tools: Fix flashing encrypted binaries from IDF Monitor

This commit is contained in:
Roland Dobai 2020-03-23 16:14:34 +01:00
parent de1f56466b
commit 9b16594444
4 changed files with 63 additions and 32 deletions

View file

@ -88,6 +88,7 @@ endif
ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
encrypted-flash: all_binaries $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies encrypted-flash: all_binaries $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
$(eval MONITOR_OPTS += --encrypted)
@echo "Flashing binaries to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..." @echo "Flashing binaries to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
ifdef CONFIG_SECURE_BOOT ifdef CONFIG_SECURE_BOOT
@echo "(Secure boot enabled, so bootloader not flashed automatically. See 'make bootloader' output)" @echo "(Secure boot enabled, so bootloader not flashed automatically. See 'make bootloader' output)"
@ -112,6 +113,7 @@ app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) pa
ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
encrypted-app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies encrypted-app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
$(eval MONITOR_OPTS += --encrypted)
@echo "Flashing encrypted app binary to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..." @echo "Flashing encrypted app binary to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
$(ESPTOOLPY_WRITE_FLASH_ENCRYPT) $(APP_OFFSET) $(APP_BIN) $(ESPTOOLPY_WRITE_FLASH_ENCRYPT) $(APP_OFFSET) $(APP_BIN)
else else

View file

@ -15,33 +15,33 @@ Keyboard Shortcuts
For easy interaction with IDF Monitor, use the keyboard shortcuts given in the table. For easy interaction with IDF Monitor, use the keyboard shortcuts given in the table.
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Keyboard Shortcut | Action | Description | | Keyboard Shortcut | Action | Description |
+===================+========================================================+==================================================================================================================================================================+ +===================+========================================================+======================================================================================================================================================================================================================================================+
| Ctrl+] | Exit the program | | | Ctrl+] | Exit the program | |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Ctrl+T | Menu escape key | Press and follow it by one of the keys given below. | | Ctrl+T | Menu escape key | Press and follow it by one of the keys given below. |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+T | Send the menu character itself to remote | | | - Ctrl+T | Send the menu character itself to remote | |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+] | Send the exit character itself to remote | | | - Ctrl+] | Send the exit character itself to remote | |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+P | Reset target into bootloader to pause app via RTS line | Resets the target, into bootloader via the RTS line (if connected), so that the board runs nothing. Useful when you need to wait for another device to startup. | | - Ctrl+P | Reset target into bootloader to pause app via RTS line | Resets the target, into bootloader via the RTS line (if connected), so that the board runs nothing. Useful when you need to wait for another device to startup. |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+R | Reset target board via RTS | Resets the target board and re-starts the application via the RTS line (if connected). | | - Ctrl+R | Reset target board via RTS | Resets the target board and re-starts the application via the RTS line (if connected). |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+F | Build and flash the project | Pauses idf_monitor to run the project ``flash`` target, then resumes idf_monitor. Any changed source files are recompiled and then re-flashed. | | - Ctrl+F | Build and flash the project | Pauses idf_monitor to run the project ``flash`` target, then resumes idf_monitor. Any changed source files are recompiled and then re-flashed. Target ``encrypted-flash`` is run if idf_monitor was started with argument ``-E``. |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+A (or A) | Build and flash the app only | Pauses idf_monitor to run the ``app-flash`` target, then resumes idf_monitor. Similar to the ``flash`` target, but only the main app is built and re-flashed. | | - Ctrl+A (or A) | Build and flash the app only | Pauses idf_monitor to run the ``app-flash`` target, then resumes idf_monitor. Similar to the ``flash`` target, but only the main app is built and re-flashed. Target ``encrypted-app-flash`` is run if idf_monitor was started with argument ``-E``. |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+Y | Stop/resume log output printing on screen | Discards all incoming serial data while activated. Allows to quickly pause and examine log output without quitting the monitor. | | - Ctrl+Y | Stop/resume log output printing on screen | Discards all incoming serial data while activated. Allows to quickly pause and examine log output without quitting the monitor. |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+L | Stop/resume log output saved to file | Creates a file in the project directory and the output is written to that file until this is disabled with the same keyboard shortcut (or IDF Monitor exits). | | - Ctrl+L | Stop/resume log output saved to file | Creates a file in the project directory and the output is written to that file until this is disabled with the same keyboard shortcut (or IDF Monitor exits). |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+H (or H) | Display all keyboard shortcuts | | | - Ctrl+H (or H) | Display all keyboard shortcuts | |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| - Ctrl+X (or X) | Exit the program | | | - Ctrl+X (or X) | Exit the program | |
+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Any keys pressed, other than ``Ctrl-]`` and ``Ctrl-T``, will be sent through the serial port. Any keys pressed, other than ``Ctrl-]`` and ``Ctrl-T``, will be sent through the serial port.

