bootloader_support: move embedding key after component registration

Bootloader build requires verification key to be embedded in the binary. Under specific configs, this key is generated during build time from the signing key. Move the key generation to after the component registration, since non scriptable commands are used in the process (during early expansion)
2019-05-09 10:25:08 +08:00 · 2019-05-09 10:25:08 +08:00 · 2adf313838
commit 2adf313838
parent 13d9c483b3
1 changed files with 35 additions and 36 deletions
--- a/components/bootloader_support/CMakeLists.txt
+++ b/components/bootloader_support/CMakeLists.txt
@ -19,8 +19,23 @@ if(BOOTLOADER_BUILD)
        "src/${IDF_TARGET}/flash_encrypt.c"
        "src/${IDF_TARGET}/secure_boot_signatures.c"
        "src/${IDF_TARGET}/secure_boot.c")
+else()
+    list(APPEND srcs 
+        "src/idf/bootloader_sha.c"
+        "src/idf/secure_boot_signatures.c")
+    set(include_dirs "include")
+    set(priv_include_dirs "include_bootloader")
+    set(requires soc) #unfortunately the header directly uses SOC registers
+    set(priv_requires spi_flash mbedtls efuse)
+endif()

-    if(CONFIG_SECURE_SIGNED_APPS)
+idf_component_register(SRCS "${srcs}"
+                    INCLUDE_DIRS "${include_dirs}"
+                    PRIV_INCLUDE_DIRS "${priv_include_dirs}"
+                    REQUIRES "${requires}"
+                    PRIV_REQUIRES "${priv_requires}")
+
+if(BOOTLOADER_BUILD AND CONFIG_SECURE_SIGNED_APPS)
    get_filename_component(secure_boot_verification_key
        "signature_verification_key.bin"
        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
@ -48,24 +63,8 @@ if(BOOTLOADER_BUILD)
            DEPENDS "${orig_secure_boot_verification_key}"
            VERBATIM)
    endif()
-        set(embed_files "${secure_boot_verification_key}")
+    target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY")
    set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
        APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES
        "${secure_boot_verification_key}")
 endif()
-else()
-    list(APPEND srcs 
-        "src/idf/bootloader_sha.c"
-        "src/idf/secure_boot_signatures.c")
-    set(include_dirs "include")
-    set(priv_include_dirs "include_bootloader")
-    set(requires soc) #unfortunately the header directly uses SOC registers
-    set(priv_requires spi_flash mbedtls efuse)
-endif()
-
-idf_component_register(SRCS "${srcs}"
-                    INCLUDE_DIRS "${include_dirs}"
-                    PRIV_INCLUDE_DIRS "${priv_include_dirs}"
-                    REQUIRES "${requires}"
-                    PRIV_REQUIRES "${priv_requires}"
-                    EMBED_FILES "${embed_files}")