mirror of
				https://github.com/espressif/esp-idf.git
				synced 2025-10-25 03:22:43 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			162 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			Makefile
		
	
	
	
	
	
			
		
		
	
	
			162 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			Makefile
		
	
	
	
	
	
| # Bootloader component (top-level project parts)
 | |
| #
 | |
| # The bootloader is not a real component that gets linked into the project.
 | |
| # Instead it is an entire standalone project (in subproject/) that gets
 | |
| # built in the upper project's build directory. This Makefile.projbuild provides
 | |
| # the glue to build the bootloader project from the original project. It
 | |
| # basically runs Make in the subproject/ directory but it needs to
 | |
| # zero some variables the ESP-IDF project.mk makefile exports first, to not
 | |
| # let them interfere.
 | |
| #
 | |
| BOOTLOADER_COMPONENT_PATH := $(COMPONENT_PATH)
 | |
| BOOTLOADER_BUILD_DIR=$(abspath $(BUILD_DIR_BASE)/bootloader)
 | |
| BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin
 | |
| 
 | |
| # signing key path is resolved relative to the project directory
 | |
| CONFIG_SECURE_BOOT_SIGNING_KEY ?=
 | |
| SECURE_BOOT_SIGNING_KEY=$(abspath $(call dequote,$(CONFIG_SECURE_BOOT_SIGNING_KEY)))
 | |
| export SECURE_BOOT_SIGNING_KEY  # used by bootloader_support component
 | |
| 
 | |
| # Has a matching value in bootloader_support esp_flash_partitions.h
 | |
| BOOTLOADER_OFFSET := 0x1000
 | |
| 
 | |
| # Custom recursive make for bootloader sub-project
 | |
| #
 | |
| # NB: Some variables are cleared in the environment, not
 | |
| # overriden, because they need to be re-defined in the child
 | |
| # project.
 | |
| BOOTLOADER_MAKE= +\
 | |
| 	PROJECT_PATH= \
 | |
| 	COMPONENT_DIRS= \
 | |
| 	$(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/subproject \
 | |
| 	V=$(V) \
 | |
| 	BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \
 | |
| 	TEST_COMPONENTS= \
 | |
| 	TESTS_ALL= \
 | |
| 	EXCLUDE_COMPONENTS=
 | |
| 
 | |
| .PHONY: bootloader-clean bootloader-flash bootloader-list-components bootloader $(BOOTLOADER_BIN)
 | |
| 
 | |
| $(BOOTLOADER_BIN): $(SDKCONFIG_MAKEFILE)
 | |
| 	$(BOOTLOADER_MAKE) $@
 | |
| 
 | |
| clean: bootloader-clean
 | |
| 
 | |
| bootloader-list-components:
 | |
| 	$(BOOTLOADER_MAKE) list-components
 | |
| 
 | |
| ifndef CONFIG_SECURE_BOOT
 | |
| # If secure boot disabled, bootloader flashing is integrated
 | |
| # with 'make flash' and no warnings are printed.
 | |
| 
 | |
| bootloader: $(BOOTLOADER_BIN) | check_python_dependencies
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "Bootloader built. Default flash command is:"
 | |
| 	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $^"
 | |
| 
 | |
| ESPTOOL_ALL_FLASH_ARGS += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
 | |
| UF2_ADD_BINARIES += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
 | |
| 
 | |
| bootloader-flash: $(BOOTLOADER_BIN) $(call prereq_if_explicit,erase_flash) | check_python_dependencies
 | |
| 	$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
 | |
| 
 | |
| else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
 | |
| 
 | |
| # One time flashing requires user to run esptool.py command themselves,
 | |
| # and warning is printed about inability to reflash.
 | |
| #
 | |
| # The flashing command is deliberately printed without an auto-reset
 | |
| # step, so the device doesn't immediately reset to flash itself.
 | |
| 
 | |
| bootloader: $(BOOTLOADER_BIN) | check_python_dependencies
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "Bootloader built. One-time flash command is:"
 | |
| 	@echo "$(subst hard_reset,no_reset,$(ESPTOOLPY_WRITE_FLASH)) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
 | |
| 
