espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2026-05-04 03:52:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve flash encryption documentation and add Development & Release modes

Browse Source 
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
This commit is contained in:
Hemal Gujarathi
2019-01-21 22:14:56 +08:00
committed by bot
parent beaefd3359
commit a68c7c21e1
22 changed files with 924 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/esptool_py/CMakeLists.txt
+12
View File
@@ -20,6 +20,18 @@ file(GENERATE OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_project_args.in2
file(GENERATE OUTPUT ${CMAKE_BINARY_DIR}/flash_project_args
INPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_project_args.in2)
if(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)
configure_file(${COMPONENT_DIR}/flash_encrypted_project_args.in
${CMAKE_CURRENT_BINARY_DIR}/flash_encrypted_project_args.in)
file(GENERATE OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_encrypted_project_args.in2
INPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_encrypted_project_args.in)
file(GENERATE OUTPUT ${CMAKE_BINARY_DIR}/flash_encrypted_project_args
INPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_encrypted_project_args.in2)
endif()
configure_file(${COMPONENT_DIR}/flasher_args.json.in
${CMAKE_CURRENT_BINARY_DIR}/flasher_args.json.in)
components/esptool_py/Makefile.projbuild
+27
View File
@@ -45,6 +45,10 @@ endif
ESPTOOLPY_WRITE_FLASH=$(ESPTOOLPY_SERIAL) write_flash $(if $(CONFIG_ESPTOOLPY_COMPRESSED),-z,-u) $(ESPTOOL_WRITE_FLASH_OPTIONS)
ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
ESPTOOLPY_WRITE_FLASH_ENCRYPT=$(ESPTOOLPY_SERIAL) write_flash --encrypt $(if $(CONFIG_ESPTOOLPY_COMPRESSED),-z,-u) $(ESPTOOL_WRITE_FLASH_OPTIONS)
endif
ESPTOOL_ALL_FLASH_ARGS += $(APP_OFFSET) $(APP_BIN)
ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
@@ -62,6 +66,19 @@ APP_BIN_UNSIGNED ?= $(APP_BIN)
$(APP_BIN_UNSIGNED): $(APP_ELF) $(ESPTOOLPY_SRC) | check_python_dependencies
$(ESPTOOLPY) elf2image $(ESPTOOL_FLASH_OPTIONS) $(ESPTOOL_ELF2IMAGE_OPTIONS) -o $@ $<
ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
encrypted-flash: all_binaries $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
@echo "Flashing binaries to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
ifdef CONFIG_SECURE_BOOT_ENABLED
@echo "(Secure boot enabled, so bootloader not flashed automatically. See 'make bootloader' output)"
endif
$(ESPTOOLPY_WRITE_FLASH_ENCRYPT) $(ESPTOOL_ALL_FLASH_ARGS)
else
encrypted-flash:
@echo "The command is supported only in FLASH ENCRYPTION DEVELOPMENT MODE"
@exit 1
endif
flash: all_binaries $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
@echo "Flashing binaries to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
ifdef CONFIG_SECURE_BOOT_ENABLED
@@ -73,6 +90,16 @@ app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) pa
@echo "Flashing app to serial port $(ESPPORT), offset $(APP_OFFSET)..."
$(ESPTOOLPY_WRITE_FLASH) $(APP_OFFSET) $(APP_BIN)
ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
encrypted-app-flash: $(APP_BIN) $(ESPTOOLPY_SRC) $(call prereq_if_explicit,erase_flash) partition_table_get_info | check_python_dependencies
@echo "Flashing encrypted app binary to serial port $(ESPPORT) (app at offset $(APP_OFFSET))..."
$(ESPTOOLPY_WRITE_FLASH_ENCRYPT) $(APP_OFFSET) $(APP_BIN)
else
encrypted-app-flash:
@echo "The command is supported only in FLASH ENCRYPTION DEVELOPMENT MODE"
@exit 1
endif
# Submodules normally added in component.mk, but can be added
# at the project level as long as qualified path
COMPONENT_SUBMODULES += $(COMPONENT_PATH)/esptool
components/esptool_py/flash_encrypted_project_args.in
+3
View File
@@ -0,0 +1,3 @@
--encrypt ${ESPTOOLPY_FLASH_PROJECT_OPTIONS}
$<JOIN:$<TARGET_PROPERTY:flash_project_args_target,FLASH_PROJECT_ARGS>,
>
components/esptool_py/project_include.cmake
+6
View File
@@ -144,6 +144,12 @@ esptool_py_custom_target(flash project "app;partition_table;bootloader")
esptool_py_custom_target(app-flash app "app")
esptool_py_custom_target(bootloader-flash bootloader "bootloader")
if(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)
esptool_py_custom_target(encrypted-flash encrypted_project "app;partition_table;bootloader")
esptool_py_custom_target(encrypted-app-flash encrypted_app "app")
endif()
add_custom_target(flash_project_args_target)
# esptool_py_flash_project_args