espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-04 05:04:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feat/espefuse_require_port' into 'master'

Browse Source 
feat(tools/efuse): Make port mandatory for eFuse commands

Closes IDF-13378

See merge request espressif/esp-idf!40315
This commit is contained in:
Peter Dragun
2025-07-07 18:21:13 +08:00
parent bfd0c49a38 24a8797409
commit adbec6eda2
2 changed files with 179 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/en/migration-guides/release-6.x/6.0/tools.rst
View File

@@ -23,3 +23,10 @@ On Linux or MacOS, you can use Python 3.11 or 3.12 and gdbgui version 0.15.2.0.
Please be aware that these recommendations may change over time and for an up-to-date list of issues refer to `the official issue tracker <https://github.com/cs01/gdbgui/issues>`_.
We recommend to use ``idf.py gdb`` instead of ``idf.py gdbgui``, or debug in Eclipse/Vscode if you encounter an issue with the installation.
``idf.py efuse*`` Commands Require Port
---------------------------------------
All commands with eFuse functionality now require a serial port to be specified. This was done to prevent accidental use of the wrong port, as these operations are irreversible.
For all ``idf.py efuse*`` commands, you now need to specify the serial port with the ``--port`` argument (or ``ESPPORT`` environment variable). If the port is not specified, the command will fail with an error message.

257
tools/idf_py_actions/serial_ext.py
View File

@@ -12,21 +12,25 @@ from typing import List
from typing import Optional
import click
from idf_py_actions.errors import FatalError
from idf_py_actions.global_options import global_options
from idf_py_actions.tools import PropertyDict
from idf_py_actions.tools import RunTool
from idf_py_actions.tools import ensure_build_directory
from idf_py_actions.tools import get_default_serial_port
from idf_py_actions.tools import get_sdkconfig_value
from idf_py_actions.tools import PropertyDict
from idf_py_actions.tools import run_target
from idf_py_actions.tools import RunTool
PYTHON = sys.executable
BAUD_RATE = {
'names': ['-b', '--baud'],
'help': ("Global baud rate for all idf.py subcommands if they don't overwrite it locally."
"It can imply monitor baud rate as well if it hasn't been defined locally."),
'help': (
"Global baud rate for all idf.py subcommands if they don't overwrite it locally."
"It can imply monitor baud rate as well if it hasn't been defined locally."
),
'scope': 'global',
'envvar': 'ESPBAUD',
'default': 460800,
@@ -42,7 +46,7 @@ PORT = {
}
def yellow_print(message: str, newline: Optional[str]='\n') -> None:
def yellow_print(message: str, newline: Optional[str] = '\n') -> None:
"""Print a message to stderr with yellow highlighting"""
sys.stderr.write('%s%s%s%s' % ('\033[0;33m', message, '\033[0m', newline))
sys.stderr.flush()
@@ -58,9 +62,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
return project_desc
def _get_esptool_args(args: PropertyDict) -> List:
esptool_path = os.path.join(
os.environ['IDF_PATH'], 'components/esptool_py/esptool/esptool.py'
)
esptool_path = os.path.join(os.environ['IDF_PATH'], 'components/esptool_py/esptool/esptool.py')
esptool_wrapper_path = os.environ.get('ESPTOOL_WRAPPER', '')
if args.port is None:
args.port = get_default_serial_port()
@@ -127,11 +129,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
args.port = args.port or get_default_serial_port()
monitor_args += ['-p', args.port]
baud = (
monitor_baud
or os.getenv('IDF_MONITOR_BAUD')
or os.getenv('MONITORBAUD')
)
baud = monitor_baud or os.getenv('IDF_MONITOR_BAUD') or os.getenv('MONITORBAUD')
if baud is None:
