soc: cyw20829: Initial integrate Cypress MCUBoot for 20829

Added custom mcuboot cmake for sign/encrypt by using cysecuretools

Signed-off-by: Sreeram Tatapudi <sreeram.praveen@infineon.com>
Signed-off-by: Nazar Palamar <nazar.palamar@infineon.com>
This commit is contained in:
Sreeram Tatapudi 2025-05-14 14:23:49 -07:00 committed by Benjamin Cabé
commit c4866ec68a
6 changed files with 410 additions and 44 deletions

View file

@ -11,3 +11,6 @@ endchoice
config HEAP_MEM_POOL_ADD_SIZE_BOARD
int
default 10096
config ROM_START_OFFSET
default 0x0 if BOOTLOADER_MCUBOOT

View file

@ -19,7 +19,8 @@
chosen {
zephyr,sram = &sram0;
zephyr,flash = &app_region;
zephyr,flash = &flash0;
zephyr,code-partition = &slot0_partition;
zephyr,console = &uart2;
zephyr,shell-uart = &uart2;
zephyr,bt-hci = &bluetooth;
@ -99,45 +100,48 @@ uart2: &scb2 {
status = "okay";
};
/ {
qspi_flash: qspi_flash@40890000 {
compatible = "infineon,cat1-qspi-flash";
reg = <0x40890000 0x30000>;
&qspi_flash {
flash0: flash@8000000 {
compatible = "soc-nv-flash";
reg = <0x08000000 DT_SIZE_M(1)>;
write-block-size = <1>;
erase-block-size = <DT_SIZE_K(4)>;
#address-cells = <1>;
#size-cells = <1>;
flash0: flash@8000000 {
compatible = "soc-nv-flash";
reg = <0x08000000 DT_SIZE_K(512)>;
write-block-size = <1>;
erase-block-size = <DT_SIZE_K(4)>;
/* Keep bootstrap_region node to know size, finaly it will
* locate on beginning of code-partition. The BootROM copies
* bootstrap application in RAM and launches it.
*/
bootstrap_region: bootstrap_region@0 {
reg = <0 BOOTSTRAP_SIZE>;
};
partitions {
compatible = "fixed-partitions";
#address-cells = <1>;
#size-cells = <1>;
toc2_region: toc2_region@8000000 {
compatible = "zephyr,memory-region", "soc-nv-flash";
zephyr,memory-region = "APP_HEADER_FLASH";
reg = <0x08000000 0x50>;
boot_partition: partition@0 {
label = "mcuboot";
reg = <0x0 0x20000>;
read-only;
};
bootstrap_region: bootstrap_region@8000050 {
compatible = "zephyr,memory-region", "soc-nv-flash";
zephyr,memory-region = "BOOTSTRAP_FLASH";
reg = <0x08000050 DT_SIZE_K(12)>;
slot0_partition: partition@20000 {
label = "image-0";
reg = <0x20000 0x60000>;
};
app_region: app_region@8003050 {
slot1_partition: partition@80000 {
label = "image-1";
reg = <0x80000 0x60000>;
};
storage_partition: storage_partition@E0000 {
compatible = "soc-nv-flash";
reg = <0x08003050 0x6CFB0>; /* 435kb */
};
partitions {
compatible = "fixed-partitions";
#address-cells = <1>;
#size-cells = <1>;
storage_partition: storage_partition@60000 {
compatible = "soc-nv-flash";
reg = <0x60000 DT_SIZE_K(64)>;
};
reg = <0xE0000 DT_SIZE_K(64)>;
};
};
};

