e916cf52a3
Added: * set a secure version in app/bootloader. * description anti-rollback to ota part * emulate the secure_version write and read operations * efuse_em partition. * a description about a rollback for native_ota_example. Closes: TW26335
91 lines
3.8 KiB
CMake
91 lines
3.8 KiB
CMake
register_config_only_component()
|
|
|
|
if(NOT BOOTLOADER_BUILD AND IDF_BUILD_ARTIFACTS)
|
|
|
|
set(partition_csv "${PARTITION_CSV_PATH}")
|
|
|
|
if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
|
|
set(unsigned_partition_bin "partition-table-unsigned.bin")
|
|
set(final_partition_bin "partition-table.bin")
|
|
set(final_partition_target "sign_partition_table")
|
|
else()
|
|
set(unsigned_partition_bin "partition-table.bin")
|
|
set(final_partition_bin "partition-table.bin")
|
|
set(final_partition_target "build_partition_table")
|
|
endif()
|
|
|
|
if(CONFIG_PARTITION_TABLE_MD5)
|
|
set(md5_opt --disable-md5sum)
|
|
endif()
|
|
|
|
if(CONFIG_ESPTOOLPY_FLASHSIZE)
|
|
set(flashsize_opt --flash-size ${CONFIG_ESPTOOLPY_FLASHSIZE})
|
|
endif()
|
|
|
|
if(CONFIG_SECURE_BOOT_ENABLED AND NOT CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION)
|
|
set(partition_secure_opt --secure)
|
|
else()
|
|
set(partition_secure_opt "")
|
|
endif()
|
|
|
|
add_custom_command(OUTPUT "${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${unsigned_partition_bin}"
|
|
COMMAND "${PYTHON}" "${CMAKE_CURRENT_SOURCE_DIR}/gen_esp32part.py"
|
|
-q --offset ${PARTITION_TABLE_OFFSET} ${md5_opt} ${flashsize_opt}
|
|
${partition_secure_opt} ${partition_csv} ${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${unsigned_partition_bin}
|
|
DEPENDS ${partition_csv} "${CMAKE_CURRENT_SOURCE_DIR}/gen_esp32part.py"
|
|
VERBATIM)
|
|
|
|
# Add signing steps
|
|
if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
|
|
add_custom_target(gen_unsigned_partition_bin ALL DEPENDS
|
|
"${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${unsigned_partition_bin}")
|
|
|
|
add_custom_command(OUTPUT "${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${final_partition_bin}"
|
|
COMMAND ${ESPSECUREPY} sign_data --keyfile "${secure_boot_signing_key}"
|
|
-o "${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${final_partition_bin}"
|
|
"${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${unsigned_partition_bin}"
|
|
DEPENDS "${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${unsigned_partition_bin}"
|
|
VERBATIM)
|
|
endif()
|
|
|
|
if(EXISTS ${partition_csv})
|
|
add_custom_target(partition_table ALL DEPENDS "${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${final_partition_bin}")
|
|
else()
|
|
# If the partition input CSV is not found, create a phony partition_table target that
|
|
# fails the build. fail_at_build_time also touches CMakeCache.txt to cause a cmake run next time
|
|
# (to pick up a new CSV if one exists, etc.)
|
|
fail_at_build_time(partition_table
|
|
"Partition table CSV ${partition_csv} does not exist."
|
|
"Either change partition table in menuconfig or create this input file.")
|
|
endif()
|
|
|
|
if(CONFIG_SECURE_BOOT_ENABLED AND
|
|
NOT CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
|
|
add_custom_command(TARGET partition_table POST_BUILD
|
|
COMMAND ${CMAKE_COMMAND} -E echo
|
|
"Partition table built but not signed. Sign partition data before flashing:"
|
|
COMMAND ${CMAKE_COMMAND} -E echo
|
|
"\t${ESPSECUREPY} sign_data --keyfile KEYFILE ${CMAKE_CURRENT_BINARY_DIR}/${final_partition_bin}"
|
|
VERBATIM)
|
|
endif()
|
|
|
|
# If anti-rollback option is set then factory partition should not be in Partition Table.
|
|
# In this case, should be used the partition table with two ota app without the factory.
|
|
if(CONFIG_APP_ANTI_ROLLBACK AND FACTORY_OFFSET)
|
|
fail_at_build_time(check_table_contents
|
|
"ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition.")
|
|
add_dependencies(bootloader check_table_contents)
|
|
add_dependencies(app check_table_contents)
|
|
endif()
|
|
|
|
add_dependencies(bootloader partition_table)
|
|
add_dependencies(app partition_table)
|
|
|
|
# Use global properties ESPTOOL_WRITE_FLASH_ARGS to pass this info to build
|
|
# the list of esptool write arguments for flashing
|
|
set_property(GLOBAL APPEND_STRING PROPERTY
|
|
ESPTOOL_WRITE_FLASH_ARGS
|
|
"${PARTITION_TABLE_OFFSET} ${IDF_BUILD_ARTIFACTS_DIR}/partition_table/${final_partition_bin} ")
|
|
|
|
endif()
|
|
|