# Baud hasn't been changed locally (by local baud argument nor by environment variables)
@@ -139,27 +137,18 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
# Use the global baud rate if it has been changed by the command line.
# Use project_desc['monitor_baud'] as the last option.
global_baud_defined = (
ctx._parameter_source['baud']
== click.core.ParameterSource.COMMANDLINE
)
baud = (
args.baud if global_baud_defined else project_desc['monitor_baud']
)
global_baud_defined = ctx._parameter_source['baud'] == click.core.ParameterSource.COMMANDLINE
baud = args.baud if global_baud_defined else project_desc['monitor_baud']
monitor_args += ['-b', baud]
monitor_args += ['--toolchain-prefix', project_desc['monitor_toolprefix']]
coredump_decode = get_sdkconfig_value(
project_desc['config_file'], 'CONFIG_ESP_COREDUMP_DECODE'
)
coredump_decode = get_sdkconfig_value(project_desc['config_file'], 'CONFIG_ESP_COREDUMP_DECODE')
if coredump_decode is not None:
monitor_args += ['--decode-coredumps', coredump_decode]
target_arch_riscv = get_sdkconfig_value(
project_desc['config_file'], 'CONFIG_IDF_TARGET_ARCH_RISCV'
)
target_arch_riscv = get_sdkconfig_value(project_desc['config_file'], 'CONFIG_IDF_TARGET_ARCH_RISCV')
monitor_args += ['--target', project_desc['target']]
revision = project_desc.get('min_rev')
if revision:
@@ -258,21 +247,15 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
esptool_args += ['erase_flash']
RunTool('esptool.py', esptool_args, args.build_dir, hints=not args.no_hints)()
def global_callback(
ctx: click.core.Context, global_args: Dict, tasks: PropertyDict
) -> None:
encryption = any(
[task.name in ('encrypted-flash', 'encrypted-app-flash') for task in tasks]
)
def global_callback(ctx: click.core.Context, global_args: Dict, tasks: PropertyDict) -> None:
encryption = any([task.name in ('encrypted-flash', 'encrypted-app-flash') for task in tasks])
if encryption:
for task in tasks:
if task.name == 'monitor':
task.action_args['encrypted'] = True
break
def ota_targets(
target_name: str, ctx: click.core.Context, args: PropertyDict
) -> None:
def ota_targets(target_name: str, ctx: click.core.Context, args: PropertyDict) -> None:
"""
Execute the target build system to build target 'target_name'.
Additionally set global variables for baud and port.
@@ -283,15 +266,17 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
ensure_build_directory(args, ctx.info_name)
run_target(target_name, args, {'ESPBAUD': str(args.baud), 'ESPPORT': args.port})
def merge_bin(action: str,
def merge_bin(
action: str,
ctx: click.core.Context,
args: PropertyDict,
output: str,
format: str,
format: str, # noqa: A002
md5_disable: str,
flash_offset: str,
fill_flash_size: str,
merge_args: tuple[str]) -> None:
merge_args: tuple[str],
) -> None:
ensure_build_directory(args, ctx.info_name)
project_desc = _get_project_desc(ctx, args)
merge_bin_args = [PYTHON, '-m', 'esptool']
@@ -318,7 +303,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
merge_bin_args += ['-t', flash_offset]
if fill_flash_size:
if format != 'raw':
yellow_print('idf.py merge-bin: --fill-flash-size is only valid for RAW format, option will be ignored.')
yellow_print(
'idf.py merge-bin: --fill-flash-size is only valid for RAW format, option will be ignored.'
)
else:
merge_bin_args += ['--fill-flash-size', fill_flash_size]
if merge_args:
@@ -337,7 +324,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
output: str,
address: str,
flash_crypt_conf: str,
**extra_args: str) -> None:
**extra_args: str,
) -> None:
ensure_build_directory(args, ctx.info_name)
decrypt_flash_data_args = [PYTHON, '-m', 'espsecure', 'decrypt_flash_data']
if aes_xts:
@@ -355,13 +343,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
RunTool('espsecure', decrypt_flash_data_args, args.build_dir)()
def secure_digest_secure_bootloader(
action: str,
ctx: click.core.Context,
args: PropertyDict,
keyfile: str,
output: str,
iv: str,
**extra_args: str) -> None:
action: str, ctx: click.core.Context, args: PropertyDict, keyfile: str, output: str, iv: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
digest_secure_bootloader_args = [PYTHON, '-m', 'espsecure', 'digest_secure_bootloader']
if keyfile:
@@ -383,7 +366,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
output: str,
address: str,
flash_crypt_conf: str,
**extra_args: str) -> None:
**extra_args: str,
) -> None:
ensure_build_directory(args, ctx.info_name)
encrypt_flash_data_args = [PYTHON, '-m', 'espsecure', 'encrypt_flash_data']
if aes_xts:
@@ -400,7 +384,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
