esptool_py: Added a sector-pad option for bootloader image

When SECURE BOOT V2 is enabled and CONFIG_SECURE_BOOT_SIGNED_BINARIES is not set, sector-pad the bootloader image, which is required for an external PKCS#11 interface to generate a signature. esptool_py: Update submodule to release/v3 (4bc311767b7c6df41def6f95a50f87b1c9406cbd)
2024-10-05 20:47:46 -04:00 · 2022-11-24 18:19:50 +05:30 · 2022-11-24 18:19:50 +05:30 · 4e77c32afc
commit 4e77c32afc
parent ea8de4ddca
2 changed files with 12 additions and 1 deletions
--- a/components/esptool_py/esptool
+++ b/components/esptool_py/esptool
@ -1 +1 @@
-Subproject commit e53efcf84ceb6fac315ccb1348d6950ac33af309
+Subproject commit 4bc311767b7c6df41def6f95a50f87b1c9406cbd
--- a/components/esptool_py/project_include.cmake
+++ b/components/esptool_py/project_include.cmake
@ -25,6 +25,17 @@ set(ESPTOOLPY_FLASH_OPTIONS
    --flash_size ${ESPFLASHSIZE}
    )

+if(BOOTLOADER_BUILD AND CONFIG_SECURE_BOOT_V2_ENABLED)
+    # The bootloader binary needs to be 4KB aligned in order to append a secure boot V2 signature block.
+    # If CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES is NOT set, the bootloader
+    # image generated is not 4KB aligned for external HSM to sign it readily.
+    # Following esptool option --pad-to-size 4KB generates a 4K aligned bootloader image.
+    # In case of signing during build, espsecure.py "sign_data" operation handles the 4K alignment of the image.
+    if(NOT CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+        list(APPEND esptool_elf2image_args --pad-to-size 4KB)
+    endif()
+endif()
+
 if(NOT BOOTLOADER_BUILD)
    set(esptool_elf2image_args --elf-sha256-offset 0xb0)
 endif()