View file

@ -3,9 +3,19 @@
Overview
********
The AIROC™ CYW20829 Bluetooth® LE MCU Evaluation Kit (CYW920829M2EVK-02) with its included on-board peripherals enables evaluation, prototyping, and development of a wide array of Bluetooth® Low Energy applications, all on Infineon's low power, high performance AIROC™ CYW20829. The AIROC™ CYW20829's robust RF performance and 10 dBm TX output power without an external power amplifier (PA). This provides enough link budget for the entire spectrum of Bluetooth® LE use cases including industrial IoT applications, smart home, asset tracking, beacons and sensors, and medical devices.
The AIROC™ CYW20829 Bluetooth® LE MCU Evaluation Kit (CYW920829M2EVK-02) with its included on-board
peripherals enables evaluation, prototyping, and development of a wide array of
Bluetooth® Low Energy applications, all on Infineon's low power, high performance AIROC™ CYW20829.
The AIROC™ CYW20829's robust RF performance and 10 dBm TX output power without an external power
amplifier (PA). This provides enough link budget for the entire spectrum of Bluetooth® LE use cases
including industrial IoT applications, smart home, asset tracking, beacons and sensors, and
medical devices.
The system features Dual Arm® Cortex® - M33s for powering the MCU and Bluetooth subsystem with programmable and reconfigurable analog and digital blocks. In addition, on the kit, there is a suite of on-board peripherals including six-axis inertial measurement unit (IMU), thermistor, analog mic, user programmable buttons (2), LEDs (2), and RGB LED. There is also extensive GPIO support with extended headers and Arduino Uno R3 compatibility for third-party shields.
The system features Dual Arm® Cortex® - M33s for powering the MCU and Bluetooth subsystem with
programmable and reconfigurable analog and digital blocks. In addition, on the kit, there is a
suite of on-board peripherals including six-axis inertial measurement unit (IMU), thermistor,
analog mic, user programmable buttons (2), LEDs (2), and RGB LED. There is also extensive GPIO
support with extended headers and Arduino Uno R3 compatibility for third-party shields.
Hardware
********
@ -20,7 +30,8 @@ Kit Features:
- AIROC™ CYW20829 Bluetooth® LE MCU in 56 pin QFN package
- Arduino compatible headers for hardware expansion
- On-board sensors - 6-axis IMU, Thermistor, Infineon analog microphone, and Infineon digital microphone
- On-board sensors - 6-axis IMU, Thermistor, Infineon analog microphone,
and Infineon digital microphone
- User switches, RGB LED and user LEDs
- USB connector for power, programming and USB-UART bridge
@ -71,24 +82,38 @@ Programming and Debugging
.. zephyr:board-supported-runners::
The CYW920829M2EVK-02 includes an onboard programmer/debugger (`KitProg3`_) to provide debugging, flash programming, and serial communication over USB. Flash and debug commands use OpenOCD and require a custom Infineon OpenOCD version, that supports KitProg3, to be installed.
The CYW920829M2EVK-02 includes an onboard programmer/debugger (`KitProg3`_) to provide debugging,
flash programming, and serial communication over USB. Flash and debug commands use OpenOCD and
require a custom Infineon OpenOCD version, that supports KitProg3, to be installed.
The CYW920829M2EVK-02 supports RTT via a SEGGER JLink device, under the target name cyw20829_tm. This can be enabled for an application by building with the rtt-console snippet or setting the following config values: CONFIG_UART_CONSOLE=n, CONFIG_RTT_CONSOLE=y, and CONFIG_USE_SEGGER_RTT=y.
The CYW920829M2EVK-02 supports RTT via a SEGGER JLink device, under the target name cyw20829_tm.
This can be enabled for an application by building with the rtt-console snippet or setting the
following config values: CONFIG_UART_CONSOLE=n, CONFIG_RTT_CONSOLE=y, and CONFIG_USE_SEGGER_RTT=y.
e.g. west build -p always -b cyw920829m2evk_02 samples/basic/blinky -S rtt-console
As an additional note there is currently a discrepancy in RAM address between SEGGER and the CYW920829M2EVK-02 device. So, for RTT control block, do not use "Auto Detection". Instead, set the search range to something reflecting: RAM RangeStart at 0x20000000 and RAM RangeSize of 0x3d000.
As an additional note there is currently a discrepancy in RAM address between SEGGER and the
CYW920829M2EVK-02 device. So, for RTT control block, do not use "Auto Detection". Instead, set
the search range to something reflecting: RAM RangeStart at 0x20000000 and RAM RangeSize of 0x3d000.
Infineon OpenOCD Installation
=============================
Both the full `ModusToolbox`_ and the `ModusToolbox Programming Tools`_ packages include Infineon OpenOCD. Installing either of these packages will also install Infineon OpenOCD. If neither package is installed, a minimal installation can be done by downloading the `Infineon OpenOCD`_ release for your system and manually extract the files to a location of your choice.
Both the full `ModusToolbox`_ and the `ModusToolbox Programming Tools`_ packages include Infineon
OpenOCD. Installing either of these packages will also install Infineon OpenOCD. If neither package
is installed, a minimal installation can be done by downloading the `Infineon OpenOCD`_ release for
your system and manually extract the files to a location of your choice.
.. note:: Linux requires device access rights to be set up for KitProg3. This is handled automatically by the ModusToolbox and ModusToolbox Programming Tools installations. When doing a minimal installation, this can be done manually by executing the script ``openocd/udev_rules/install_rules.sh``.
.. note:: Linux requires device access rights to be set up for KitProg3. This is handled
