2023-05-17 08:12:22 +01:00
# Copyright (c) 2020-2023 Nordic Semiconductor ASA
2020-08-18 11:28:04 -07:00
# SPDX-License-Identifier: Apache-2.0
# This file includes extra build system logic that is enabled when
# CONFIG_BOOTLOADER_MCUBOOT=y.
#
# It builds signed binaries using imgtool as a post-processing step
# after zephyr/zephyr.elf is created in the build directory.
#
# Since this file is brought in via include(), we do the work in a
# function to avoid polluting the top-level scope.
2020-08-26 16:26:07 -07:00
function ( zephyr_runner_file type path )
# Property magic which makes west flash choose the signed build
# output of a given type.
set_target_properties ( runners_yaml_props_target PROPERTIES "${type}_file" "${path}" )
endfunction ( )
2020-08-18 11:28:04 -07:00
function ( zephyr_mcuboot_tasks )
set ( keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}" )
2021-08-10 10:59:00 +02:00
set ( keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}" )
2020-08-18 11:28:04 -07:00
2021-08-30 17:14:49 +05:30
if ( NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}" )
# Check for misconfiguration.
if ( "${keyfile}" STREQUAL "" )
# No signature key file, no signed binaries. No error, though:
# this is the documented behavior.
2023-05-17 08:12:22 +01:00
message ( WARNING "Neither CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE or "
" C O N F I G _ M C U B O O T _ S I G N A T U R E _ K E Y _ F I L E a r e s e t , t h e g e n e r a t e d b u i l d w i l l n o t b e "
" b o o t a b l e b y M C U b o o t u n l e s s i t i s s i g n e d m a n u a l l y / e x t e r n a l l y . " )
2021-08-30 17:14:49 +05:30
return ( )
endif ( )
2020-08-18 11:28:04 -07:00
endif ( )
if ( NOT WEST )
# This feature requires west.
message ( FATAL_ERROR "Can't sign images for MCUboot: west not found. To fix, install west and ensure it's on PATH." )
endif ( )
2021-08-10 10:59:00 +02:00
foreach ( file keyfile keyfile_enc )
if ( NOT "${${file}}" STREQUAL "" )
if ( NOT IS_ABSOLUTE "${${file}}" )
# Relative paths are relative to 'west topdir'.
set ( ${ file } "${WEST_TOPDIR}/${${file}}" )
endif ( )
2021-08-30 17:14:49 +05:30
if ( NOT EXISTS "${${file}}" AND NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}" )
2021-08-10 10:59:00 +02:00
message ( FATAL_ERROR "west sign can't find file ${${file}} (Note: Relative paths are relative to the west workspace topdir \" ${ WEST_TOPDIR } \")")
elseif ( NOT ( CONFIG_BUILD_OUTPUT_BIN OR CONFIG_BUILD_OUTPUT_HEX ) )
message ( FATAL_ERROR "Can't sign images for MCUboot: Neither CONFIG_BUILD_OUTPUT_BIN nor CONFIG_BUILD_OUTPUT_HEX is enabled, so there's nothing to sign." )
endif ( )
2020-08-18 11:28:04 -07:00
endif ( )
2021-08-10 10:59:00 +02:00
endforeach ( )
2020-08-18 11:28:04 -07:00
# Find imgtool. Even though west is installed, imgtool might not be.
# The user may also have a custom manifest which doesn't include
# MCUboot.
#
# Therefore, go with an explicitly installed imgtool first, falling
# back on mcuboot/scripts/imgtool.py.
if ( IMGTOOL )
set ( imgtool_path "${IMGTOOL}" )
elseif ( DEFINED ZEPHYR_MCUBOOT_MODULE_DIR )
set ( IMGTOOL_PY "${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py" )
if ( EXISTS "${IMGTOOL_PY}" )
set ( imgtool_path "${IMGTOOL_PY}" )
endif ( )
endif ( )
