OVMS3-idf/components/bootloader/subproject/CMakeLists.txt

cmake_minimum_required(VERSION 3.5)

if(NOT SDKCONFIG)
    message(FATAL_ERROR "Bootloader subproject expects the SDKCONFIG variable to be passed "
        "in by the parent build process.")
endif()

if(NOT IDF_PATH)
    message(FATAL_ERROR "Bootloader subproject expects the IDF_PATH variable to be passed "
        "in by the parent build process.")
endif()

if(NOT IDF_TARGET)
    message(FATAL_ERROR "Bootloader subproject expects the IDF_TARGET variable to be passed "
        "in by the parent build process.")
endif()

set(COMPONENTS bootloader esptool_py partition_table soc bootloader_support log spi_flash micro-ecc main efuse)
set(BOOTLOADER_BUILD 1)
include("${IDF_PATH}/tools/cmake/project.cmake")
set(common_req log esp_rom esp_common xtensa)
if(LEGACY_INCLUDE_COMMON_HEADERS)
    list(APPEND common_req soc)
endif()
idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")
idf_build_set_property(__OUTPUT_SDKCONFIG 0)
project(bootloader)

idf_build_set_property(COMPILE_DEFINITIONS "-DBOOTLOADER_BUILD=1" APPEND)
idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)

string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")
string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")
set(esptoolpy_write_flash "${ESPTOOLPY_WRITE_FLASH_STR}")

if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)
        set(key_digest_len 192)
    else()
        set(key_digest_len 256)
    endif()

    get_filename_component(bootloader_digest_bin
        "bootloader-reflash-digest.bin"
        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")

    get_filename_component(secure_bootloader_key
        "secure-bootloader-key-${key_digest_len}.bin"
        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")

    add_custom_command(OUTPUT "${secure_bootloader_key}"
        COMMAND ${ESPSECUREPY} digest_private_key
            --keylen "${key_digest_len}"
            --keyfile "${SECURE_BOOT_SIGNING_KEY}"
            "${secure_bootloader_key}"
        VERBATIM)

    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
        add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")
    else()
        if(NOT EXISTS "${secure_bootloader_key}")
            message(FATAL_ERROR
                "No pre-generated key for a reflashable secure bootloader is available, "
                "due to signing configuration."
                "\nTo generate one, you can use this command:"
                "\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"
                "\nIf a signing key is present, then instead use:"
                "\n\t${espsecurepy} digest_private_key "
                "--keylen (192/256) --keyfile KEYFILE "
                "${secure_bootloader_key}")
        endif()
        add_custom_target(gen_secure_bootloader_key)
    endif()

    add_custom_command(OUTPUT "${bootloader_digest_bin}"
        COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
        COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
        -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
        MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"
        DEPENDS gen_secure_bootloader_key gen_project_binary
        VERBATIM)

    add_custom_target (gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
endif()

if(CONFIG_SECURE_BOOT_V2_ENABLED)
    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
        get_filename_component(secure_boot_signing_key 
            "${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")

        if(NOT EXISTS "${secure_boot_signing_key}")
            message(FATAL_ERROR
                "Secure Boot Signing Key Not found."
                "\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."
                "\nTo generate one, you can use this command:"
                "\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")
        endif()

        set(bootloader_unsigned_bin "bootloader-unsigned.bin")
        add_custom_command(OUTPUT ".signed_bin_timestamp"
            COMMAND cp "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"
            -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"
            "from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
            COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
            DEPENDS "${build_dir}/.bin_timestamp"
            VERBATIM
            COMMENT "Generated the signed Bootloader")
    else()
        add_custom_command(OUTPUT ".signed_bin_timestamp"
        VERBATIM
        COMMENT "Bootloader generated but not signed")    
    endif()

    add_custom_target (gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
endif()

if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
    add_custom_command(TARGET bootloader.elf POST_BUILD
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
        COMMAND ${CMAKE_COMMAND} -E echo
            "One-time flash command is:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
        COMMAND ${CMAKE_COMMAND} -E echo
            "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
        VERBATIM)
elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    add_custom_command(TARGET bootloader.elf POST_BUILD
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "Bootloader built and secure digest generated."
        COMMAND ${CMAKE_COMMAND} -E echo
            "Secure boot enabled, so bootloader not flashed automatically."
        COMMAND ${CMAKE_COMMAND} -E echo
            "Burn secure boot key to efuse using:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"
        COMMAND ${CMAKE_COMMAND} -E echo
            "First time flash command is:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "To reflash the bootloader after initial flash:"
        COMMAND ${CMAKE_COMMAND} -E echo
            "\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"
        COMMAND ${CMAKE_COMMAND} -E echo
            "=============================================================================="
        COMMAND ${CMAKE_COMMAND} -E echo
            "* After first boot, only re-flashes of this kind (with same key) will be accepted."
        COMMAND ${CMAKE_COMMAND} -E echo
            "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
        DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin
        VERBATIM)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED)
    add_custom_command(TARGET bootloader.elf POST_BUILD
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    COMMAND ${CMAKE_COMMAND} -E echo
        "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "Secure boot enabled, so bootloader not flashed automatically."
    COMMAND ${CMAKE_COMMAND} -E echo
        "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    COMMAND ${CMAKE_COMMAND} -E echo
        "=============================================================================="
    DEPENDS gen_signed_bootloader
    VERBATIM)
endif()
build system: Initial cmake support, work in progress 2018-01-12 02:49:13 +00:00			`cmake_minimum_required(VERSION 3.5)`

cmake: Add partition table, and .bin file targets 2018-01-19 04:47:49 +00:00			`if(NOT SDKCONFIG)`
cmake: Use cmake_lint project, tidy up all CMake source files 2018-02-27 04:45:30 +00:00			`message(FATAL_ERROR "Bootloader subproject expects the SDKCONFIG variable to be passed "`
			`"in by the parent build process.")`
cmake: Add partition table, and .bin file targets 2018-01-19 04:47:49 +00:00			`endif()`
build system: Initial cmake support, work in progress 2018-01-12 02:49:13 +00:00
cmake: Fix issues when IDF_PATH is not set in environment Support cases where IDF_PATH may be passed in on the cmake command line, or inferred from a (hardcoded absolute or relative) path to project.cmake 2018-06-15 04:59:45 +00:00			`if(NOT IDF_PATH)`
			`message(FATAL_ERROR "Bootloader subproject expects the IDF_PATH variable to be passed "`
			`"in by the parent build process.")`
			`endif()`

pass IDF_TARGET variable to bootloader build process 2019-05-09 06:19:02 +00:00			`if(NOT IDF_TARGET)`
			`message(FATAL_ERROR "Bootloader subproject expects the IDF_TARGET variable to be passed "`
			`"in by the parent build process.")`
			`endif()`

make bootloader depend on IDF_TARGET 2019-04-04 07:20:24 +00:00			`set(COMPONENTS bootloader esptool_py partition_table soc bootloader_support log spi_flash micro-ecc main efuse)`
build system: Initial cmake support, work in progress 2018-01-12 02:49:13 +00:00			`set(BOOTLOADER_BUILD 1)`
components: update with build system changes 2019-05-10 02:53:08 +00:00			`include("${IDF_PATH}/tools/cmake/project.cmake")`
			`set(common_req log esp_rom esp_common xtensa)`
bootloader: pass legacy header config variable to subproject 2019-05-08 06:49:52 +00:00			`if(LEGACY_INCLUDE_COMMON_HEADERS)`
components: update with build system changes 2019-05-10 02:53:08 +00:00			`list(APPEND common_req soc)`
global: move the soc component out of the common list This MR removes the common dependency from every IDF components to the SOC component. Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components. But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components. In CMAKE, we have two kinds of header visibilities (set by include path visibility): (Assume component A --(depends on)--> B, B is the current component) 1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B) 2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only) and we have two kinds of depending ways: (Assume component A --(depends on)--> B --(depends on)--> C, B is the current component) 1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B) 2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B) 1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default. 2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it. 3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers 4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link) This is a breaking change. Previous code may depends on the long include chain. You may need to include the following headers for some files after this commit: - soc/soc.h - soc/soc_memory_layout.h - driver/gpio.h - esp_sleep.h The major broken include chain includes: 1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h. 2. ets_sys.h no longer includes soc/soc.h 3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h BREAKING CHANGE 2019-04-03 05:17:38 +00:00			`endif()`
components: update with build system changes 2019-05-10 02:53:08 +00:00			`idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")`
			`idf_build_set_property(__OUTPUT_SDKCONFIG 0)`
cmake: Allow selecting toolchain file based on config Refactor IDF "project" functionality under a wrapping of the default "project" command, so we can tweak it a bit... Will need more testing in other environments. 2018-02-15 03:38:58 +00:00			`project(bootloader)`
build system: Initial cmake support, work in progress 2018-01-12 02:49:13 +00:00
components: update with build system changes 2019-05-10 02:53:08 +00:00			`idf_build_set_property(COMPILE_DEFINITIONS "-DBOOTLOADER_BUILD=1" APPEND)`
			`idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00
			`string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")`
			`string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")`
			`set(esptoolpy_write_flash "${ESPTOOLPY_WRITE_FLASH_STR}")`