automatically by the ModusToolbox and ModusToolbox Programming Tools installations.
When doing a minimal installation, this can be done manually by executing the
script ``openocd/udev_rules/install_rules.sh``.
West Commands
=============
The path to the installed Infineon OpenOCD executable must be available to the ``west`` tool commands. There are multiple ways of doing this. The example below uses a permanent CMake argument to set the CMake variable ``OPENOCD``.
The path to the installed Infineon OpenOCD executable must be available to the ``west`` tool
commands. There are multiple ways of doing this. The example below uses a permanent CMake argument
to set the CMake variable ``OPENOCD``.
.. tabs::
.. group-tab:: Windows
@ -117,7 +142,101 @@ The path to the installed Infineon OpenOCD executable must be available to the `
west flash
west debug
Once the gdb console starts after executing the west debug command, you may now set breakpoints and perform other standard GDB debugging on the CYW20829 CM33 core.
Once the gdb console starts after executing the west debug command, you may now set breakpoints and
perform other standard GDB debugging on the CYW20829 CM33 core.
Operate in SECURE Lifecycle Stage
*********************************
The device lifecycle stage (LCS) is a key aspect of the security of the AIROC™
CYW20829 Bluetooth® MCU. The lifecycle stages follow a strict, irreversible progression dictated by
the programming of the eFuse bits (changing the value from "0" to "1"). This system is used to
protect the device's data and code at the level required by the user.
SECURE is the lifecycle stage of a secured device.
Follow the instructions in `AN239590 Provision CYW20829 to SECURE LCS`_ to transition the device
to SECURE LCS. In the SECURE LCS stage, the protection state is set to secure. A secured device
will only boot if the authentication of its flash content is successful.
The following configuration options can be used to build for a device which has been provisioned
to SECURE LCS and configured to use an encrypted flash interface:
- :kconfig:option:`CONFIG_INFINEON_SECURE_LCS`: Enable if the target device is in SECURE LCS
- :kconfig:option:`CONFIG_INFINEON_SECURE_POLICY`: Path to the policy JSON file,
which was created for provisioning the device to SECURE LCS (refer to section 3.2 "Key creation"
of `AN239590 Provision CYW20829 to SECURE LCS`_)
- :kconfig:option:`CONFIG_INFINEON_SMIF_ENCRYPTION`: Enable to use encrypted flash interface when provisioned to
SECURE LCS.
Here is an example for building the :zephyr:code-sample:`blinky` sample application for SECURE LCS.
.. zephyr-app-commands::
:goals: build
:board: cyw920829m2evk_02
:zephyr-app: samples/basic/blinky
:west-args: -p always
:gen-args: -DCONFIG_INFINEON_SECURE_LCS=y -DCONFIG_INFINEON_SECURE_POLICY=\"policy/policy_secure.json\"
Using MCUboot
*************
CYW20829 devices are supported by the Cypress MCU bootloader (MCUBootApp) from the
`Cypress branch of MCUboot`_.
Building Cypress MCU Bootloader MCUBootApp
==========================================
Please refer to the `CYW20829 platform description`_ and follow the instructions to understand the
MCUBootApp building process for normal/secure silicon and its overall usage as a bootloader.
Place keys and policy-related folders in the cypress directory ``mcuboot/boot/cypress/``.
Ensure the default memory map matches the memory map of the Zephyr application (refer to partitions
of flash0 in :zephyr_file:`boards/infineon/cyw920829m2evk_02/cyw920829m2evk_02.dts`).
You can use ``west flash`` to flash MCUBootApp:
.. code-block:: shell
# Flash MCUBootApp.hex
west flash --skip-rebuild --hex-file /path/to/cypress/mcuboot/boot/cypress/MCUBootApp/out/CYW20829/Debug/MCUBootApp.hex
.. note:: ``west flash`` requires an existing Zephyr build directory which can be created by first
building any Zephyr application for the target board.
Build Zephyr application
========================
Here is an example for building and flashing the :zephyr:code-sample:`blinky` sample application
for MCUboot.
.. zephyr-app-commands::
:goals: build flash
:board: cyw920829m2evk_02
:zephyr-app: samples/basic/blinky
:west-args: -p always
:gen-args: -DCONFIG_BOOTLOADER_MCUBOOT=y -DCONFIG_MCUBOOT_SIGNATURE_KEY_FILE=\"/path/to/cypress/mcuboot/boot/cypress/keys/cypress-test-ec-p256.pem\"
If you use :kconfig:option:`CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE` to generate an encrypted image then the final
hex will be ``zephyr.signed.encrypted.hex`` and the corresponding bin file will
be ``zephyr.signed.encrypted.bin``. Use these files for flashing and ota uploading respectively.
For example, to build and flash an encrypted :zephyr:code-sample:`blinky` sample application
image for MCUboot:
.. zephyr-app-commands::
:goals: build flash
:board: cyw920829m2evk_02
:zephyr-app: samples/basic/blinky
:west-args: -p always
:gen-args: -DCONFIG_BOOTLOADER_MCUBOOT=y -DCONFIG_MCUBOOT_SIGNATURE_KEY_FILE=\"/path/to/cypress/mcuboot/boot/cypress/keys/cypress-test-ec-p256.pem\" -DCONFIG_MCUBOOT_ENCRYPTION_KEY_FILE=\"/path/to/cypress/mcuboot/enc-ec256-pub.pem\"
:flash-args: --hex-file build/zephyr/zephyr.signed.encrypted.hex
.. _CYW20829 platform description:
https://github.com/mcu-tools/mcuboot/blob/v1.9.4-cypress/boot/cypress/platforms/CYW20829.md
.. _Cypress branch of MCUboot:
https://github.com/mcu-tools/mcuboot/tree/cypress
.. _AN239590 Provision CYW20829 to SECURE LCS:
https://www.infineon.com/dgdl/Infineon-AN239590_Provision_CYW20829_CYW89829_to_Secure_LCS-ApplicationNotes-v02_00-EN.pdf?fileId=8ac78c8c8d2fe47b018e3677dd517258
.. _CYW20829 SoC Website:
https://www.infineon.com/cms/en/product/wireless-connectivity/airoc-bluetooth-le-bluetooth-multiprotocol/airoc-bluetooth-le/cyw20829/

