2023-05-17 09:12:22 +02:00
# Copyright (c) 2020-2023 Nordic Semiconductor ASA
2020-08-18 20:28:04 +02:00
# SPDX-License-Identifier: Apache-2.0
# This file includes extra build system logic that is enabled when
# CONFIG_BOOTLOADER_MCUBOOT=y.
#
# It builds signed binaries using imgtool as a post-processing step
# after zephyr/zephyr.elf is created in the build directory.
#
# Since this file is brought in via include(), we do the work in a
# function to avoid polluting the top-level scope.
2020-08-27 01:26:07 +02:00
function ( zephyr_runner_file type path )
# Property magic which makes west flash choose the signed build
# output of a given type.
set_target_properties ( runners_yaml_props_target PROPERTIES "${type}_file" "${path}" )
endfunction ( )
2020-08-18 20:28:04 +02:00
function ( zephyr_mcuboot_tasks )
set ( keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}" )
2021-08-10 10:59:00 +02:00
set ( keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}" )
2020-08-18 20:28:04 +02:00
2021-08-30 13:44:49 +02:00
if ( NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}" )
# Check for misconfiguration.
if ( "${keyfile}" STREQUAL "" )
# No signature key file, no signed binaries. No error, though:
# this is the documented behavior.
2023-05-17 09:12:22 +02:00
message ( WARNING "Neither CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE or "
" C O N F I G _ M C U B O O T _ S I G N A T U R E _ K E Y _ F I L E a r e s e t , t h e g e n e r a t e d b u i l d w i l l n o t b e "
" b o o t a b l e b y M C U b o o t u n l e s s i t i s s i g n e d m a n u a l l y / e x t e r n a l l y . " )
2021-08-30 13:44:49 +02:00
return ( )
endif ( )
2020-08-18 20:28:04 +02:00
endif ( )
if ( NOT WEST )
# This feature requires west.
message ( FATAL_ERROR "Can't sign images for MCUboot: west not found. To fix, install west and ensure it's on PATH." )
endif ( )
2021-08-10 10:59:00 +02:00
foreach ( file keyfile keyfile_enc )
if ( NOT "${${file}}" STREQUAL "" )
if ( NOT IS_ABSOLUTE "${${file}}" )
# Relative paths are relative to 'west topdir'.
set ( ${ file } "${WEST_TOPDIR}/${${file}}" )
endif ( )
2021-08-30 13:44:49 +02:00
if ( NOT EXISTS "${${file}}" AND NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}" )
2021-08-10 10:59:00 +02:00
message ( FATAL_ERROR "west sign can't find file ${${file}} (Note: Relative paths are relative to the west workspace topdir \" ${ WEST_TOPDIR } \")")
elseif ( NOT ( CONFIG_BUILD_OUTPUT_BIN OR CONFIG_BUILD_OUTPUT_HEX ) )
message ( FATAL_ERROR "Can't sign images for MCUboot: Neither CONFIG_BUILD_OUTPUT_BIN nor CONFIG_BUILD_OUTPUT_HEX is enabled, so there's nothing to sign." )
endif ( )
2020-08-18 20:28:04 +02:00
endif ( )
2021-08-10 10:59:00 +02:00
endforeach ( )
2020-08-18 20:28:04 +02:00
# Find imgtool. Even though west is installed, imgtool might not be.
# The user may also have a custom manifest which doesn't include
# MCUboot.
#
# Therefore, go with an explicitly installed imgtool first, falling
# back on mcuboot/scripts/imgtool.py.
if ( IMGTOOL )
set ( imgtool_path "${IMGTOOL}" )
elseif ( DEFINED ZEPHYR_MCUBOOT_MODULE_DIR )
set ( IMGTOOL_PY "${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py" )
if ( EXISTS "${IMGTOOL_PY}" )
set ( imgtool_path "${IMGTOOL_PY}" )
endif ( )
endif ( )
# No imgtool, no signed binaries.
if ( NOT DEFINED imgtool_path )
message ( FATAL_ERROR "Can't sign images for MCUboot: can't find imgtool. To fix, install imgtool with pip3, or add the mcuboot repository to the west manifest and ensure it has a scripts/imgtool.py file." )
return ( )
endif ( )
# Basic 'west sign' command and output format independent arguments.
2023-03-22 11:28:05 +01:00
separate_arguments ( west_sign_extra UNIX_COMMAND ${ CONFIG_MCUBOOT_CMAKE_WEST_SIGN_PARAMS } )
set ( west_sign ${ WEST } sign ${ west_sign_extra }
- - t o o l i m g t o o l
2020-08-18 20:28:04 +02:00
- - t o o l - p a t h " $ { i m g t o o l _ p a t h } "
- - b u i l d - d i r " $ { A P P L I C A T I O N _ B I N A R Y _ D I R } " )
# Arguments to imgtool.
if ( NOT CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS STREQUAL "" )