encrypt_flash_data_args += [extra_args['plaintext_file']]
RunTool('espsecure', encrypt_flash_data_args, args.build_dir)()
def secure_generate_flash_encryption_key(action: str, ctx: click.core.Context, args: PropertyDict, keylen: str, **extra_args: str) -> None:
def secure_generate_flash_encryption_key(
action: str, ctx: click.core.Context, args: PropertyDict, keylen: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
generate_flash_encryption_key_args = [PYTHON, '-m', 'espsecure', 'generate_flash_encryption_key']
if keylen:
@@ -409,7 +395,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
generate_flash_encryption_key_args += [extra_args['keyfile']]
RunTool('espsecure', generate_flash_encryption_key_args, args.project_dir)()
def secure_generate_signing_key(action: str, ctx: click.core.Context, args: PropertyDict, version: str, scheme: str, **extra_args: str) -> None:
def secure_generate_signing_key(
action: str, ctx: click.core.Context, args: PropertyDict, version: str, scheme: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
generate_signing_key_args = [PYTHON, '-m', 'espsecure', 'generate_signing_key']
project_desc = _get_project_desc(ctx, args)
@@ -428,7 +416,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
generate_signing_key_args += [extra_args['keyfile']]
RunTool('espsecure', generate_signing_key_args, args.project_dir)()
def secure_generate_key_digest(action: str, ctx: click.core.Context, args: PropertyDict, keyfile:str, output:str, **extra_args: str) -> None:
def secure_generate_key_digest(
action: str, ctx: click.core.Context, args: PropertyDict, keyfile: str, output: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
generate_key_digest_args = [PYTHON, '-m', 'espsecure', 'digest_sbv2_public_key']
if keyfile:
@@ -437,7 +427,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
generate_key_digest_args += ['--output', output]
RunTool('espsecure', generate_key_digest_args, args.project_dir)()
def secure_sign_data(action: str,
def secure_sign_data(
action: str,
ctx: click.core.Context,
args: PropertyDict,
version: str,
@@ -446,7 +437,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
pub_key: str,
signature: str,
output: str,
**extra_args: str) -> None:
**extra_args: str,
) -> None:
ensure_build_directory(args, ctx.info_name)
sign_data_args = [PYTHON, '-m', 'espsecure', 'sign_data']
if version:
@@ -465,12 +457,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
sign_data_args += [extra_args['datafile']]
RunTool('espsecure', sign_data_args, args.build_dir)()
def secure_verify_signature(action: str,
ctx: click.core.Context,
args: PropertyDict,
version: str,
keyfile: str,
**extra_args: str) -> None:
def secure_verify_signature(
action: str, ctx: click.core.Context, args: PropertyDict, version: str, keyfile: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
verify_signature_args = [PYTHON, '-m', 'espsecure', 'verify_signature']
if version:
@@ -481,13 +470,15 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
verify_signature_args += [extra_args['datafile']]
RunTool('espsecure', verify_signature_args, args.build_dir)()
def secure_generate_nvs_partition_key(action: str,
def secure_generate_nvs_partition_key(
action: str,
ctx: click.core.Context,
args: PropertyDict,
encryption_scheme: str,
keyfile: str,
hmac_keyfile: str,
**extra_args: str) -> None:
**extra_args: str,
) -> None:
ensure_build_directory(args, ctx.info_name)
generate_nvs_partition_key_args = [PYTHON, '-m', 'esp_idf_nvs_partition_gen', 'generate-key']
if encryption_scheme == 'HMAC':
@@ -498,7 +489,9 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
RunTool('espsecure', generate_nvs_partition_key_args, args.project_dir)()
def secure_encrypt_nvs_partition(action: str, ctx: click.core.Context, args: PropertyDict, keyfile: str, **extra_args: str) -> None:
def secure_encrypt_nvs_partition(
action: str, ctx: click.core.Context, args: PropertyDict, keyfile: str, **extra_args: str
) -> None:
ensure_build_directory(args, ctx.info_name)
encrypt_nvs_partition_args = [PYTHON, '-m', 'esp_idf_nvs_partition_gen', 'encrypt']
encrypt_nvs_partition_args += ['--inputkey', keyfile]
@@ -515,7 +508,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
if args.port:
efuse_args += ['-p', args.port]
elif not args.port and not extra_args['virt']: # if --virt, no port will be found and it would cause error
efuse_args += ['-p', get_default_serial_port()]
raise FatalError('Error: Port is required for espefuse. Please specify the port with the --port argument.')