View file

@ -0,0 +1,15 @@
{
"policy": {
"platform": "cyw20829",
"version": 2.0,
"type": "no_secure"
},
"device_policy":
{
"flow_control":
{
"target_lcs": {
}
}
}
}

View file

@ -76,10 +76,14 @@ _region_min_align = 4;
/* Maximum bootstrap code + data size */
#define BOOTSTRAP_REGION_SIZE DT_REG_SIZE(DT_NODELABEL(bootstrap_region))
#define USER_APP_START_OFFSET (CONFIG_FLASH_LOAD_OFFSET + CONFIG_ROM_START_OFFSET)
#if defined(CONFIG_BOOTLOADER_MCUBOOT)
#define MCUBOOT_HEADER_OFFSET (0x400)
#else
#define MCUBOOT_HEADER_OFFSET (0)
#endif
#define FLASH_START_ADDR_CBUS (CONFIG_CYW20829_FLASH_CBUS_ADDR + USER_APP_START_OFFSET)
#define FLASH_START_ADDR_SAHB (CONFIG_CYW20829_FLASH_SAHB_ADDR + USER_APP_START_OFFSET)
#define FLASH_START_ADDR_CBUS (CONFIG_CYW20829_FLASH_CBUS_ADDR + CONFIG_FLASH_LOAD_OFFSET + MCUBOOT_HEADER_OFFSET)
#define FLASH_START_ADDR_SAHB (CONFIG_CYW20829_FLASH_SAHB_ADDR + CONFIG_FLASH_LOAD_OFFSET + MCUBOOT_HEADER_OFFSET)
#define RAM_START_ADDR_CBUS CONFIG_CYW20829_SRAM_CBUS_ADDR /* 0x04000000 */
#define RAM_START_ADDR_SAHB CONFIG_CYW20829_SRAM_SAHB_ADDR /* 0x20000000 */

