For Secure Boot v2 case, unsigned image is first padded to next 64K
aligned boundary and then a signature block of 4K gets appended. Thus
an app partition whose size is 4K aligned should be allowed here.
For Secure Boot v1 case, app partition size must be 64K aligned as the
signature block lies at the very end of 64K boundary.
Relevant:
57b601ab7f
Fixes the issue that signed partition table was not generated when
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES was on, because
partition_table_bin depended on unsigned_partition_bin twice.
Regression from acb7a211.
Also use final_partition_bin variable in esptool_py_flash_target_image
arguments, to avoid issues in the future if final_partition_bin is
changed.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.
Closes: TW26335