Add MCUBOOT_IMGTOOL_OVERWRITE_ONLY Kconfig option which
passes the --overwrite-only option to imgtool to avoid
adding the swap status area size when calculating overflow.
It is used by non-swap update modes.
Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
Export Zephyr image byproducts through `BYPRODUCT_<VAR>` cache
variables.
This allow external tools, such as sysbuild, to read information on
products produced by a Zephyr build from the image CMake cache.
For sysbuild, this means that all byproducts will be added to a phony
build target, which again allow sysbuild itself to depends on target
output and properly describe dependencies between byproducts and their
producing targets.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Adds a warning if neither Kconfig is enabled to generate an
unsigned image or a signing key are set, this is not an error but
warns the user in case they have forgot to set these modes or if
they have been set manually and have been cleared by a cmake
rebuild occurring (e.g. when bisecting).
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The commit adds CONFIG_MCUBOOT_CMAKE_WEST_SIGN_PARAMS Kconfig
option to allow passing arguments to west sign.
The option is used to pass arguments that immediately follow
west sign in cmake invocations and replaces hardcoded
"--quiet" parameter, but defaults to the "--quiet" value to
keep current behaviour.
New Kconfig option allows to pass arguments to west sign
without modifying cmake/mcuboot.cmake.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This commit adds a change to support running west sign command even if
the keyfile is not provided. Default value of the configuration
is set to n in order to maintain backward compatibility.
Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
Introduce new Kconfig option MCUBOOT_ENCRYPTION_KEY_FILE. If the
string is not empty Cmake will try to encrypt the final binaries using
the given key file.
Signed-off-by: Helge Juul <helge@fastmail.com>
Add --pad to imgtool.py command line arguments when generating confirmed
images, otherwise the image contains no trailer magic for writing the
confirmed status.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
When CONFIG_MCUBOOT_SIGNATURE_KEY_FILE is set and the build system
successfully creates signed outputs, use them as the default artifacts
to flash.
This flashes the non-confirmed variant regardless of
CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE, allowing POST code in the
application to confirm the image or not. Since this is used primarily
from development, I'd hesitate to assume the confirmed image is good.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Add new Kconfig options which depend on CONFIG_BOOTLOADER_MCUBOOT:
- CONFIG_MCUBOOT_SIGNATURE_KEY_FILE: the path to the key pair which
should be used to sign the image, in PEM format. This is sent to
imgtool via 'west sign' when set to produce zephyr.signed.bin and
zephyr.signed.hex files as needed.
- CONFIG_MCUBOOT_EXTRA_IMGTOOL_ARGS: additional arguments to pass to
imgtool.
- CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE: also generate
zephyr.signed.confirmed.{bin,hex}
Add build system support for these options.
This makes a separate 'west sign' step unnecessary when using MCUboot,
if the application image is properly configured with the location of
the key file.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Andrej Butok