From ecbf28e252a997f40273e6f1578c883715d8374b Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Thu, 24 Nov 2022 18:19:50 +0530 Subject: [PATCH] esptool_py: Added a sector-pad option for bootloader image When SECURE BOOT V2 is enabled and CONFIG_SECURE_BOOT_SIGNED_BINARIES is not set, sector-pad the bootloader image, which is required for an external PKCS#11 interface to generate a signature. esptool_py: Update submodule to release/v3 (4bc311767b7c6df41def6f95a50f87b1c9406cbd) --- components/esptool_py/esptool | 2 +- components/esptool_py/project_include.cmake | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/components/esptool_py/esptool b/components/esptool_py/esptool index 7d10144efd..4bc311767b 160000 --- a/components/esptool_py/esptool +++ b/components/esptool_py/esptool @@ -1 +1 @@ -Subproject commit 7d10144efdb14eb339a9e7ab59694f03d70e0eb9 +Subproject commit 4bc311767b7c6df41def6f95a50f87b1c9406cbd diff --git a/components/esptool_py/project_include.cmake b/components/esptool_py/project_include.cmake index ae37888280..0d666a22ba 100644 --- a/components/esptool_py/project_include.cmake +++ b/components/esptool_py/project_include.cmake @@ -37,6 +37,17 @@ set(ESPTOOLPY_FLASH_OPTIONS --flash_size ${ESPFLASHSIZE} ) +if(BOOTLOADER_BUILD AND CONFIG_SECURE_BOOT_V2_ENABLED) + # The bootloader binary needs to be 4KB aligned in order to append a secure boot V2 signature block. + # If CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES is NOT set, the bootloader + # image generated is not 4KB aligned for external HSM to sign it readily. + # Following esptool option --pad-to-size 4KB generates a 4K aligned bootloader image. + # In case of signing during build, espsecure.py "sign_data" operation handles the 4K alignment of the image. + if(NOT CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES) + list(APPEND esptool_elf2image_args --pad-to-size 4KB) + endif() +endif() + if(NOT BOOTLOADER_BUILD) set(esptool_elf2image_args --elf-sha256-offset 0xb0) endif()