tools: Fix flashing encrypted binaries from IDF Monitor

components/esptool_py/Makefile.projbuild

@@ -72,6 +72,7 @@ $(APP_BIN_UNSIGNED): $(APP_ELF) $(ESPTOOLPY_SRC) | check_python_dependencies
 
 ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
 encrypted-flash: all_binaries $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
+	$(eval MONITOR_OPTS += --encrypted)
 	@echo "Flashing binaries to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
 ifdef CONFIG_SECURE_BOOT_ENABLED
 	@echo "(Secure boot enabled, so bootloader not flashed automatically. See 'make bootloader' output)"
@@ -96,6 +97,7 @@ app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) pa
 
 ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
 encrypted-app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
+	$(eval MONITOR_OPTS += --encrypted)
 	@echo "Flashing encrypted app binary to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
 	$(ESPTOOLPY_WRITE_FLASH_ENCRYPT) $(APP_OFFSET) $(APP_BIN)
 else

docs/en/api-guides/tools/idf-monitor.rst

@@ -15,33 +15,33 @@ Keyboard Shortcuts
 
 For easy interaction with IDF Monitor, use the keyboard shortcuts given in the table.
 
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| Keyboard Shortcut | Action                                                 | Description                                                                                                                                                      |
-+===================+========================================================+==================================================================================================================================================================+
-| Ctrl+]            | Exit the program                                       |                                                                                                                                                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| Ctrl+T            | Menu escape key                                        | Press and follow it by one of the keys given below.                                                                                                              |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+T         | Send the menu character itself to remote               |                                                                                                                                                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+]         | Send the exit character itself to remote               |                                                                                                                                                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+P         | Reset target into bootloader to pause app via RTS line | Resets the target, into bootloader via the RTS line (if connected), so that the board runs nothing. Useful when you need to wait for another device to startup.  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+R         | Reset target board via RTS                             | Resets the target board and re-starts the application via the RTS line (if connected).                                                                           |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+F         | Build and flash the project                            | Pauses idf_monitor to run the project ``flash`` target, then resumes idf_monitor. Any changed source files are recompiled and then re-flashed.                   |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+A (or A)  | Build and flash the app only                           | Pauses idf_monitor to run the ``app-flash`` target, then resumes idf_monitor. Similar to the ``flash`` target, but only the main app is built and re-flashed.    |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+Y         | Stop/resume log output printing on screen              | Discards all incoming serial data while activated. Allows to quickly pause and examine log output without quitting the monitor.                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+L         | Stop/resume log output saved to file                   | Creates a file in the project directory and the output is written to that file until this is disabled with the same keyboard shortcut (or IDF Monitor exits).    |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+H (or H)  | Display all keyboard shortcuts                         |                                                                                                                                                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-|  - Ctrl+X (or X)  | Exit the program                                       |                                                                                                                                                                  |
-+-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Keyboard Shortcut | Action                                                 | Description                                                                                                                                                                                                                                          |
++===================+========================================================+======================================================================================================================================================================================================================================================+
+| Ctrl+]            | Exit the program                                       |                                                                                                                                                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+| Ctrl+T            | Menu escape key                                        | Press and follow it by one of the keys given below.                                                                                                                                                                                                  |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+T         | Send the menu character itself to remote               |                                                                                                                                                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+]         | Send the exit character itself to remote               |                                                                                                                                                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+P         | Reset target into bootloader to pause app via RTS line | Resets the target, into bootloader via the RTS line (if connected), so that the board runs nothing. Useful when you need to wait for another device to startup.                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+R         | Reset target board via RTS                             | Resets the target board and re-starts the application via the RTS line (if connected).                                                                                                                                                               |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+F         | Build and flash the project                            | Pauses idf_monitor to run the project ``flash`` target, then resumes idf_monitor. Any changed source files are recompiled and then re-flashed. Target ``encrypted-flash`` is run if idf_monitor was started with argument ``-E``.                    |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+A (or A)  | Build and flash the app only                           | Pauses idf_monitor to run the ``app-flash`` target, then resumes idf_monitor. Similar to the ``flash`` target, but only the main app is built and re-flashed. Target ``encrypted-app-flash`` is run if idf_monitor was started with argument ``-E``. |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+Y         | Stop/resume log output printing on screen              | Discards all incoming serial data while activated. Allows to quickly pause and examine log output without quitting the monitor.                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+L         | Stop/resume log output saved to file                   | Creates a file in the project directory and the output is written to that file until this is disabled with the same keyboard shortcut (or IDF Monitor exits).                                                                                        |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+H (or H)  | Display all keyboard shortcuts                         |                                                                                                                                                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+|  - Ctrl+X (or X)  | Exit the program                                       |                                                                                                                                                                                                                                                      |
++-------------------+--------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
 Any keys pressed, other than ``Ctrl-]`` and ``Ctrl-T``, will be sent through the serial port.
 

tools/idf.py

@@ -365,7 +365,7 @@ def erase_flash(action, ctx, args):
     _run_tool("esptool.py", esptool_args, args.build_dir)
 
