Home Explore Help
Sign In
RT-Thread-packages
/
esp-idf
mirror of https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: rtt-dev
Branches Tags
esp-idf
/
components
/
bootloader
/
subproject
/
CMakeLists.txt

CMakeLists.txt 10 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238 
  1. cmake_minimum_required(VERSION 3.16)
    2. 

  2. 

  3. if(NOT SDKCONFIG)
    4. 

  4.     message(FATAL_ERROR "Bootloader subproject expects the SDKCONFIG variable to be passed "
    5. 

  5.         "in by the parent build process.")
    6. 

  6. endif()
    7. 

  7. 

  8. if(NOT IDF_PATH)
    9. 

  9.     message(FATAL_ERROR "Bootloader subproject expects the IDF_PATH variable to be passed "
    10. 

  10.         "in by the parent build process.")
    11. 

  11. endif()
    12. 

  12. 

  13. if(NOT IDF_TARGET)
    14. 

  14.     message(FATAL_ERROR "Bootloader subproject expects the IDF_TARGET variable to be passed "
    15. 

  15.         "in by the parent build process.")
    16. 

  16. endif()
    17. 

  17. 

  18. # A number of these components are implemented as config-only when built in the bootloader
    19. 

  19. set(COMPONENTS
    20. 

  20.     bootloader
    21. 

  21.     esptool_py
    22. 

  22.     esp_hw_support
    23. 

  23.     esp_system
    24. 

  24.     freertos
    25. 

  25.     hal
    26. 

  26.     partition_table
    27. 

  27.     soc
    28. 

  28.     bootloader_support
    29. 

  29.     log
    30. 

  30.     spi_flash
    31. 

  31.     micro-ecc
    32. 

  32.     main
    33. 

  33.     efuse
    34. 

  34.     esp_system
    35. 

  35.     newlib)
    36. 

  36. 

  37. # Make EXTRA_COMPONENT_DIRS variable to point to the bootloader_components directory
    38. 

  38. # of the project being compiled
    39. 

  39. set(PROJECT_EXTRA_COMPONENTS "${PROJECT_SOURCE_DIR}/bootloader_components")
    40. 

  40. if(EXISTS ${PROJECT_EXTRA_COMPONENTS})
    41. 

  41.     list(APPEND EXTRA_COMPONENT_DIRS "${PROJECT_EXTRA_COMPONENTS}")
    42. 

  42. endif()
    43. 

  43. 

  44. # Consider each directory in project's bootloader_components as a component to be compiled
    45. 

  45. file(GLOB proj_components RELATIVE ${PROJECT_EXTRA_COMPONENTS} ${PROJECT_EXTRA_COMPONENTS}/*)
    46. 

  46. foreach(component ${proj_components})
    47. 

  47.   # Only directories are considered as components
    48. 

  48.   if(IS_DIRECTORY ${curdir}/${child})
    49. 

  49.     list(APPEND COMPONENTS ${component})
    50. 

  50.   endif()
    51. 

  51. endforeach()
    52. 

  52. 

  53. set(BOOTLOADER_BUILD 1)
    54. 

  54. include("${IDF_PATH}/tools/cmake/project.cmake")
    55. 

  55. set(common_req log esp_rom esp_common esp_hw_support newlib)
    56. 

  56. idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")
    57. 

  57. idf_build_set_property(__OUTPUT_SDKCONFIG 0)
    58. 

  58. project(bootloader)
    59. 

  59. 

  60. idf_build_set_property(COMPILE_DEFINITIONS "-DBOOTLOADER_BUILD=1" APPEND)
    61. 

  61. idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)
    62. 

  62. 

  63. idf_component_get_property(main_args esptool_py FLASH_ARGS)
    64. 

  64. idf_component_get_property(sub_args esptool_py FLASH_SUB_ARGS)
    65. 

  65. 

  66. # String for printing flash command
    67. 

  67. string(REPLACE ";" " " esptoolpy_write_flash
    68. 

  68.     "${ESPTOOLPY} --port=(PORT) --baud=(BAUD) ${main_args} "
    69. 

  69.     "write_flash ${sub_args}")
    70. 

  70. 

  71. string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")
    72. 

  72. string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")
    73. 

  73. 

  74. # Suppress warning: "Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY"
    75. 

  75. set(ignore_signing_key "${SECURE_BOOT_SIGNING_KEY}")
    76. 

  76. 

  77. if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    78. 

  78.     if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)
    79. 

  79.         set(key_digest_len 192)
    80. 

  80.     else()
    81. 

  81.         set(key_digest_len 256)
    82. 

  82.     endif()
    83. 

  83. 

  84.     get_filename_component(bootloader_digest_bin
    85. 

  85.         "bootloader-reflash-digest.bin"
    86. 

  86.         ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
    87. 

  87. 

  88.     get_filename_component(secure_bootloader_key
    89. 

  89.         "secure-bootloader-key-${key_digest_len}.bin"
    90. 

  90.         ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
    91. 

  91. 

  92.     add_custom_command(OUTPUT "${secure_bootloader_key}"
    93. 

  93.         COMMAND ${ESPSECUREPY} digest_private_key
    94. 

  94.             --keylen "${key_digest_len}"
    95. 

  95.             --keyfile "${SECURE_BOOT_SIGNING_KEY}"
    96. 

  96.             "${secure_bootloader_key}"
    97. 

  97.         VERBATIM)
    98. 

  98. 

  99.     if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
    100. 

  100.         add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")
    101. 

  101.     else()
    102. 

  102.         if(NOT EXISTS "${secure_bootloader_key}")
    103. 

  103.             message(FATAL_ERROR
    104. 

  104.                 "No pre-generated key for a reflashable secure bootloader is available, "
    105. 

  105.                 "due to signing configuration."
    106. 

  106.                 "\nTo generate one, you can use this command:"
    107. 

  107.                 "\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"
    108. 

  108.                 "\nIf a signing key is present, then instead use:"
    109. 

  109.                 "\n\t${espsecurepy} digest_private_key "
    110. 

  110.                 "--keylen (192/256) --keyfile KEYFILE "
    111. 

  111.                 "${secure_bootloader_key}")
    112. 

  112.         endif()
    113. 

  113.         add_custom_target(gen_secure_bootloader_key)
    114. 

  114.     endif()
    115. 

  115. 

  116.     add_custom_command(OUTPUT "${bootloader_digest_bin}"
    117. 

  117.         COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
    118. 

  118.         COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
    119. 

  119.         -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
    120. 

  120.         MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"
    121. 

  121.         DEPENDS gen_secure_bootloader_key gen_project_binary
    122. 

  122.         VERBATIM)
    123. 

  123. 

  124.     add_custom_target(gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
    125. 

  125. endif()
    126. 

  126. 

  127. if(CONFIG_SECURE_BOOT_V2_ENABLED)
    128. 

  128.     if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
    129. 

  129.         get_filename_component(secure_boot_signing_key
    130. 

  130.             "${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")
    131. 

  131. 

  132.         if(NOT EXISTS "${secure_boot_signing_key}")
    133. 

  133.         message(FATAL_ERROR
    134. 

  134.             "Secure Boot Signing Key Not found."
    135. 

  135.             "\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."
    136. 

  136.             "\nTo generate one, you can use this command:"
    137. 

  137.             "\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")
    138. 

  138.         endif()
    139. 

  139. 

  140.         set(bootloader_unsigned_bin "bootloader-unsigned.bin")
    141. 

  141.         add_custom_command(OUTPUT ".signed_bin_timestamp"
    142. 

  142.             COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
    143. 

  143.             "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
    144. 

  144.             COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"
    145. 

  145.             -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
    146. 

  146.             COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"
    147. 

  147.             "from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
    148. 

  148.             COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
    149. 

  149.             > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
    150. 

  150.             DEPENDS "${build_dir}/.bin_timestamp"
    151. 

  151.             VERBATIM
    152. 

  152.             COMMENT "Generated the signed Bootloader")
    153. 

  153.     else()
    154. 

  154.         add_custom_command(OUTPUT ".signed_bin_timestamp"
    155. 

  155.         VERBATIM
    156. 

  156.         COMMENT "Bootloader generated but not signed")
    157. 

  157.     endif()
    158. 

  158. 

  159.     add_custom_target(gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
    160. 

  160. endif()
    161. 

  161. 

  162. if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
    163. 

  163.     add_custom_command(TARGET bootloader.elf POST_BUILD
    164. 

  164.         COMMAND ${CMAKE_COMMAND} -E echo
    165. 

  165.             "=============================================================================="
    166. 

  166.         COMMAND ${CMAKE_COMMAND} -E echo
    167. 

  167.             "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    168. 

  168.         COMMAND ${CMAKE_COMMAND} -E echo
    169. 

  169.             "One-time flash command is:"
    170. 

  170.         COMMAND ${CMAKE_COMMAND} -E echo
    171. 

  171.             "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    172. 