View file

@ -0,0 +1,221 @@
# Copyright (c) 2020-2023 Nordic Semiconductor ASA
# Copyright (c) 2024 Cypress Semiconductor Corporation
# SPDX-License-Identifier: Apache-2.0
# This file includes extra build system logic that is enabled when
# CONFIG_BOOTLOADER_MCUBOOT=y.
#
# It builds signed binaries using cysecuretools as a post-processing step
# after zephyr/zephyr.elf is created in the build directory.
function(zephyr_runner_file type path)
# Property magic which makes west flash choose the signed build
# output of a given type.
set_target_properties(runners_yaml_props_target PROPERTIES "${type}_file" "${path}")
endfunction()
function(zephyr_mcuboot_tasks)
# Extensionless prefix of any output file.
set(output ${ZEPHYR_BINARY_DIR}/${KERNEL_NAME})
cmake_path(SET keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}")
cmake_path(SET keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}")
set(encrypted_args)
set(confirmed_args)
# Calculate flash address (SAHB/CBUS)
math(EXPR flash_addr_sahb_offset
"${CONFIG_CYW20829_FLASH_SAHB_ADDR} + ${CONFIG_FLASH_LOAD_OFFSET}"
OUTPUT_FORMAT HEXADECIMAL
)
math(EXPR flash_addr_sbus_offset
"${CONFIG_CYW20829_FLASH_CBUS_ADDR} + ${CONFIG_FLASH_LOAD_OFFSET}"
OUTPUT_FORMAT HEXADECIMAL
)
# Check for misconfiguration.
if((NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}") AND ("${keyfile}" STREQUAL ""))
message(WARNING "Neither CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE nor"
"CONFIG_MCUBOOT_SIGNATURE_KEY_FILE are set, the generated build will not be"
"bootable by MCUboot unless it is signed manually/externally.")
return()
endif()
foreach(file keyfile keyfile_enc)
if(NOT "${${file}}" STREQUAL "")
if(NOT IS_ABSOLUTE "${${file}}")
find_file(
temp_file
NAMES
"${${file}}"
PATHS
"${APPLICATION_SOURCE_DIR}"
"${WEST_TOPDIR}"
NO_DEFAULT_PATH
)
if(NOT "${temp_file}" STREQUAL "temp_file-NOTFOUND")
set(${file} "${temp_file}")
endif()
endif()
if((NOT IS_ABSOLUTE "${${file}}" OR NOT EXISTS "${${file}}") AND NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
message(FATAL_ERROR "Can't find file \"${${file}}\" "
"(Note: Relative paths are searched through"
"APPLICATION_SOURCE_DIR=\"${APPLICATION_SOURCE_DIR}\" "
"and WEST_TOPDIR=\"${WEST_TOPDIR}\")")
elseif(NOT (CONFIG_BUILD_OUTPUT_BIN OR CONFIG_BUILD_OUTPUT_HEX))
message(FATAL_ERROR "Can't sign images for MCUboot: Neither CONFIG_BUILD_OUTPUT_BIN nor"
"CONFIG_BUILD_OUTPUT_HEX is enabled, so there's nothing to sign.")
endif()
endif()
endforeach()
# Basic 'cysecuretools' command and output format independent arguments.
set(cysecuretools_cmd ${CYSECURETOOLS} -q -t cyw20829 -p ${CYSECURETOOLS_POLICY})
# sign-image arguments.
set(sign_image_cmd_args sign-image
--image-format mcuboot_user_app
--image "${MERGED_FILE}"
--slot-size ${CONFIG_FLASH_LOAD_SIZE}
--align 1
--image-id 0
--hex-addr ${flash_addr_sahb_offset}
--app-addr ${flash_addr_sbus_offset}
-v "${CONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION}")
# Extra arguments from CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS.
if(NOT CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS STREQUAL "")
# Separate extra arguments into the proper format for adding to
# extra_post_build_commands.
#
# Use UNIX_COMMAND syntax for uniform results across host
# platforms.
separate_arguments(cysecuretools_extra_args UNIX_COMMAND
${CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS})
else()
set(cysecuretools_extra_args)
endif()
if(NOT "${keyfile}" STREQUAL "")
set(sign_image_cmd_args ${sign_image_cmd_args} --key-path "${keyfile}")
endif()
if(NOT "${keyfile_enc}" STREQUAL "")
set(encrypted_args --encrypt --enckey "${keyfile_enc}")
endif()
# Use overwrite-only instead of swap upgrades.
if(CONFIG_MCUBOOT_IMGTOOL_OVERWRITE_ONLY)
set(sign_image_cmd_args ${sign_image_cmd_args} --overwrite-only --align 1)
endif()
