD_ALWAYS 1 # no easy way around this...
|
|
|
|
BUILD_BYPRODUCTS ${bootloader_binary_files}
|
|
|
|
)
|
|
|
|
|
|
|
|
if(CONFIG_SECURE_SIGNED_APPS)
|
|
|
|
add_dependencies(bootloader gen_secure_boot_keys)
|
2018-10-19 15:02:55 -04:00
|
|
|
endif()
|
2018-01-11 21:49:13 -05:00
|
|
|
|
2018-01-16 00:50:15 -05:00
|
|
|
# this is a hack due to an (annoying) shortcoming in cmake, it can't
|
|
|
|
# extend the 'clean' target to the external project
|
|
|
|
# see thread: https://cmake.org/pipermail/cmake/2016-December/064660.html
|
|
|
|
#
|
|
|
|
# So for now we just have the top-level build remove the final build products...
|
2018-02-26 23:45:30 -05:00
|
|
|
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" APPEND PROPERTY
|
2023-05-08 03:41:30 -04:00
|
|
|
ADDITIONAL_CLEAN_FILES
|
2019-07-22 10:04:03 -04:00
|
|
|
${bootloader_binary_files})
|