# No imgtool, no signed binaries.
if ( NOT DEFINED imgtool_path )
message ( FATAL_ERROR "Can't sign images for MCUboot: can't find imgtool. To fix, install imgtool with pip3, or add the mcuboot repository to the west manifest and ensure it has a scripts/imgtool.py file." )
return ( )
endif ( )
2024-09-25 11:06:45 +01:00
# Fetch devicetree details for flash and slot information
dt_chosen ( flash_node PROPERTY "zephyr,flash" )
2024-09-26 08:04:54 +01:00
dt_nodelabel ( slot0_flash NODELABEL "slot0_partition" REQUIRED )
dt_prop ( slot_size PATH "${slot0_flash}" PROPERTY "reg" INDEX 1 REQUIRED )
2024-09-25 11:06:45 +01:00
dt_prop ( write_block_size PATH "${flash_node}" PROPERTY "write-block-size" )
2024-09-26 08:04:54 +01:00
if ( NOT write_block_size )
set ( write_block_size 4 )
message ( WARNING "slot0_partition write block size devicetree parameter is missing, assuming write block size is 4" )
endif ( )
2024-09-25 11:06:45 +01:00
# If single slot mode, or if in firmware updater mode and this is the firmware updater image,
# use slot 0 information
if ( NOT CONFIG_MCUBOOT_BOOTLOADER_MODE_SINGLE_APP AND ( NOT CONFIG_MCUBOOT_BOOTLOADER_MODE_FIRMWARE_UPDATER OR CONFIG_MCUBOOT_APPLICATION_FIRMWARE_UPDATER ) )
# Slot 1 size is used instead of slot 0 size
set ( slot_size )
2024-09-26 08:04:54 +01:00
dt_nodelabel ( slot1_flash NODELABEL "slot1_partition" REQUIRED )
dt_prop ( slot_size PATH "${slot1_flash}" PROPERTY "reg" INDEX 1 REQUIRED )
2024-09-25 11:06:45 +01:00
endif ( )
# Basic 'imgtool sign' command with known image information.
set ( imgtool_sign ${ PYTHON_EXECUTABLE } ${ imgtool_path } sign
- - v e r s i o n $ { C O N F I G _ M C U B O O T _ I M G T O O L _ S I G N _ V E R S I O N } - - h e a d e r - s i z e $ { C O N F I G _ R O M _ S T A R T _ O F F S E T }
- - s l o t - s i z e $ { s l o t _ s i z e } )
2020-08-18 11:28:04 -07:00
# Arguments to imgtool.
if ( NOT CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS STREQUAL "" )
# Separate extra arguments into the proper format for adding to
# extra_post_build_commands.
#
# Use UNIX_COMMAND syntax for uniform results across host
# platforms.
2024-09-25 11:06:45 +01:00
separate_arguments ( imgtool_args UNIX_COMMAND ${ CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS } )
2020-08-18 11:28:04 -07:00
else ( )
2024-09-25 11:06:45 +01:00
set ( imgtool_args )
2020-08-18 11:28:04 -07:00
endif ( )
2021-08-30 17:14:49 +05:30
if ( NOT "${keyfile}" STREQUAL "" )
2024-09-25 11:06:45 +01:00
set ( imgtool_args --key "${keyfile}" ${ imgtool_args } )
2021-08-30 17:14:49 +05:30
endif ( )
2023-11-07 10:46:26 +01:00
if ( CONFIG_MCUBOOT_IMGTOOL_OVERWRITE_ONLY )
2024-07-24 13:21:33 +01:00
# Use overwrite-only instead of swap upgrades.
2024-09-25 11:06:45 +01:00
set ( imgtool_args --overwrite-only --align 1 ${ imgtool_args } )
2024-07-24 13:21:33 +01:00
elseif ( CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD )
# RAM load requires setting the location of where to load the image to
dt_chosen ( chosen_ram PROPERTY "zephyr,sram" )
dt_reg_addr ( chosen_ram_address PATH ${ chosen_ram } )
dt_nodelabel ( slot0_partition NODELABEL "slot0_partition" REQUIRED )
dt_reg_addr ( slot0_partition_address PATH ${ slot0_partition } )
dt_nodelabel ( slot1_partition NODELABEL "slot1_partition" REQUIRED )
dt_reg_addr ( slot1_partition_address PATH ${ slot1_partition } )
set ( imgtool_args --align 1 --load-addr ${ chosen_ram_address } ${ imgtool_args } )
set ( imgtool_args_alt_slot ${ imgtool_args } --hex-addr ${ slot1_partition_address } )
set ( imgtool_args ${ imgtool_args } --hex-addr ${ slot0_partition_address } )
2024-09-25 11:06:45 +01:00
else ( )
set ( imgtool_args --align ${ write_block_size } ${ imgtool_args } )
2023-11-07 10:46:26 +01:00
endif ( )
2020-08-18 11:28:04 -07:00
# Extensionless prefix of any output file.
set ( output ${ ZEPHYR_BINARY_DIR } / ${ KERNEL_NAME } )
# List of additional build byproducts.
set ( byproducts )
