build: auto-generate signed mcuboot binaries
Add new Kconfig options which depend on CONFIG_BOOTLOADER_MCUBOOT:
- CONFIG_MCUBOOT_SIGNATURE_KEY_FILE: the path to the key pair which
should be used to sign the image, in PEM format. This is sent to
imgtool via 'west sign' when set to produce zephyr.signed.bin and
zephyr.signed.hex files as needed.
- CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS: additional arguments to pass to
imgtool.
- CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE: also generate
zephyr.signed.confirmed.{bin,hex}
Add build system support for these options.
This makes a separate 'west sign' step unnecessary when using MCUboot,
if the application image is properly configured with the location of
the key file.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
This commit is contained in:
Martí Bolívar
Carles Cufí
parent
9b6736748d
commit
f66a0c3772
3 changed files with 188 additions and 0 deletions
|
|
@ -398,6 +398,55 @@ config BOOTLOADER_MCUBOOT
|
|||
(or Armv8-M baseline) targets with no built-in vector relocation
|
||||
mechanisms
|
||||
|
||||
if BOOTLOADER_MCUBOOT
|
||||
|
||||
config MCUBOOT_SIGNATURE_KEY_FILE
|
||||
string "Path to the mcuboot signing key file"
|
||||
default ""
|
||||
help
|
||||
The file contains a key pair whose public half is verified
|
||||
by your target's MCUboot image. The file is in PEM format.
|
||||
|
||||
If set to a non-empty value, the build system tries to
|
||||
sign the final binaries using a 'west sign -t imgtool' command.
|
||||
The signed binaries are placed in the build directory
|
||||
at zephyr/zephyr.signed.bin and zephyr/zephyr.signed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
This option should contain an absolute path to the same file
|
||||
as the BOOT_SIGNATURE_KEY_FILE option in your MCUboot
|
||||
.config. (The MCUboot config option is used for the MCUboot
|
||||
bootloader image; this option is for your application which
|
||||
is to be loaded by MCUboot. The MCUboot config option can be
|
||||
a relative path from the MCUboot repository root; this option's
|
||||
behavior is undefined for relative paths.)
|
||||
|
||||
If left empty, you must sign the Zephyr binaries manually.
|
||||
|
||||
config MCUBOOT_EXTRA_IMGTOOL_ARGS
|
||||
string "Extra arguments to pass to imgtool"
|
||||
default ""
|
||||
help
|
||||
If CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is a non-empty string,
|
||||
you can use this option to pass extra options to imgtool.
|
||||
For example, you could set this to "--version 1.2".
|
||||
|
||||
config MCUBOOT_GENERATE_CONFIRMED_IMAGE
|
||||
bool "Also generate a confirmed image"
|
||||
help
|
||||
The signed and confirmed binaries are placed in the build directory
|
||||
at zephyr/zephyr.signed.confirmed.bin and
|
||||
zephyr/zephyr.signed.confirmed.hex.
|
||||
|
||||
The file names can be customized with CONFIG_KERNEL_BIN_NAME.
|
||||
The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN
|
||||
and CONFIG_BUILD_OUTPUT_HEX.
|
||||
|
||||
endif # BOOTLOADER_MCUBOOT
|
||||
|
||||
config BOOTLOADER_ESP_IDF
|
||||
bool "ESP-IDF bootloader support"
|
||||
depends on SOC_ESP32
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue