espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-01 19:54:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(bootloader): Fixed bootloader secure boot target creation failure

Browse Source 
This commit fixes an issue where the bootloader POST_BUILD target
depended on the signed bootloader image even if it is not created.
This commit is contained in:
Sudeep Mohanty
2025-07-21 09:40:41 +02:00
parent 52e2f17378
commit 5d9ee7cc1a
2 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
components/bootloader/subproject/CMakeLists.txt
View File

@@ -92,8 +92,12 @@ idf_build_set_property(PROJECT_BIN "${PROJECT_BIN}")
# Generate the unsigned binary from the ELF file. # Generate the unsigned binary from the ELF file.
if(CONFIG_APP_BUILD_GENERATE_BINARIES) if(CONFIG_APP_BUILD_GENERATE_BINARIES)
set(target_name "gen_bootloader_binary") set(binary_target_name "gen_bootloader_binary")
__idf_build_binary("${bootloader_unsigned_bin}" "${target_name}") __idf_build_binary("${bootloader_unsigned_bin}" "${binary_target_name}")
else()
# If we are not building binaries, we don't need to create targets that depend on the
# bootloader binary.
return()
endif() endif()
idf_component_get_property(main_args esptool_py FLASH_ARGS) idf_component_get_property(main_args esptool_py FLASH_ARGS)
@@ -165,7 +169,7 @@ endif()
# If secure boot is enabled, generate the signed binary from the unsigned one. # If secure boot is enabled, generate the signed binary from the unsigned one.
if(CONFIG_SECURE_BOOT_V2_ENABLED) if(CONFIG_SECURE_BOOT_V2_ENABLED)
set(target_name "gen_signed_bootloader") set(signed_target_name "gen_signed_bootloader")
if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES) if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
# The SECURE_BOOT_SIGNING_KEY is passed in from the parent build and # The SECURE_BOOT_SIGNING_KEY is passed in from the parent build and
@@ -181,13 +185,17 @@ if(CONFIG_SECURE_BOOT_V2_ENABLED)
set(comment "Generated the signed Bootloader") set(comment "Generated the signed Bootloader")
set(key_arg KEYFILE "${SECURE_BOOT_SIGNING_KEY}") set(key_arg KEYFILE "${SECURE_BOOT_SIGNING_KEY}")
# Post-build commands should be attached to the signed binary target.
set(post_build_target ${signed_target_name})
else() else()
# If we are not building signed binaries, we don't pass a key. # If we are not building signed binaries, we don't pass a key.
set(comment "Bootloader generated but not signed") set(comment "Bootloader generated but not signed")
set(key_arg "") set(key_arg "")
# Post-build commands should be attached to the unsigned binary target.
set(post_build_target ${binary_target_name})
endif() endif()
__idf_build_secure_binary("${bootloader_unsigned_bin}" "${PROJECT_BIN}" "${target_name}" __idf_build_secure_binary("${bootloader_unsigned_bin}" "${PROJECT_BIN}" "${signed_target_name}"
COMMENT "${comment}" COMMENT "${comment}"
${key_arg} ${key_arg}
) )
@@ -240,7 +248,7 @@ elseif(
(CONFIG_SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS GREATER 1) AND (CONFIG_SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS GREATER 1) AND
NOT CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT NOT CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT
) )
add_custom_command(TARGET gen_signed_bootloader POST_BUILD add_custom_command(TARGET ${post_build_target} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo
"==============================================================================" "=============================================================================="
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo
@@ -258,7 +266,7 @@ elseif(
"==============================================================================" "=============================================================================="
VERBATIM) VERBATIM)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND NOT CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT) elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND NOT CONFIG_SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT)
add_custom_command(TARGET gen_signed_bootloader POST_BUILD add_custom_command(TARGET ${post_build_target} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo
"==============================================================================" "=============================================================================="
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo

7
components/esptool_py/project_include.cmake
View File

@@ -638,9 +638,14 @@ function(__idf_build_secure_binary UNSIGNED_BIN_FILENAME SIGNED_BIN_FILENAME TAR
) )
else() else()
string(REPLACE ";" " " espsecurepy "${espsecure_py_cmd}") string(REPLACE ";" " " espsecurepy "${espsecure_py_cmd}")
if(arg_COMMENT)
set(comment_text "${arg_COMMENT}")
else()
set(comment_text "App built but not signed. Sign app before flashing.")
endif()
add_custom_command(TARGET app POST_BUILD add_custom_command(TARGET app POST_BUILD
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo
"App built but not signed. Sign app before flashing" "${comment_text}"
COMMAND ${CMAKE_COMMAND} -E echo COMMAND ${CMAKE_COMMAND} -E echo
"\t${espsecurepy} sign_data --keyfile KEYFILE --version ${secure_boot_version} \ "\t${espsecurepy} sign_data --keyfile KEYFILE --version ${secure_boot_version} \
${build_dir}/${UNSIGNED_BIN_FILENAME}" ${build_dir}/${UNSIGNED_BIN_FILENAME}"