  172.         COMMAND ${CMAKE_COMMAND} -E echo
    173. 

  173.             "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
    174. 

  174.         VERBATIM)
    175. 

  175. elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
    176. 

  176.     add_custom_command(TARGET bootloader.elf POST_BUILD
    177. 

  177.         COMMAND ${CMAKE_COMMAND} -E echo
    178. 

  178.             "=============================================================================="
    179. 

  179.         COMMAND ${CMAKE_COMMAND} -E echo
    180. 

  180.             "Bootloader built and secure digest generated."
    181. 

  181.         COMMAND ${CMAKE_COMMAND} -E echo
    182. 

  182.             "Secure boot enabled, so bootloader not flashed automatically."
    183. 

  183.         COMMAND ${CMAKE_COMMAND} -E echo
    184. 

  184.             "Burn secure boot key to efuse using:"
    185. 

  185.         COMMAND ${CMAKE_COMMAND} -E echo
    186. 

  186.             "\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"
    187. 

  187.         COMMAND ${CMAKE_COMMAND} -E echo
    188. 

  188.             "First time flash command is:"
    189. 

  189.         COMMAND ${CMAKE_COMMAND} -E echo
    190. 

  190.             "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    191. 

  191.         COMMAND ${CMAKE_COMMAND} -E echo
    192. 

  192.             "=============================================================================="
    193. 

  193.         COMMAND ${CMAKE_COMMAND} -E echo
    194. 

  194.             "To reflash the bootloader after initial flash:"
    195. 

  195.         COMMAND ${CMAKE_COMMAND} -E echo
    196. 

  196.             "\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"
    197. 

  197.         COMMAND ${CMAKE_COMMAND} -E echo
    198. 

  198.             "=============================================================================="
    199. 

  199.         COMMAND ${CMAKE_COMMAND} -E echo
    200. 

  200.             "* After first boot, only re-flashes of this kind (with same key) will be accepted."
    201. 

  201.         COMMAND ${CMAKE_COMMAND} -E echo
    202. 

  202.             "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
    203. 

  203.         DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin
    204. 

  204.         VERBATIM)
    205. 

  205. elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND (CONFIG_IDF_TARGET_ESP32S2 OR CONFIG_IDF_TARGET_ESP32C3))
    206. 

  206.     add_custom_command(TARGET bootloader.elf POST_BUILD
    207. 

  207.     COMMAND ${CMAKE_COMMAND} -E echo
    208. 

  208.         "=============================================================================="
    209. 

  209.     COMMAND ${CMAKE_COMMAND} -E echo
    210. 

  210.         "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    211. 

  211.     COMMAND ${CMAKE_COMMAND} -E echo
    212. 

  212.         "To sign the bootloader with additional private keys."
    213. 

  213.     COMMAND ${CMAKE_COMMAND} -E echo
    214. 

  214.         "\t${espsecurepy} sign_data -k secure_boot_signing_key2.pem -v 2 \
    215. 

  215. --append_signatures -o signed_bootloader.bin build/bootloader/bootloader.bin"
    216. 

  216.     COMMAND ${CMAKE_COMMAND} -E echo
    217. 

  217.         "Secure boot enabled, so bootloader not flashed automatically."
    218. 

  218.     COMMAND ${CMAKE_COMMAND} -E echo
    219. 

  219.         "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    220. 

  220.     COMMAND ${CMAKE_COMMAND} -E echo
    221. 

  221.         "=============================================================================="
    222. 

  222.     DEPENDS gen_signed_bootloader
    223. 

  223.     VERBATIM)
    224. 

  224. elseif(CONFIG_SECURE_BOOT_V2_ENABLED)
    225. 

  225.     add_custom_command(TARGET bootloader.elf POST_BUILD
    226. 

  226.     COMMAND ${CMAKE_COMMAND} -E echo
    227. 

  227.         "=============================================================================="
    228. 

  228.     COMMAND ${CMAKE_COMMAND} -E echo
    229. 

  229.         "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
    230. 

  230.     COMMAND ${CMAKE_COMMAND} -E echo
    231. 

  231.         "Secure boot enabled, so bootloader not flashed automatically."
    232. 

  232.     COMMAND ${CMAKE_COMMAND} -E echo
    233. 

  233.         "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
    234. 

  234.     COMMAND ${CMAKE_COMMAND} -E echo
    235. 

  235.         "=============================================================================="
    236. 

  236.     DEPENDS gen_signed_bootloader
    237. 

  237.     VERBATIM)
    238. 

  238. endif()
    239.