			`if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)`
			`if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)`
			`set(key_digest_len 192)`
			`else()`
			`set(key_digest_len 256)`
			`endif()`

			`get_filename_component(bootloader_digest_bin`
			`"bootloader-reflash-digest.bin"`
			`ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")`

			`get_filename_component(secure_bootloader_key`
			`"secure-bootloader-key-${key_digest_len}.bin"`
			`ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")`

			`add_custom_command(OUTPUT "${secure_bootloader_key}"`
			`COMMAND ${ESPSECUREPY} digest_private_key`
			`--keylen "${key_digest_len}"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 07:25:25 +00:00			`--keyfile "${SECURE_BOOT_SIGNING_KEY}"`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`"${secure_bootloader_key}"`
			`VERBATIM)`

			`if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)`
			`add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")`
			`else()`
			`if(NOT EXISTS "${secure_bootloader_key}")`
			`message(FATAL_ERROR`
			`"No pre-generated key for a reflashable secure bootloader is available, "`
			`"due to signing configuration."`
			`"\nTo generate one, you can use this command:"`
			`"\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"`
			`"\nIf a signing key is present, then instead use:"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 07:25:25 +00:00			`"\n\t${espsecurepy} digest_private_key "`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`"--keylen (192/256) --keyfile KEYFILE "`
			`"${secure_bootloader_key}")`
			`endif()`
			`add_custom_target(gen_secure_bootloader_key)`
			`endif()`

			`add_custom_command(OUTPUT "${bootloader_digest_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"`
			`COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"`
secure boot: In Reflashable mode, make sure the bootloader digest updates ... whenever the bootloader.bin is updated 2019-10-29 01:50:41 +00:00			`-o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"`
secure boot: Fix bootloader build system target for bootloader digest Closes https://github.com/espressif/esp-idf/issues/4513 2019-12-20 04:09:15 +00:00			`MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 07:25:25 +00:00			`DEPENDS gen_secure_bootloader_key gen_project_binary`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`VERBATIM)`

			`add_custom_target (gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")`
			`endif()`

feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 19:51:41 +00:00			`if(CONFIG_SECURE_BOOT_V2_ENABLED)`
			`if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)`
			`get_filename_component(secure_boot_signing_key`
			`"${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")`

			`if(NOT EXISTS "${secure_boot_signing_key}")`
			`message(FATAL_ERROR`
			`"Secure Boot Signing Key Not found."`
			`"\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."`
			`"\nTo generate one, you can use this command:"`
			`"\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")`
			`endif()`

			`set(bootloader_unsigned_bin "bootloader-unsigned.bin")`
			`add_custom_command(OUTPUT ".signed_bin_timestamp"`
			`COMMAND cp "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
			`COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"`
			`-o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"`
			`"from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"`
			`DEPENDS "${build_dir}/.bin_timestamp"`
			`VERBATIM`
			`COMMENT "Generated the signed Bootloader")`
			`else()`
			`add_custom_command(OUTPUT ".signed_bin_timestamp"`
			`VERBATIM`
			`COMMENT "Bootloader generated but not signed")`
			`endif()`

			`add_custom_target (gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")`
			`endif()`

CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 07:25:25 +00:00			`add_custom_command(TARGET bootloader.elf POST_BUILD`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built. Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"One-time flash command is:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"`
			`VERBATIM)`
			`elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)`
bootloader: fix secure boot issues Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections 2019-05-10 07:25:25 +00:00			`add_custom_command(TARGET bootloader.elf POST_BUILD`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built and secure digest generated."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Burn secure boot key to efuse using:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"First time flash command is:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"To reflash the bootloader after initial flash:"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* After first boot, only re-flashes of this kind (with same key) will be accepted."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"* Not recommended to re-use the same secure boot keyfile on multiple production devices."`
			`DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin`
			`VERBATIM)`
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-24 19:51:41 +00:00			`elseif(CONFIG_SECURE_BOOT_V2_ENABLED)`
			`add_custom_command(TARGET bootloader.elf POST_BUILD`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Bootloader built. Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"Secure boot enabled, so bootloader not flashed automatically."`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"`
			`COMMAND ${CMAKE_COMMAND} -E echo`
			`"=============================================================================="`
			`DEPENDS gen_signed_bootloader`
			`VERBATIM)`
CMake : Secure Boot support added 2018-10-19 19:02:55 +00:00			`endif()`