[nrf toup] cmake: sign s0 and s1 with mcuboot's imgtool

Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Signed-off-by: Håkon Øye Amundsen <[email protected]>
tejlmand · Sep 9, 2019 · 57a219e · 57a219e
1 parent 22da2d2
commit 57a219e
Showing 1 changed file with 52 additions and 0 deletions.
diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt
@@ -121,4 +121,56 @@ if(CONFIG_BOOTLOADER_MCUBOOT)
     mcuboot_primary_app_PM_TARGET
     mcuboot_sign_target
     )
+
+  if (CONFIG_MCUBOOT_BUILD_S1_VARIANT)
+    # Secure Boot (B0) is enabled, and we have to build update candidates
+    # for both S1 and S0.
+
+    # We need to override some attributes of the parent slot S0/S1.
+    # Which contains both the S0/S1 image and the padding/header.
+    foreach(parent_slot s0;s1)
+      set(slot ${parent_slot}_image)
+
+      # Fetch the target and hex file for the current slot.
+      # Note that these hex files are already signed by B0.
+      get_property(${slot}_target GLOBAL PROPERTY ${slot}_PM_TARGET)
+      get_property(${slot}_hex GLOBAL PROPERTY ${slot}_PM_HEX_FILE)
+
+      # The gap from S0/S1 partition is calculated by partition manager
+      # and stored in its target.
+      set(slot_offset
+        $<TARGET_PROPERTY:partition_manager,${parent_slot}_TO_SECONDARY>)
+
+      # Depend on both the target for the hex file, and the hex file itself.
+      set(dependencies "${${slot}_target};${${slot}_hex}")
+
+      set(out_path ${PROJECT_BINARY_DIR}/signed_by_mcuboot_and_b0_${slot})
+
+      sign(${${slot}_hex} # Hex file to sign
+        ${out_path}
+        ${slot_offset}
+        "${dependencies}" # Need "..." to make it a list.
+        signed_hex        # Created file variable
+        )
+
+      # We now have to override the S0/S1 partition, so use `parent_slot`
+      # variable, which is "s0" and "s1" respectively. This to get partition
+      # manager to override the implicitly assigned container hex files.
+
+      # Wrapper target for the generated hex file.
+      add_custom_target(signed_${parent_slot}_target DEPENDS ${signed_hex})
+
+      # Override the container hex file.
+      set_property(GLOBAL PROPERTY
+        ${parent_slot}_PM_HEX_FILE
+        ${signed_hex}
+        )
+
+      # Override the container hex file target.
+      set_property(GLOBAL PROPERTY
+        ${parent_slot}_PM_TARGET
+        signed_${parent_slot}_target
+        )
+    endforeach()
+  endif()
 endif()