# Separate extra arguments into the proper format for adding to
# extra_post_build_commands.
#
# Use UNIX_COMMAND syntax for uniform results across host
# platforms.
separate_arguments ( imgtool_extra UNIX_COMMAND ${ CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS } )
else ( )
set ( imgtool_extra )
endif ( )
2021-08-30 13:44:49 +02:00
if ( NOT "${keyfile}" STREQUAL "" )
set ( imgtool_extra --key "${keyfile}" ${ imgtool_extra } )
endif ( )
2023-11-07 10:46:26 +01:00
# Use overwrite-only instead of swap upgrades.
if ( CONFIG_MCUBOOT_IMGTOOL_OVERWRITE_ONLY )
set ( imgtool_extra --overwrite-only ${ imgtool_extra } )
endif ( )
2021-08-30 13:44:49 +02:00
set ( imgtool_args -- ${ imgtool_extra } )
2020-08-18 20:28:04 +02:00
# Extensionless prefix of any output file.
set ( output ${ ZEPHYR_BINARY_DIR } / ${ KERNEL_NAME } )
# List of additional build byproducts.
set ( byproducts )
2021-08-10 10:59:00 +02:00
# 'west sign' arguments for confirmed, unconfirmed and encrypted images.
2020-08-18 20:28:04 +02:00
set ( unconfirmed_args )
set ( confirmed_args )
2021-08-10 10:59:00 +02:00
set ( encrypted_args )
2020-08-18 20:28:04 +02:00
# Set up .bin outputs.
if ( CONFIG_BUILD_OUTPUT_BIN )
list ( APPEND unconfirmed_args --bin --sbin ${ output } .signed.bin )
list ( APPEND byproducts ${ output } .signed.bin )
2020-08-27 01:26:07 +02:00
zephyr_runner_file ( bin ${ output } .signed.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_BIN_NAME "${output}.signed.bin"
C A C H E F I L E P A T H " S i g n e d k e r n e l b i n f i l e " F O R C E
)
2020-08-18 20:28:04 +02:00
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND confirmed_args --bin --sbin ${ output } .signed.confirmed.bin )
list ( APPEND byproducts ${ output } .signed.confirmed.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_CONFIRMED_BIN_NAME "${output}.signed.confirmed.bin"
C A C H E F I L E P A T H " S i g n e d a n d c o n f i r m e d k e r n e l b i n f i l e " F O R C E
)
2020-08-18 20:28:04 +02:00
endif ( )
2021-08-10 10:59:00 +02:00
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND encrypted_args --bin --sbin ${ output } .signed.encrypted.bin )
list ( APPEND byproducts ${ output } .signed.encrypted.bin )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_BIN_NAME "${output}.signed.encrypted.bin"
C A C H E F I L E P A T H " S i g n e d a n d e n c r y p t e d k e r n e l b i n f i l e " F O R C E
)
2021-08-10 10:59:00 +02:00
endif ( )
2020-08-18 20:28:04 +02:00
endif ( )
# Set up .hex outputs.
if ( CONFIG_BUILD_OUTPUT_HEX )
list ( APPEND unconfirmed_args --hex --shex ${ output } .signed.hex )
list ( APPEND byproducts ${ output } .signed.hex )
2020-08-27 01:26:07 +02:00
zephyr_runner_file ( hex ${ output } .signed.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_HEX_NAME "${output}.signed.hex"
C A C H E F I L E P A T H " S i g n e d k e r n e l h e x f i l e " F O R C E
)
2020-08-18 20:28:04 +02:00
if ( CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE )
list ( APPEND confirmed_args --hex --shex ${ output } .signed.confirmed.hex )
list ( APPEND byproducts ${ output } .signed.confirmed.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_CONFIRMED_HEX_NAME "${output}.signed.confirmed.hex"
C A C H E F I L E P A T H " S i g n e d a n d c o n f i r m e d k e r n e l h e x f i l e " F O R C E
)
2020-08-18 20:28:04 +02:00
endif ( )
2021-08-10 10:59:00 +02:00
if ( NOT "${keyfile_enc}" STREQUAL "" )
list ( APPEND encrypted_args --hex --shex ${ output } .signed.encrypted.hex )
list ( APPEND byproducts ${ output } .signed.encrypted.hex )
2023-04-13 12:10:08 +02:00
set ( BYPRODUCT_KERNEL_SIGNED_ENCRYPTED_HEX_NAME "${output}.signed.encrypted.hex"
C A C H E F I L E P A T H " S i g n e d a n d e n c r y p t e d k e r n e l h e x f i l e " F O R C E
)
2021-08-10 10:59:00 +02:00
endif ( )
2020-08-18 20:28:04 +02:00
endif ( )
# Add the west sign calls and their byproducts to the post-processing
# steps for zephyr.elf.
#
# CMake guarantees that multiple COMMANDs given to
# add_custom_command() are run in order, so adding the 'west sign'
# calls to the "extra_post_build_commands" property ensures they run
# after the commands which generate the unsigned versions.
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { w e s t _ s i g n } $ { u n c o n f i r m e d _ a r g s } $ { i m g t o o l _ a r g s } )
if ( confirmed_args )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
2020-09-03 20:37:31 +02:00
$ { w e s t _ s i g n } $ { c o n f i r m e d _ a r g s } $ { i m g t o o l _ a r g s } - - p a d - - c o n f i r m )
2020-08-18 20:28:04 +02:00
endif ( )
2021-08-10 10:59:00 +02:00
if ( encrypted_args )
set_property ( GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND
$ { w e s t _ s i g n } $ { e n c r y p t e d _ a r g s } $ { i m g t o o l _ a r g s } - - e n c r y p t " $ { k e y f i l e _ e n c } " )
endif ( )
2020-08-18 20:28:04 +02:00
set_property ( GLOBAL APPEND PROPERTY extra_post_build_byproducts ${ byproducts } )
endfunction ( )
zephyr_mcuboot_tasks ( )