 | |
| else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
 | |
| # Reflashable secure bootloader
 | |
| # generates a digest binary (bootloader + digest)
 | |
| 
 | |
| ifdef CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT
 | |
| KEY_DIGEST_LEN=192
 | |
| else
 | |
| KEY_DIGEST_LEN=256
 | |
| endif
 | |
| 
 | |
| BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
 | |
| SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key-$(KEY_DIGEST_LEN).bin
 | |
| 
 | |
| ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
 | |
| $(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY) | check_python_dependencies
 | |
| 	$(ESPSECUREPY) digest_private_key --keylen $(KEY_DIGEST_LEN) -k $< $@
 | |
| else
 | |
| $(SECURE_BOOTLOADER_KEY):
 | |
| 	@echo "No pre-generated key for a reflashable secure bootloader is available, due to signing configuration."
 | |
| 	@echo "To generate one, you can use this command:"
 | |
| 	@echo "espsecure.py generate_flash_encryption_key $@"
 | |
| 	@echo "then re-run make."
 | |
| 	exit 1
 | |
| endif
 | |
| 
 | |
| bootloader: $(BOOTLOADER_DIGEST_BIN)
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "Bootloader built and secure digest generated. First time flash command is:"
 | |
| 	@echo "$(ESPEFUSEPY) burn_key secure_boot_v1 $(SECURE_BOOTLOADER_KEY)"
 | |
| 	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "To reflash the bootloader after initial flash:"
 | |
| 	@echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
 | |
| 	@echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
 | |
| 
 | |
| $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY) | check_python_dependencies
 | |
| 	@echo "DIGEST $(notdir $@)"
 | |
| 	$(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
 | |
| 
 | |
| else ifdef CONFIG_SECURE_BOOT_V2_ENABLED
 | |
| BOOTLOADER_SIGNED_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-signed.bin
 | |
| ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
 | |
| bootloader: $(BOOTLOADER_BIN) $(SDKCONFIG_MAKEFILE) | check_python_dependencies
 | |
| 	$(ESPSECUREPY) sign_data --keyfile $(SECURE_BOOT_SIGNING_KEY) --version 2 \
 | |
| 	-o $(BOOTLOADER_SIGNED_BIN) $(BOOTLOADER_BIN)
 | |
| else
 | |
| bootloader: $(BOOTLOADER_BIN) $(SDKCONFIG_MAKEFILE) | check_python_dependencies
 | |
| 	@echo "Bootloader not signed. Sign the bootloader before flashing."
 | |
| 	@echo "To sign the bootloader, you can use this command:"
 | |
| 	@echo "espsecure.py sign_data --keyfile SECURE_BOOT_SIGNING_KEY --version 2 $(BOOTLOADER_BIN)"
 | |
| endif
 | |
| 	@echo $(SEPARATOR)
 | |
| 	@echo "Use the following command to flash the bootloader:"
 | |
| ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
 | |
| 	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_SIGNED_BIN)"
 | |
| else
 | |
| 	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
 | |
| endif
 | |
| 	@echo $(SEPARATOR)
 | |
| 
 | |
| else # CONFIG_SECURE_BOOT && !CONFIG_SECURE_BOOTLOADER_REFLASHABLE \
 | |
| && !CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH && !CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
 | |
| bootloader:
 | |
| 	@echo "Invalid bootloader target: bad sdkconfig?"
 | |
| 	@exit 1
 | |
| endif
 | |
| 
 | |
| ifndef CONFIG_SECURE_BOOT
 | |
| # don't build bootloader by default if secure boot is enabled
 | |
| all_binaries: $(BOOTLOADER_BIN)
 | |
| endif
 | |
| 
 | |
| bootloader-clean: $(SDKCONFIG_MAKEFILE)
 | |
| 	$(BOOTLOADER_MAKE) app-clean
 | |
| ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
 | |
| 	rm -f $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)
 | |
| endif
 | |
| ifdef CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
 | |
| ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
 | |
| 	rm -f $(BOOTLOADER_SIGNED_BIN)
 | |
| endif
 | |
| endif
 | 