# Set up .bin outputs.
if ( CONFIG_BUILD_OUTPUT_BIN )
list ( APPEND byproducts ${ output } .signed.bin )
2020-08-26 16:26:07 -07:00
zephyr_runner_file ( bin ${ output } .signed.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_BIN_NAME "${output}.signed.bin"
C A C H E F I L E P A T H " S i g n e d k e r n e l b i n f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } $ { o u t p u t } . b i n $ { o u t p u t } . s i g n e d . b i n )
2020-08-18 11:28:04 -07:00
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND byproducts ${ output } .signed.confirmed.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_CONFIRMED_BIN_NAME "${output}.signed.confirmed.bin"
C A C H E F I L E P A T H " S i g n e d a n d c o n f i r m e d k e r n e l b i n f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } - - p a d - - c o n f i r m $ { o u t p u t } . b i n
$ { o u t p u t } . s i g n e d . c o n f i r m e d . b i n )
2020-08-18 11:28:04 -07:00
endif ( )
2021-08-10 10:59:00 +02:00
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND byproducts ${ output } .signed.encrypted.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_BIN_NAME "${output}.signed.encrypted.bin"
C A C H E F I L E P A T H " S i g n e d a n d e n c r y p t e d k e r n e l b i n f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } - - e n c r y p t " $ { k e y f i l e _ e n c } " $ { o u t p u t } . b i n
$ { o u t p u t } . s i g n e d . e n c r y p t e d . b i n )
2021-08-10 10:59:00 +02:00
endif ( )
2024-07-24 13:21:33 +01:00
if ( CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD )
list ( APPEND byproducts ${ output } .slot1.signed.encrypted.bin )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } $ { o u t p u t } . b i n
$ { o u t p u t } . s l o t 1 . s i g n e d . b i n )
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND byproducts ${ output } .slot1.signed.confirmed.bin )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } - - p a d - - c o n f i r m $ { o u t p u t } . b i n
$ { o u t p u t } . s l o t 1 . s i g n e d . c o n f i r m e d . b i n )
endif ( )
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND byproducts ${ output } .slot1.signed.encrypted.bin )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } - - e n c r y p t " $ { k e y f i l e _ e n c } "
$ { o u t p u t } . b i n $ { o u t p u t } . s l o t 1 . s i g n e d . e n c r y p t e d . b i n )
endif ( )
endif ( )
2020-08-18 11:28:04 -07:00
endif ( )
# Set up .hex outputs.
if ( CONFIG_BUILD_OUTPUT_HEX )
list ( APPEND byproducts ${ output } .signed.hex )
2020-08-26 16:26:07 -07:00
zephyr_runner_file ( hex ${ output } .signed.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_HEX_NAME "${output}.signed.hex"
C A C H E F I L E P A T H " S i g n e d k e r n e l h e x f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } $ { o u t p u t } . h e x $ { o u t p u t } . s i g n e d . h e x )
2020-08-18 11:28:04 -07:00
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND byproducts ${ output } .signed.confirmed.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_CONFIRMED_HEX_NAME "${output}.signed.confirmed.hex"
C A C H E F I L E P A T H " S i g n e d a n d c o n f i r m e d k e r n e l h e x f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } - - p a d - - c o n f i r m $ { o u t p u t } . h e x
$ { o u t p u t } . s i g n e d . c o n f i r m e d . h e x )
2020-08-18 11:28:04 -07:00
endif ( )
2021-08-10 10:59:00 +02:00
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND byproducts ${ output } .signed.encrypted.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_HEX_NAME "${output}.signed.encrypted.hex"
C A C H E F I L E P A T H " S i g n e d a n d e n c r y p t e d k e r n e l h e x f i l e " F O R C E
)
2024-09-25 11:06:45 +01:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s } - - e n c r y p t " $ { k e y f i l e _ e n c } " $ { o u t p u t } . h e x
$ { o u t p u t } . s i g n e d . e n c r y p t e d . h e x )
2021-08-10 10:59:00 +02:00
endif ( )
2020-08-18 11:28:04 -07:00
2024-07-24 13:21:33 +01:00
if ( CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD )
list ( APPEND byproducts ${ output } .slot1.signed.hex )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } $ { o u t p u t } . h e x
$ { o u t p u t } . s l o t 1 . s i g n e d . h e x )
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND byproducts ${ output } .slot1.signed.confirmed.hex )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } - - p a d - - c o n f i r m $ { o u t p u t } . h e x
$ { o u t p u t } . s l o t 1 . s i g n e d . c o n f i r m e d . h e x )
endif ( )
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND byproducts ${ output } .slot1.signed.encrypted.hex )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { i m g t o o l _ s i g n } $ { i m g t o o l _ a r g s _ a l t _ s l o t } - - e n c r y p t " $ { k e y f i l e _ e n c } "
$ { o u t p u t } . h e x $ { o u t p u t } . s l o t 1 . s i g n e d . e n c r y p t e d . h e x )
endif ( )
endif ( )
endif ( )
2020-08-18 11:28:04 -07:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_byproducts ${ byproducts } )
endfunction ( )
zephyr_mcuboot_tasks ( )
