Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge branch 'bugfix/cmake_secure_boot' into 'master'

Browse source 
secure boot: CMake bug fixes

See merge request espressif/esp-idf!6523
This commit is contained in:
Angus Gratton 2019-11-08 10:58:04 +08:00
commit 75488f1806
4 changed files with 67 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
components/bootloader/subproject/CMakeLists.txt
View file

@ -76,6 +76,7 @@ if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}" COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}" COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
-o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin" -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
MAIN_DEPENDENCY gen_project_binary
DEPENDS gen_secure_bootloader_key gen_project_binary DEPENDS gen_secure_bootloader_key gen_project_binary
VERBATIM) VERBATIM)

34
components/bootloader_support/CMakeLists.txt
View file

@ -45,7 +45,8 @@ idf_component_register(SRCS "${srcs}"
REQUIRES "${requires}" REQUIRES "${requires}"
PRIV_REQUIRES "${priv_requires}") PRIV_REQUIRES "${priv_requires}")
if(BOOTLOADER_BUILD AND CONFIG_SECURE_SIGNED_APPS) if(CONFIG_SECURE_SIGNED_APPS)
if(BOOTLOADER_BUILD)
# Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed # Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed
# in the library. # in the library.
if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES) if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
@ -60,6 +61,7 @@ if(BOOTLOADER_BUILD AND CONFIG_SECURE_SIGNED_APPS)
COMMAND ${ESPSECUREPY} COMMAND ${ESPSECUREPY}
extract_public_key --keyfile "${secure_boot_signing_key}" extract_public_key --keyfile "${secure_boot_signing_key}"
"${secure_boot_verification_key}" "${secure_boot_verification_key}"
DEPENDS ${secure_boot_signing_key}
VERBATIM) VERBATIM)
else() else()
# We expect to 'inherit' the verification key passed from main project. # We expect to 'inherit' the verification key passed from main project.
@ -67,8 +69,36 @@ if(BOOTLOADER_BUILD AND CONFIG_SECURE_SIGNED_APPS)
${SECURE_BOOT_VERIFICATION_KEY} ${SECURE_BOOT_VERIFICATION_KEY}
ABSOLUTE BASE_DIR "${project_dir}") ABSOLUTE BASE_DIR "${project_dir}")
endif() endif()
else() # normal app build
idf_build_get_property(project_dir PROJECT_DIR)
target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY") if(CONFIG_SECURE_BOOT_VERIFICATION_KEY)
# verification-only build supplies verification key
set(secure_boot_verification_key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY})
get_filename_component(secure_boot_verification_key
${secure_boot_verification_key}
ABSOLUTE BASE_DIR "${project_dir}")
else()
# sign at build time, extracts key from signing key
set(secure_boot_verification_key "${CMAKE_BINARY_DIR}/signature_verification_key.bin")
get_filename_component(secure_boot_signing_key
${CONFIG_SECURE_BOOT_SIGNING_KEY}
ABSOLUTE BASE_DIR "${project_dir}")
add_custom_command(OUTPUT "${secure_boot_verification_key}"
COMMAND ${ESPSECUREPY}
extract_public_key --keyfile "${secure_boot_signing_key}"
"${secure_boot_verification_key}"
WORKING_DIRECTORY ${project_dir}
DEPENDS ${secure_boot_signing_key}
VERBATIM)
endif()
endif()
# Embed the verification key in the binary (app & bootloader)
#
target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY"
RENAME_TO signature_verification_key_bin)
set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES
"${secure_boot_verification_key}") "${secure_boot_verification_key}")

11
tools/cmake/scripts/data_file_embed_asm.cmake
View file

@ -38,9 +38,14 @@ string(REGEX REPLACE "[^\n]+$" ".byte \\0\n" data "${data}")
string(REGEX REPLACE "[0-9a-f][0-9a-f]" "0x\\0, " data "${data}") # hex formatted C bytes string(REGEX REPLACE "[0-9a-f][0-9a-f]" "0x\\0, " data "${data}") # hex formatted C bytes
string(REGEX REPLACE ", \n" "\n" data "${data}") # trim the last comma string(REGEX REPLACE ", \n" "\n" data "${data}") # trim the last comma
## Come up with C-friendly symbol name based on source file ## Come up with C-friendly variable name based on source file
get_filename_component(source_filename "${DATA_FILE}" NAME) # unless VARIABLE_BASENAME is set
string(MAKE_C_IDENTIFIER "${source_filename}" varname) if(NOT VARIABLE_BASENAME)
get_filename_component(source_filename "${DATA_FILE}" NAME)
string(MAKE_C_IDENTIFIER "${source_filename}" varname)
else()
string(MAKE_C_IDENTIFIER "${VARIABLE_BASENAME}" varname)
endif()
function(append str) function(append str)
file(APPEND "${SOURCE_FILE}" "${str}") file(APPEND "${SOURCE_FILE}" "${str}")

7
tools/cmake/utilities.cmake
View file

@ -77,6 +77,7 @@ endfunction()
# by converting it to a generated source file which is then compiled # by converting it to a generated source file which is then compiled
# to a binary object as part of the build # to a binary object as part of the build
function(target_add_binary_data target embed_file embed_type) function(target_add_binary_data target embed_file embed_type)
cmake_parse_arguments(_ "" "RENAME_TO" "" ${ARGN})
idf_build_get_property(build_dir BUILD_DIR) idf_build_get_property(build_dir BUILD_DIR)
idf_build_get_property(idf_path IDF_PATH) idf_build_get_property(idf_path IDF_PATH)
@ -85,10 +86,16 @@ function(target_add_binary_data target embed_file embed_type)
get_filename_component(name "${embed_file}" NAME) get_filename_component(name "${embed_file}" NAME)
set(embed_srcfile "${build_dir}/${name}.S") set(embed_srcfile "${build_dir}/${name}.S")
set(rename_to_arg)
if(__RENAME_TO) # use a predefined variable name
set(rename_to_arg -D "VARIABLE_BASENAME=${__RENAME_TO}")
endif()
add_custom_command(OUTPUT "${embed_srcfile}" add_custom_command(OUTPUT "${embed_srcfile}"
COMMAND "${CMAKE_COMMAND}" COMMAND "${CMAKE_COMMAND}"
-D "DATA_FILE=${embed_file}" -D "DATA_FILE=${embed_file}"
-D "SOURCE_FILE=${embed_srcfile}" -D "SOURCE_FILE=${embed_srcfile}"
${rename_to_arg}
-D "FILE_TYPE=${embed_type}" -D "FILE_TYPE=${embed_type}"
-P "${idf_path}/tools/cmake/scripts/data_file_embed_asm.cmake" -P "${idf_path}/tools/cmake/scripts/data_file_embed_asm.cmake"
MAIN_DEPENDENCY "${embed_file}" MAIN_DEPENDENCY "${embed_file}"