Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
Path was accidentally generated as build/<absolute path to input file> which creates unexpected path structure on Linux/macOS and breaks Windows (as can't have a directory named "C:".
Regression in e8582e9aa4
Closes https://github.com/espressif/esp-idf/issues/3687
Closes IDFGH-1409
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
esptool_py defines command `esptool_py_flash_project_args` that
generates arg file for esptool.py. Two of the arguments are the offset
and image, which are not being used when a template file is given.
This commit makes variables OFFSET and IMAGE available to the template
file, which will holds the value of the offset and image arguments to
`esptool_py_flash_project_args`.
Since OUTPUT argument of custom command does not currently support
generator expressions, the project image is only generated as a side
effect. The primary generated file is a timestamp file. Unfortunately as a consequence
the output logs when the
binary is about to be generated is not as helpful anymore.
Set a custom comment that is more descriptive of what is happening,
and provide more feedback as to what has been generated.
A problem if the Python interpreter used for idf.py (or set via PYTHON
variable) didn't match
"/usr/bin/env python" (or the associated executable for .py files, on
Windows).
Closes https://github.com/espressif/esp-idf/issues/3160
Possibly also fix for https://github.com/espressif/esp-idf/issues/2936
Adds build system test to catch any future direct execution of Python in
the standard build process.
* Call esptool directly not via subprocess
* Use the same serial port instance for listener thread and esptool
* Includes some refactoring for encapsulation of App vs DUT members
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.
This problem is solved by 2 changes:
* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.
TW14125