efuse_args += ['--chip', _get_project_desc(ctx, args)['target']]
if extra_args['virt']:
efuse_args += ['--virt']
@@ -529,7 +522,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
def efuse_burn(action: str, ctx: click.core.Context, args: PropertyDict, **extra_args: Dict) -> None:
ensure_build_directory(args, ctx.info_name)
burn_efuse_args = [PYTHON, '-m' 'espefuse', 'burn_efuse']
burn_efuse_args = [PYTHON, '-mespefuse', 'burn_efuse']
burn_efuse_args += _parse_efuse_args(ctx, args, extra_args)
if extra_args['efuse_positional_args']:
burn_efuse_args += list(extra_args['efuse_positional_args'])
@@ -537,7 +530,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
def efuse_burn_key(action: str, ctx: click.core.Context, args: PropertyDict, **extra_args: str) -> None:
ensure_build_directory(args, ctx.info_name)
burn_key_args = [PYTHON, '-m' 'espefuse', 'burn_key']
burn_key_args = [PYTHON, '-mespefuse', 'burn_key']
burn_key_args += _parse_efuse_args(ctx, args, extra_args)
if extra_args['no_protect_key']:
burn_key_args += ['--no-protect-key']
@@ -549,9 +542,11 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
burn_key_args += extra_args['efuse_positional_args']
RunTool('espefuse.py', burn_key_args, args.project_dir, build_dir=args.build_dir)()
def efuse_dump(action: str, ctx: click.core.Context, args: PropertyDict, file_name: str, **extra_args: Dict) -> None:
def efuse_dump(
action: str, ctx: click.core.Context, args: PropertyDict, file_name: str, **extra_args: Dict
) -> None:
ensure_build_directory(args, ctx.info_name)
dump_args = [PYTHON, '-m' 'espefuse', 'dump']
dump_args = [PYTHON, '-mespefuse', 'dump']
dump_args += _parse_efuse_args(ctx, args, extra_args)
if file_name:
dump_args += ['--file_name', file_name]
@@ -559,15 +554,21 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
def efuse_read_protect(action: str, ctx: click.core.Context, args: PropertyDict, **extra_args: Dict) -> None:
ensure_build_directory(args, ctx.info_name)
read_protect_args = [PYTHON, '-m' 'espefuse', 'read_protect_efuse']
read_protect_args = [PYTHON, '-mespefuse', 'read_protect_efuse']
read_protect_args += _parse_efuse_args(ctx, args, extra_args)
if extra_args['efuse_positional_args']:
read_protect_args += list(extra_args['efuse_positional_args'])
RunTool('espefuse', read_protect_args, args.build_dir)()
def efuse_summary(action: str, ctx: click.core.Context, args: PropertyDict, format: str, **extra_args: Dict) -> None:
def efuse_summary(
action: str,
ctx: click.core.Context,
args: PropertyDict,
format: str, # noqa: A002
**extra_args: Dict,
) -> None:
ensure_build_directory(args, ctx.info_name)
summary_args = [PYTHON, '-m' 'espefuse', 'summary']
summary_args = [PYTHON, '-mespefuse', 'summary']
summary_args += _parse_efuse_args(ctx, args, extra_args)
if format:
summary_args += [f'--format={format.replace("-", "_")}']
@@ -577,7 +578,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
def efuse_write_protect(action: str, ctx: click.core.Context, args: PropertyDict, **extra_args: Dict) -> None:
ensure_build_directory(args, ctx.info_name)
write_protect_args = [PYTHON, '-m' 'espefuse', 'write_protect_efuse']
write_protect_args = [PYTHON, '-mespefuse', 'write_protect_efuse']
write_protect_args += _parse_efuse_args(ctx, args, extra_args)
if extra_args['efuse_positional_args']:
write_protect_args += list(extra_args['efuse_positional_args'])
@@ -598,10 +599,11 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--extra-args'],
'help': (
'Pass extra arguments to esptool separated by space. For more details see `esptool.py write_flash --help`. '
'For example to compress and verify data use: `idf.py flash --extra-args="--compress --verify"`. Use with caution!'
)
}
'Pass extra arguments to esptool separated by space. For more details see '
'`esptool.py write_flash --help`. For example to compress and verify data use: '
'`idf.py flash --extra-args="--compress --verify"`. Use with caution!'
