1set(srcs 2 "src/bootloader_common.c" 3 "src/bootloader_common_loader.c" 4 "src/bootloader_clock_init.c" 5 "src/bootloader_flash.c" 6 "src/bootloader_mem.c" 7 "src/bootloader_random.c" 8 "src/bootloader_random_${IDF_TARGET}.c" 9 "src/bootloader_utility.c" 10 "src/esp_image_format.c" 11 "src/flash_encrypt.c" 12 "src/secure_boot.c" 13 "src/flash_partitions.c" 14 "src/flash_qio_mode.c" 15 "src/bootloader_flash_config_${IDF_TARGET}.c" 16 "src/bootloader_efuse_${IDF_TARGET}.c" 17 ) 18 19if(BOOTLOADER_BUILD) 20 set(include_dirs "include" "include_bootloader") 21 set(priv_requires micro-ecc spi_flash efuse) 22 list(APPEND srcs 23 "src/bootloader_init.c" 24 "src/bootloader_clock_loader.c" 25 "src/bootloader_console.c" 26 "src/bootloader_console_loader.c" 27 "src/bootloader_panic.c" 28 "src/${IDF_TARGET}/bootloader_sha.c" 29 "src/${IDF_TARGET}/bootloader_soc.c" 30 "src/${IDF_TARGET}/bootloader_${IDF_TARGET}.c" 31 ) 32 list(APPEND priv_requires hal) 33else() 34 list(APPEND srcs 35 "src/idf/bootloader_sha.c") 36 set(include_dirs "include") 37 set(priv_include_dirs "include_bootloader") 38 # heap is required for `heap_memory_layout.h` header 39 set(priv_requires spi_flash mbedtls efuse app_update heap) 40endif() 41 42if(BOOTLOADER_BUILD) 43 if(CONFIG_SECURE_FLASH_ENC_ENABLED) 44 list(APPEND srcs "src/flash_encryption/flash_encrypt.c" 45 "src/${IDF_TARGET}/flash_encryption_secure_features.c") 46 endif() 47 48 if(CONFIG_SECURE_SIGNED_ON_BOOT) 49 if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) 50 list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_bootloader.c") 51 endif() 52 if(CONFIG_SECURE_BOOT_V1_ENABLED) 53 list(APPEND srcs "src/secure_boot_v1/secure_boot.c" 54 "src/${IDF_TARGET}/secure_boot_secure_features.c") 55 endif() 56 57 if(CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME) 58 list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_bootloader.c") 59 endif() 60 if(CONFIG_SECURE_BOOT_V2_ENABLED) 61 list(APPEND srcs "src/secure_boot_v2/secure_boot.c" 62 "src/${IDF_TARGET}/secure_boot_secure_features.c") 63 endif() 64 endif() 65else() 66 if(CONFIG_SECURE_SIGNED_ON_UPDATE) 67 if(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) 68 list(APPEND srcs "src/secure_boot_v1/secure_boot_signatures_app.c") 69 endif() 70 71 if(CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME) 72 list(APPEND srcs "src/secure_boot_v2/secure_boot_signatures_app.c") 73 endif() 74 endif() 75endif() 76 77set(requires soc) #unfortunately the header directly uses SOC registers 78 79idf_component_register(SRCS "${srcs}" 80 INCLUDE_DIRS "${include_dirs}" 81 PRIV_INCLUDE_DIRS "${priv_include_dirs}" 82 REQUIRES "${requires}" 83 PRIV_REQUIRES "${priv_requires}") 84 85if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)) 86 if(BOOTLOADER_BUILD) 87 # Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed 88 # in the library. 89 if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES) 90 # We generate the key from the signing key. The signing key is passed from the main project. 91 get_filename_component(secure_boot_signing_key 92 "${SECURE_BOOT_SIGNING_KEY}" 93 ABSOLUTE BASE_DIR "${project_dir}") 94 get_filename_component(secure_boot_verification_key 95 "signature_verification_key.bin" 96 ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}") 97 add_custom_command(OUTPUT "${secure_boot_verification_key}" 98 COMMAND ${ESPSECUREPY} 99 extract_public_key --keyfile "${secure_boot_signing_key}" 100 "${secure_boot_verification_key}" 101 DEPENDS ${secure_boot_signing_key} 102 VERBATIM) 103 else() 104 # We expect to 'inherit' the verification key passed from main project. 105 get_filename_component(secure_boot_verification_key 106 ${SECURE_BOOT_VERIFICATION_KEY} 107 ABSOLUTE BASE_DIR "${project_dir}") 108 endif() 109 else() # normal app build 110 idf_build_get_property(project_dir PROJECT_DIR) 111 112 if(CONFIG_SECURE_BOOT_VERIFICATION_KEY) 113 # verification-only build supplies verification key 114 set(secure_boot_verification_key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY}) 115 get_filename_component(secure_boot_verification_key 116 ${secure_boot_verification_key} 117 ABSOLUTE BASE_DIR "${project_dir}") 118 else() 119 # sign at build time, extracts key from signing key 120 set(secure_boot_verification_key "${CMAKE_BINARY_DIR}/signature_verification_key.bin") 121 get_filename_component(secure_boot_signing_key 122 ${CONFIG_SECURE_BOOT_SIGNING_KEY} 123 ABSOLUTE BASE_DIR "${project_dir}") 124 125 add_custom_command(OUTPUT "${secure_boot_verification_key}" 126 COMMAND ${ESPSECUREPY} 127 extract_public_key --keyfile "${secure_boot_signing_key}" 128 "${secure_boot_verification_key}" 129 WORKING_DIRECTORY ${project_dir} 130 DEPENDS ${secure_boot_signing_key} 131 VERBATIM) 132 endif() 133 endif() 134 135 # Embed the verification key in the binary (app & bootloader) 136 # 137 target_add_binary_data(${COMPONENT_LIB} "${secure_boot_verification_key}" "BINARY" 138 RENAME_TO signature_verification_key_bin) 139 set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" 140 APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES 141 "${secure_boot_verification_key}") 142endif() 143 144if(BOOTLOADER_BUILD) 145 target_link_libraries(${COMPONENT_LIB} INTERFACE "-u abort") 146endif() 147