if(CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE)
list(APPEND confirmed_args --pad --confirm)
endif()
# List of additional build byproducts.
set(byproducts)
set(bin2hex_cmd_args_signed)
set(bin2hex_cmd_args_confirmed)
set(bin2hex_cmd_args_encrypted)
# Set up .bin outputs.
if(CONFIG_BUILD_OUTPUT_BIN)
list(APPEND byproducts ${output}.signed.bin)
zephyr_runner_file(bin ${output}.signed.bin)
set(BYPRODUCT_KERNEL_SIGNED_BIN_NAME "${output}.signed.bin"
CACHE FILEPATH "Signed kernel bin file" FORCE
)
endif()
if(CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE)
list(APPEND byproducts ${output}.signed.confirmed.bin)
set(BYPRODUCT_KERNEL_SIGNED_CONFIRMED_BIN_NAME "${output}.signed.confirmed.bin"
CACHE FILEPATH "Signed and confirmed kernel bin file" FORCE
)
endif()
if(NOT "${keyfile_enc}" STREQUAL "")
list(APPEND byproducts ${output}.signed.encrypted.bin)
set(BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_BIN_NAME "${output}.signed.encrypted.bin"
CACHE FILEPATH "Signed and encrypted kernel bin file" FORCE
)
endif()
# Set up .hex outputs.
if(CONFIG_BUILD_OUTPUT_HEX)
list(APPEND bin2hex_cmd_args_signed bin2hex
--image ${output}.signed.bin --output ${output}.signed.hex
--offset ${flash_addr_sahb_offset}
)
list(APPEND byproducts ${output}.signed.hex)
zephyr_runner_file(hex ${output}.signed.hex)
set(BYPRODUCT_KERNEL_SIGNED_HEX_NAME "${output}.signed.hex"
CACHE FILEPATH "Signed kernel hex file" FORCE)
if(CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE)
list(APPEND bin2hex_cmd_args_confirmed bin2hex
--image ${output}.signed.confirmed.bin --output ${output}.signed.confirmed.hex
--offset ${flash_addr_sahb_offset}
)
list(APPEND byproducts ${output}.signed.confirmed.hex)
set(BYPRODUCT_KERNEL_SIGNED_CONFIRMED_HEX_NAME "${output}.signed.confirmed.hex"
CACHE FILEPATH "Signed and confirmed kernel hex file" FORCE
)
endif()
if(NOT "${keyfile_enc}" STREQUAL "")
list(APPEND bin2hex_cmd_args_encrypted bin2hex
--image ${output}.signed.encrypted.bin --output ${output}.signed.encrypted.hex
--offset ${flash_addr_sahb_offset}
)
list(APPEND byproducts ${output}.signed.encrypted.hex)
set(BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_HEX_NAME "${output}.signed.encrypted.hex"
CACHE FILEPATH "Signed and encrypted kernel hex file" FORCE
)
endif()
endif()
# Add the post-processing steps to generate
# signed /signed.confirmed / signed.encrypted bin and hex files
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
${cysecuretools_cmd}
${sign_image_cmd_args} --output ${output}.signed.bin
${bin2hex_cmd_args_signed} # bin to hex
${cysecuretools_extra_args}) # from CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS
if(CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE)
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
${cysecuretools_cmd}
${sign_image_cmd_args} --output ${output}.signed.confirmed.bin
${confirmed_args}
${bin2hex_cmd_args_confirmed} # bin to hex
${cysecuretools_extra_args}) # from CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS
endif()
if(NOT "${keyfile_enc}" STREQUAL "")
set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
${cysecuretools_cmd}
${sign_image_cmd_args} --output ${output}.signed.encrypted.bin
${confirmed_args} ${encrypted_args}
${bin2hex_cmd_args_encrypted} # bin to hex
${cysecuretools_extra_args} # from CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS
COMMAND ${CMAKE_COMMAND} -E echo
"Generating encrypted files ${output}.signed.encrypted.hex/bin files"
COMMAND ${CMAKE_COMMAND} -E echo
\"Use 'west flash --hex-file ${output}.signed.encrypted.hex' to flash in primary
partition\")
endif()
set_property(GLOBAL APPEND PROPERTY extra_post_build_byproducts ${byproducts})
endfunction()
if((NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}") OR (NOT "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}" STREQUAL ""))
zephyr_mcuboot_tasks()
endif()