),
},
]
EFUSE_OPTS = [PORT] + [
@@ -678,9 +680,14 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
{
'names': ['--fill-flash-size'],
'help': ('[ONLY RAW] If set, the final binary file will be padded with FF bytes up to this flash size.'),
'type': click.Choice(['256KB', '512KB', '1MB', '2MB', '4MB', '8MB', '16MB', '32MB', '64MB', '128MB']),
}
'help': (
'[ONLY RAW] If set, the final binary file will be padded with FF bytes up to this '
'flash size.'
),
'type': click.Choice(
['256KB', '512KB', '1MB', '2MB', '4MB', '8MB', '16MB', '32MB', '64MB', '128MB']
),
},
],
'arguments': [
{
@@ -712,7 +719,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
{
'names': ['--flash-crypt-conf'],
'help': ('Override FLASH_CRYPT_CONF efuse value (default is 0XF).'),
'help': ('Override FLASH_CRYPT_CONF eFuse value (default is 0XF).'),
},
],
'arguments': [
@@ -724,8 +731,10 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
'secure-digest-secure-bootloader': {
'callback': secure_digest_secure_bootloader,
'help': ('Take a bootloader binary image and a secure boot key, and output a combined'
'digest+binary suitable for flashing along with the precalculated secure boot key.'),
'help': (
'Take a bootloader binary image and a secure boot key, and output a combined'
'digest+binary suitable for flashing along with the precalculated secure boot key.'
),
'options': [
{
'names': ['--keyfile', '-k'],
@@ -738,7 +747,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--iv'],
'help': (
'128 byte IV file. Supply a file for testing purposes only, if not supplied an IV will be randomly generated.'
'128 byte IV file. Supply a file for testing purposes only, if not supplied an IV will be '
'randomly generated.'
),
},
],
@@ -748,7 +758,6 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'nargs': 1,
},
],
},
'secure-encrypt-flash-data': {
'callback': secure_encrypt_flash_data,
@@ -757,9 +766,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--aes-xts', '-x'],
'is_flag': True,
'help': (
'Encrypt data using AES-XTS if chip supports it.'
),
'help': ('Encrypt data using AES-XTS if chip supports it.'),
},
{
'names': ['--keyfile', '-k'],
@@ -775,9 +782,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
{
'names': ['--flash-crypt-conf'],
'help': (
'Override FLASH_CRYPT_CONF eFuse value (default is 0XF).'
),
'help': ('Override FLASH_CRYPT_CONF eFuse value (default is 0XF).'),
},
],
'arguments': [
@@ -793,7 +798,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--keylen', '-l'],
'help': (
'Length of private key digest file to generate (in bits). 3/4 Coding Scheme requires 192 bit key.'
'Length of private key digest file to generate (in bits). 3/4 Coding Scheme requires '
'192 bit key.'
),
},
],
@@ -806,9 +812,11 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
'secure-generate-signing-key': {
'callback': secure_generate_signing_key,
'help': ('Generate a private key for signing secure boot images as per the secure boot version. Key file is generated in PEM'
'format, Secure Boot V1 - ECDSA NIST256p private key. Secure Boot V2 - RSA 3072, ECDSA NIST256p, ECDSA NIST192p'
'private key.'),
'help': (
'Generate a private key for signing secure boot images as per the secure boot version. Key file is '
'generated in PEM format, Secure Boot V1 - ECDSA NIST256p private key. Secure Boot V2 - RSA 3072, '
'ECDSA NIST256p, ECDSA NIST192p private key.'
),
'options': [
{
'names': ['--version', '-v'],
@@ -845,8 +853,10 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
'secure-sign-data': {
'callback': secure_sign_data,
'help': ('Sign a data file for use with secure boot. Signing algorithm is deterministic ECDSA w/ SHA-512 (V1) or either RSA-'
'PSS or ECDSA w/ SHA-256 (V2).'),
'help': (
'Sign a data file for use with secure boot. Signing algorithm is deterministic ECDSA w/ SHA-512 '
'(V1) or either RSA-PSS or ECDSA w/ SHA-256 (V2).'
),
'options': [
{
'names': ['--version', '-v'],
@@ -861,27 +871,25 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--append-signatures', '-a'],
'is_flag': True,
'help': (
'Append signature block(s) to already signed image. Valid only for ESP32-S2.'
),
'help': ('Append signature block(s) to already signed image. Valid only for ESP32-S2.'),
},
{
'names': ['--pub-key'],
'help': (
'Public key files corresponding to the private key used to generate the pre-calculated signatures. Keys should be in PEM format.'