 
-def monitor(action, ctx, args, print_filter, monitor_baud):
+def monitor(action, ctx, args, print_filter, monitor_baud, encrypted):
     """
     Run idf_monitor.py to watch build output
     """
@@ -403,6 +403,9 @@ def monitor(action, ctx, args, print_filter, monitor_baud):
         monitor_args += ["--print_filter", print_filter]
     monitor_args += [elf_file]
 
+    if encrypted:
+        monitor_args += ['--encrypted']
+
     idf_py = [PYTHON] + get_commandline_options(ctx)  # commands to re-run idf.py
     monitor_args += ["-m", " ".join("'%s'" % a for a in idf_py)]
 
@@ -939,6 +942,14 @@ def init_cli():
             args.build_dir = os.path.join(args.project_dir, "build")
         args.build_dir = _realpath(args.build_dir)
 
+    def serial_action_global_callback(ctx, global_args, tasks):
+        encryption = any([task.name in ("encrypted-flash", "encrypted-app-flash") for task in tasks])
+        if encryption:
+            for task in tasks:
+                if task.name == "monitor":
+                    task.action_args["encrypted"] = True
+                    break
+
     # Possible keys for action dict are: global_options, actions and global_action_callbacks
     global_options = [
         {
@@ -1173,14 +1184,23 @@ def init_cli():
                                  "environment variables and project_description.json in build directory "
                                  "(generated by CMake from project's sdkconfig) "
                                  "will be checked for default value."),
+                    }, {
+                        "names": ["--encrypted", "-E"],
+                        "is_flag": True,
+                        "help": ("Enable encrypted flash targets.\n"
+                                 "IDF Monitor will invoke encrypted-flash and encrypted-app-flash targets "
+                                 "if this option is set. This option is set by default if IDF Monitor was invoked "
+                                 "together with encrypted-flash or encrypted-app-flash target."),
                     }
 
                 ],
                 "order_dependencies": [
                     "flash",
+                    "encrypted-flash",
                     "partition_table-flash",
                     "bootloader-flash",
                     "app-flash",
+                    "encrypted-app-flash",
                 ],
             },
             "partition_table-flash": {
@@ -1217,6 +1237,7 @@ def init_cli():
                 "order_dependencies": ["erase_flash"],
             },
         },
+        "global_action_callbacks": [serial_action_global_callback],
     }
 
     base_actions = CLI.merge_action_lists(

tools/idf_monitor.py

@@ -312,7 +312,8 @@ class Monitor(object):
 
     Main difference is that all event processing happens in the main thread, not the worker threads.
     """
-    def __init__(self, serial_instance, elf_file, print_filter, make="make", toolchain_prefix=DEFAULT_TOOLCHAIN_PREFIX, eol="CRLF"):
+    def __init__(self, serial_instance, elf_file, print_filter, make="make", encrypted=False,
+                 toolchain_prefix=DEFAULT_TOOLCHAIN_PREFIX, eol="CRLF"):
         super(Monitor, self).__init__()
         self.event_queue = queue.Queue()
         self.console = miniterm.Console()
@@ -340,6 +341,7 @@ class Monitor(object):
             self.make = shlex.split(make)  # allow for possibility the "make" arg is a list of arguments (for idf.py)
         else:
             self.make = make
+        self.encrypted = encrypted
         self.toolchain_prefix = toolchain_prefix
         self.menu_key = CTRL_T
         self.exit_key = CTRL_RBRACKET
@@ -480,11 +482,11 @@ class Monitor(object):
             self.serial.setDTR(self.serial.dtr)  # usbser.sys workaround
             self.output_enable(True)
         elif c == CTRL_F:  # Recompile & upload
-            self.run_make("flash")
+            self.run_make("encrypted-flash" if self.encrypted else "flash")
         elif c in [CTRL_A, 'a', 'A']:  # Recompile & upload app only
             # "CTRL-A" cannot be captured with the default settings of the Windows command line, therefore, "A" can be used
             # instead
-            self.run_make("app-flash")
+            self.run_make("encrypted-app-flash" if self.encrypted else "app-flash")
         elif c == CTRL_Y:  # Toggle output display
             self.output_toggle()
         elif c == CTRL_L:  # Toggle saving output into file
@@ -708,6 +710,11 @@ def main():
         help='Command to run make',
         type=str, default='make')
 
+    parser.add_argument(
+        '--encrypted',
+        help='Use encrypted targets while running make',
+        action='store_true')
+
     parser.add_argument(
         '--toolchain-prefix',
         help="Triplet prefix to add before cross-toolchain names",
@@ -754,7 +761,8 @@ def main():
     except KeyError:
         pass  # not running a make jobserver
 
-    monitor = Monitor(serial_instance, args.elf_file.name, args.print_filter, args.make, args.toolchain_prefix, args.eol)
+    monitor = Monitor(serial_instance, args.elf_file.name, args.print_filter, args.make, args.encrypted,
+                      args.toolchain_prefix, args.eol)
 
     yellow_print('--- idf_monitor on {p.name} {p.baudrate} ---'.format(
         p=serial_instance))