diff --git a/components/bootloader_support/CMakeLists.txt b/components/bootloader_support/CMakeLists.txt index 4e477f6b59..65c9252d8d 100644 --- a/components/bootloader_support/CMakeLists.txt +++ b/components/bootloader_support/CMakeLists.txt @@ -153,6 +153,7 @@ if(NOT BOOTLOADER_BUILD) endif() if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)) + idf_component_get_property(espsecure_py_cmd esptool_py ESPSECUREPY_CMD) if(BOOTLOADER_BUILD) # Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed # in the library. @@ -165,7 +166,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE "signature_verification_key.bin" ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") add_custom_command(OUTPUT "${secure_boot_verification_key}" - COMMAND ${ESPSECUREPY} + COMMAND ${espsecure_py_cmd} extract_public_key --keyfile "${secure_boot_signing_key}" "${secure_boot_verification_key}" DEPENDS ${secure_boot_signing_key} @@ -193,7 +194,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE ABSOLUTE BASE_DIR "${project_dir}") add_custom_command(OUTPUT "${secure_boot_verification_key}" - COMMAND ${ESPSECUREPY} + COMMAND ${espsecure_py_cmd} extract_public_key --keyfile "${secure_boot_signing_key}" "${secure_boot_verification_key}" WORKING_DIRECTORY ${project_dir} diff --git a/components/esptool_py/espefuse.cmake b/components/esptool_py/espefuse.cmake index 8911f51942..2d5d160e00 100644 --- a/components/esptool_py/espefuse.cmake +++ b/components/esptool_py/espefuse.cmake @@ -2,6 +2,18 @@ cmake_minimum_required(VERSION 3.16) # Executes a espefuse.py command and returns a cleaned log function(espefuse_cmd cmd output_log) + # espefuse_cmd can be called from a project's CMakeLists.txt file, which + # can invoke this function in CMake scripting mode (-P). If that is the case, + # we do not have access to convenience functions like idf_component_get_property. + # In scripting mode, the path to espefuse.py must be passed in via the + # 'ESPEFUSEPY' variable using the -D flag. + # + # When called during the normal build configuration phase, 'ESPEFUSEPY' is not + # defined as a variable, and we must fetch it from the esptool_py component's + # properties. + if(NOT DEFINED ESPEFUSEPY) + idf_component_get_property(ESPEFUSEPY esptool_py ESPEFUSEPY_CMD) + endif() set(SERIAL_TOOL ${ESPEFUSEPY}) if(${ESPEFUSEPY_OFFLINE}) set(VIRT_OPTION "--virt") diff --git a/components/esptool_py/project_include.cmake b/components/esptool_py/project_include.cmake index 0a2b7ce750..170afda587 100644 --- a/components/esptool_py/project_include.cmake +++ b/components/esptool_py/project_include.cmake @@ -1,20 +1,5 @@ # esptool_py component project_include.cmake -# Many of these are read when generating flash_app_args & flash_project_args -idf_build_get_property(target IDF_TARGET) -idf_build_get_property(python PYTHON) -idf_build_get_property(idf_path IDF_PATH) - -idf_build_get_property(non_os_build NON_OS_BUILD) - -set(chip_model ${target}) - -set(ESPTOOLPY ${python} "$ENV{ESPTOOL_WRAPPER}" "${CMAKE_CURRENT_LIST_DIR}/esptool/esptool.py" --chip ${chip_model}) -set(ESPSECUREPY ${python} "${CMAKE_CURRENT_LIST_DIR}/esptool/espsecure.py") -set(ESPEFUSEPY ${python} "${CMAKE_CURRENT_LIST_DIR}/esptool/espefuse.py") -set(ESPMONITOR ${python} -m esp_idf_monitor) -set(ESPTOOLPY_CHIP "${chip_model}") - # esptool_py_partition_needs_encryption # # @brief Determine if a partition needs to be encrypted when flash encryption is enabled. diff --git a/components/partition_table/CMakeLists.txt b/components/partition_table/CMakeLists.txt index 61fe492c7b..d6b296b497 100644 --- a/components/partition_table/CMakeLists.txt +++ b/components/partition_table/CMakeLists.txt @@ -139,18 +139,19 @@ endif() # Add signing steps if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) + idf_component_get_property(espsecure_py_cmd esptool_py ESPSECUREPY_CMD) if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES) add_custom_target(gen_unsigned_partition_bin ALL DEPENDS "${build_dir}/partition_table/${unsigned_partition_bin}") add_custom_command(OUTPUT "${build_dir}/partition_table/${final_partition_bin}" - COMMAND ${ESPSECUREPY} sign_data --version 1 --keyfile "${SECURE_BOOT_SIGNING_KEY}" + COMMAND ${espsecure_py_cmd} sign_data --version 1 --keyfile "${SECURE_BOOT_SIGNING_KEY}" -o "${build_dir}/partition_table/${final_partition_bin}" "${build_dir}/partition_table/${unsigned_partition_bin}" DEPENDS "${build_dir}/partition_table/${unsigned_partition_bin}" VERBATIM) else() - string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}") + string(REPLACE ";" " " espsecurepy "${espsecure_py_cmd}") add_custom_command(TARGET partition-table POST_BUILD COMMAND ${CMAKE_COMMAND} -E echo "Partition table built but not signed. Sign partition data before flashing:" diff --git a/examples/system/efuse/CMakeLists.txt b/examples/system/efuse/CMakeLists.txt index 1ae11a7d56..0d8deed3e6 100644 --- a/examples/system/efuse/CMakeLists.txt +++ b/examples/system/efuse/CMakeLists.txt @@ -8,12 +8,13 @@ idf_build_set_property(MINIMAL_BUILD ON) project(efuse) idf_component_get_property(esptool_py_dir esptool_py COMPONENT_DIR) +idf_component_get_property(espefuse_py_cmd esptool_py ESPEFUSEPY_CMD) set(efuse_names "MAC" "WR_DIS") add_custom_target(efuse-filter COMMAND ${CMAKE_COMMAND} -D "IDF_PATH=${IDF_PATH}" -D "esptool_py_dir=${esptool_py_dir}" - -D "ESPEFUSEPY=${ESPEFUSEPY}" + -D "ESPEFUSEPY=${espefuse_py_cmd}" -D "ESPEFUSEPY_OFFLINE=${CONFIG_IDF_CI_BUILD}" # Only for CI tests. Do not establish a connection with the chip -D "IDF_TARGET=${IDF_TARGET}" -D "efuse_names=${efuse_names}" diff --git a/tools/cmake/project.cmake b/tools/cmake/project.cmake index 18d6955fa7..10839d63ef 100644 --- a/tools/cmake/project.cmake +++ b/tools/cmake/project.cmake @@ -948,9 +948,10 @@ macro(project project_name) # Add uf2 related targets idf_build_get_property(idf_path IDF_PATH) idf_build_get_property(python PYTHON) + idf_build_get_property(target IDF_TARGET) set(UF2_ARGS --json "${CMAKE_CURRENT_BINARY_DIR}/flasher_args.json") - set(UF2_CMD ${python} "${idf_path}/tools/mkuf2.py" write --chip ${chip_model}) + set(UF2_CMD ${python} "${idf_path}/tools/mkuf2.py" write --chip ${target}) add_custom_target(uf2 COMMAND ${CMAKE_COMMAND} diff --git a/tools/test_apps/security/secure_boot/main/CMakeLists.txt b/tools/test_apps/security/secure_boot/main/CMakeLists.txt index 5201d97810..bce7659f1a 100644 --- a/tools/test_apps/security/secure_boot/main/CMakeLists.txt +++ b/tools/test_apps/security/secure_boot/main/CMakeLists.txt @@ -9,13 +9,16 @@ idf_component_register(SRCS "${main_src}" INCLUDE_DIRS ".") target_compile_options(${COMPONENT_LIB} PRIVATE "-Wno-format") if(CONFIG_EXAMPLE_TARGET_QEMU) + set(PROJECT_BIN "${CMAKE_PROJECT_NAME}") set(bootloader_unsigned_bin "bootloader-unsigned.bin") set(app_unsigned_bin "${PROJECT_BIN}-unsigned.bin") + idf_component_get_property(espsecure_py_cmd esptool_py ESPSECUREPY_CMD) + add_custom_target(sign_bootloader ALL COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/bootloader/bootloader.bin" "${CMAKE_BINARY_DIR}/bootloader/${bootloader_unsigned_bin}" - COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile + COMMAND ${espsecure_py_cmd} sign_data --version 2 --keyfile ${PROJECT_DIR}/test/secure_boot_signing_key0.pem ${PROJECT_DIR}/test/secure_boot_signing_key1.pem ${PROJECT_DIR}/test/secure_boot_signing_key2.pem @@ -29,14 +32,13 @@ if(CONFIG_EXAMPLE_TARGET_QEMU) add_dependencies(sign_bootloader bootloader) add_custom_target(sign_app ALL - COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" + COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}.bin" "${CMAKE_BINARY_DIR}/${app_unsigned_bin}" - COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile + COMMAND ${espsecure_py_cmd} sign_data --version 2 --keyfile ${PROJECT_DIR}/test/secure_boot_signing_key1.pem - -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" + -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}.bin" "${CMAKE_BINARY_DIR}/${app_unsigned_bin}" - COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/${PROJECT_BIN}" - "from ${CMAKE_BINARY_DIR}/${app_unsigned_bin}" + COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${CMAKE_BINARY_DIR}/${PROJECT_BIN}.bin" VERBATIM COMMENT "Generated the test-specific signed application")