'Public key files corresponding to the private key used to generate the pre-calculated '
'signatures. Keys should be in PEM format.'
),
},
{
'names': ['--signature'],
'help': (
'Pre-calculated signatures. Signatures generated using external private keys e.g. keys stored in HSM.'
'Pre-calculated signatures. Signatures generated using external private keys e.g. '
'keys stored in HSM.'
),
},
{
'names': ['--output', '-o'],
'help': (
'Output file for signed digest image. Default is to sign the input file.'
),
'help': ('Output file for signed digest image. Default is to sign the input file.'),
},
],
'arguments': [
@@ -893,7 +901,10 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
'secure-verify-signature': {
'callback': secure_verify_signature,
'help': ('Verify a previously signed binary image, using the ECDSA (V1) or either RSA or ECDSA (V2) public key.'),
'help': (
'Verify a previously signed binary image, using the ECDSA (V1) or either RSA or ECDSA (V2) '
'public key.'
),
'options': [
{
'names': ['--version', '-v'],
@@ -930,8 +941,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['--hmac-keyfile', '-l'],
'help': 'File to store the generated HMAC key.',
}
},
],
},
'secure-encrypt-nvs-partition': {
@@ -955,8 +965,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
{
'names': ['partition_size'],
'nargs': 1,
}
]
},
],
},
'efuse-burn': {
'callback': efuse_burn,
@@ -971,8 +981,12 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
},
'efuse-burn-key': {
'callback': efuse_burn_key,
'help': 'Burn a 256-bit key to EFUSE: BLOCK1, flash_encryption, BLOCK2, secure_boot_v1, secure_boot_v2, BLOCK3.',
'options': EFUSE_OPTS + [
'help': (
'Burn a 256-bit key to EFUSE: BLOCK1, flash_encryption, BLOCK2, secure_boot_v1, '
'secure_boot_v2, BLOCK3.'
),
'options': EFUSE_OPTS
+ [
{
'names': ['--no-protect-key'],
'is_flag': True,
@@ -985,16 +999,15 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'names': ['--force-write-always'],
'is_flag': True,
'help': (
'Write the eFuse even if it looks like it\'s already been written, or is write protected.'
'Note that this option can\'t disable write protection, or clear any bit which has already been set.'
"Write the eFuse even if it looks like it's already been written, or is write protected."
"Note that this option can't disable write protection, or clear any bit which has already "
'been set.'
),
},
{
'names': ['--show-sensitive-info'],
'is_flag': True,
'help': (
'Show data to be burned (may expose sensitive data). Enabled if --debug is used.'
),
'help': ('Show data to be burned (may expose sensitive data). Enabled if --debug is used.'),
},
],
'arguments': [
@@ -1007,12 +1020,14 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'efuse-dump': {
'callback': efuse_dump,
'help': 'Dump raw hex values of all eFuses.',
'options': EFUSE_OPTS + [
'options': EFUSE_OPTS
+ [
{
'names': ['--file-name'],
'help': (
'Saves dump for each block into separate file. Provide the common path name /path/blk.bin, it will create:'
' blk0.bin, blk1.bin ... blkN.bin. Use burn_block_data to write it back to another chip.'
'Saves dump for each block into separate file. Provide the common path name /path/blk.bin, '
'it will create: blk0.bin, blk1.bin ... blkN.bin. Use burn_block_data to write it back to '
'another chip.'
),
},
],
@@ -1031,7 +1046,8 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'efuse-summary': {
'callback': efuse_summary,
'help': 'Get the summary of the eFuses.',
'options': EFUSE_OPTS + [
'options': EFUSE_OPTS
+ [
{
'names': ['--format'],
'help': ('Summary format.'),
@@ -1084,7 +1100,7 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'Baud rate for monitor. '
'If this option is not provided IDF_MONITOR_BAUD and MONITORBAUD '
'environment variables, global baud rate and project_description.json in build directory '
'(generated by CMake from project\'s sdkconfig) '
"(generated by CMake from project's sdkconfig) "
'will be checked for default value.'
),
},
@@ -1171,7 +1187,6 @@ def action_extensions(base_actions: Dict, project_path: str) -> Dict:
'options': flash_options,
'order_dependencies': ['all', 'erase-flash'],
},
'erase-otadata': {
'callback': ota_targets,
'help': 'Erase otadata partition.',