bootloader: fix secure boot issues

Do not include bootloader in flash target when secure boot is enabled. Emit signing warning on all cases where signed apps are enabled (secure boot and signed images) Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is relevant to other components, not just bootloader. Pass signing key and verification key via config, not requiring bootloader to know parent app dir. Misc. variables name corrections
2025-09-30 19:19:21 +00:00 · 2019-05-10 15:25:25 +08:00
parent 179259f195
commit 9edc867c62
6 changed files with 175 additions and 140 deletions
--- a/components/bootloader/CMakeLists.txt
+++ b/components/bootloader/CMakeLists.txt
@@ -1,15 +1,20 @@
-idf_component_register()
+idf_component_register(PRIV_REQUIRES partition_table)

 # Do not generate flash file when building bootloader or is in early expansion of the build
 if(BOOTLOADER_BUILD)
    return()
 endif()

+# When secure boot is enabled, do not flash bootloader along with invocation of `idf.py flash`
+if(NOT CONFIG_SECURE_BOOT_ENABLED)
+    set(flash_bootloader FLASH_IN_PROJECT)
+endif()
+
 # Set values used in flash_bootloader_args.in and generate flash file
 # for bootloader
 esptool_py_flash_project_args(bootloader 0x1000
                            ${BOOTLOADER_BUILD_DIR}/bootloader.bin
-                            FLASH_IN_PROJECT
+                            ${flash_bootloader}
                            FLASH_FILE_TEMPLATE flash_bootloader_args.in)

 esptool_py_custom_target(bootloader-flash bootloader "bootloader")