View file

@ -459,7 +459,8 @@ class Monitor(object):
Main difference is that all event processing happens in the main thread, not the worker threads. Main difference is that all event processing happens in the main thread, not the worker threads.
""" """
def __init__(self, serial_instance, elf_file, print_filter, make="make", toolchain_prefix=DEFAULT_TOOLCHAIN_PREFIX, eol="CRLF", def __init__(self, serial_instance, elf_file, print_filter, make="make", encrypted=False,
toolchain_prefix=DEFAULT_TOOLCHAIN_PREFIX, eol="CRLF",
decode_coredumps=COREDUMP_DECODE_INFO): decode_coredumps=COREDUMP_DECODE_INFO):
super(Monitor, self).__init__() super(Monitor, self).__init__()
self.event_queue = queue.Queue() self.event_queue = queue.Queue()
@ -490,6 +491,7 @@ class Monitor(object):
self.make = shlex.split(make) # allow for possibility the "make" arg is a list of arguments (for idf.py) self.make = shlex.split(make) # allow for possibility the "make" arg is a list of arguments (for idf.py)
else: else:
self.make = make self.make = make
self.encrypted = encrypted
self.toolchain_prefix = toolchain_prefix self.toolchain_prefix = toolchain_prefix
# internal state # internal state
@ -848,9 +850,9 @@ class Monitor(object):
self.serial.setDTR(self.serial.dtr) # usbser.sys workaround self.serial.setDTR(self.serial.dtr) # usbser.sys workaround
self.output_enable(True) self.output_enable(True)
elif cmd == CMD_MAKE: elif cmd == CMD_MAKE:
self.run_make("flash") self.run_make("encrypted-flash" if self.encrypted else "flash")
elif cmd == CMD_APP_FLASH: elif cmd == CMD_APP_FLASH:
self.run_make("app-flash") self.run_make("encrypted-app-flash" if self.encrypted else "app-flash")
elif cmd == CMD_OUTPUT_TOGGLE: elif cmd == CMD_OUTPUT_TOGGLE:
self.output_toggle() self.output_toggle()
elif cmd == CMD_TOGGLE_LOGGING: elif cmd == CMD_TOGGLE_LOGGING:
@ -901,6 +903,11 @@ def main():
help='Command to run make', help='Command to run make',
type=str, default='make') type=str, default='make')
parser.add_argument(
'--encrypted',
help='Use encrypted targets while running make',
action='store_true')
parser.add_argument( parser.add_argument(
'--toolchain-prefix', '--toolchain-prefix',
help="Triplet prefix to add before cross-toolchain names", help="Triplet prefix to add before cross-toolchain names",
@ -960,7 +967,8 @@ def main():
except KeyError: except KeyError:
pass # not running a make jobserver pass # not running a make jobserver
monitor = Monitor(serial_instance, args.elf_file.name, args.print_filter, args.make, args.toolchain_prefix, args.eol, monitor = Monitor(serial_instance, args.elf_file.name, args.print_filter, args.make, args.encrypted,
args.toolchain_prefix, args.eol,
args.decode_coredumps) args.decode_coredumps)
yellow_print('--- idf_monitor on {p.name} {p.baudrate} ---'.format( yellow_print('--- idf_monitor on {p.name} {p.baudrate} ---'.format(

View file

@ -62,7 +62,7 @@ def action_extensions(base_actions, project_path):
return result return result
def monitor(action, ctx, args, print_filter, monitor_baud): def monitor(action, ctx, args, print_filter, monitor_baud, encrypted):
""" """
Run idf_monitor.py to watch build output Run idf_monitor.py to watch build output
""" """
@ -103,6 +103,9 @@ def action_extensions(base_actions, project_path):
monitor_args += ["--print_filter", print_filter] monitor_args += ["--print_filter", print_filter]
monitor_args += [elf_file] monitor_args += [elf_file]
if encrypted:
monitor_args += ['--encrypted']
idf_py = [PYTHON] + _get_commandline_options(ctx) # commands to re-run idf.py idf_py = [PYTHON] + _get_commandline_options(ctx) # commands to re-run idf.py
monitor_args += ["-m", " ".join("'%s'" % a for a in idf_py)] monitor_args += ["-m", " ".join("'%s'" % a for a in idf_py)]
@ -126,6 +129,14 @@ def action_extensions(base_actions, project_path):
esptool_args += ["erase_flash"] esptool_args += ["erase_flash"]
run_tool("esptool.py", esptool_args, args.build_dir) run_tool("esptool.py", esptool_args, args.build_dir)
def global_callback(ctx, global_args, tasks):
encryption = any([task.name in ("encrypted-flash", "encrypted-app-flash") for task in tasks])
if encryption:
for task in tasks:
if task.name == "monitor":
task.action_args["encrypted"] = True
break
baud_rate = { baud_rate = {
"names": ["-b", "--baud"], "names": ["-b", "--baud"],
"help": "Baud rate for flashing.", "help": "Baud rate for flashing.",
@ -143,6 +154,7 @@ def action_extensions(base_actions, project_path):
} }
serial_actions = { serial_actions = {
"global_action_callbacks": [global_callback],
"actions": { "actions": {
"flash": { "flash": {
"callback": flash, "callback": flash,
@ -184,13 +196,22 @@ def action_extensions(base_actions, project_path):
"environment variables and project_description.json in build directory " "environment variables and project_description.json in build directory "
"(generated by CMake from project's sdkconfig) " "(generated by CMake from project's sdkconfig) "
"will be checked for default value."), "will be checked for default value."),
}, {
"names": ["--encrypted", "-E"],
"is_flag": True,
"help": ("Enable encrypted flash targets.\n"
"IDF Monitor will invoke encrypted-flash and encrypted-app-flash targets "
"if this option is set. This option is set by default if IDF Monitor was invoked "
"together with encrypted-flash or encrypted-app-flash target."),
} }
], ],
"order_dependencies": [ "order_dependencies": [
"flash", "flash",
"encrypted-flash",
"partition_table-flash", "partition_table-flash",
"bootloader-flash", "bootloader-flash",
"app-flash", "app-flash",
"encrypted-app-flash",
], ],
}, },
"partition_table-flash": { "partition_table-flash": {