mcuboot: force .hex and .bin same content #56219
Conversation
Ensure that the automatically generated `zephyr.signed.hex` and `zephyr.signed.bin` files (and derivatives) have the same logical content. Previously the two files would have different image signatures due to the indepenent calls to the image signing tool. Note this only resolves the issue when the images are automatically signed, calling `west sign` manually with still result in different content. Resolving this is much harder as the tool has no knowledge of the commands requires to convert a `.hex` to a `.bin`. Fixes #52271. Signed-off-by: Jordan Yates <[email protected]>
| @@ -883,6 +883,16 @@ config MCUBOOT_GENERATE_CONFIRMED_IMAGE | |||
| The existence of bin and hex files depends on CONFIG_BUILD_OUTPUT_BIN | |||
| and CONFIG_BUILD_OUTPUT_HEX. | |||
|
|
|||
| config MCUBOOT_GENERATED_HEX_BIN_SAME_CONTENT | |||
| bool "Ensure that generated .hex and .bin files have the same logical content" | |||
| default y | |||
There was a problem hiding this comment.
Quite honestly I don't think the majority of people care about this, some yes but the minority.
| @@ -16,6 +16,19 @@ function(zephyr_runner_file type path) | |||
| set_target_properties(runners_yaml_props_target PROPERTIES "${type}_file" "${path}") | |||
| endfunction() | |||
|
|
|||
| function(zephyr_mcuboot_hex_bin_convert hex_file bin_file) | |||
There was a problem hiding this comment.
This is not a transferable way of doing this and requires use of this specific file to achieve this (and this file can now be completely replaced out of tree), would rather something generic is added to the cmake code that can convert any hex to bin (or just use objcopy) and can be called as is needed
There was a problem hiding this comment.
would rather something generic is added to the cmake code that can convert any hex to bin (or just use objcopy) and can be called as is needed
@nordicjm not sure exactly what you mean by this ?
The use of the elfconvert_command target property from bintools is the way toolchains can specify how files can be converted, and is used also by Zephyr in many places, for example here and elsewhere in that file:
Line 1175 in ccd88a4
if you are requesting a common CMake function to the this, but how the current function is implemented is acceptable, then I have mis-read your comment, and I apologize the noise ?
or just use objcopy
not all toolchains support objcopy, which is why toolchains should setup their own elfconvert_command property, which is objcopy for gnu.
Ref:
zephyr/cmake/bintools/gnu/target_bintools.cmake
Lines 23 to 25 in ccd88a4
zephyr/cmake/bintools/arcmwdt/target_bintools.cmake
Lines 12 to 15 in ccd88a4
| # the same. Otherwise the .hex and .bin will have different signatures due to the | ||
| # independent calls to the signing tool. This cannot be done as part of 'west sign' | ||
| # as we cannot evaluate the bintools arguments at configuration time. | ||
| if (CONFIG_MCUBOOT_GENERATED_HEX_BIN_SAME_CONTENT) |
There was a problem hiding this comment.
instead of introducing yet another Kconfig setting, then why no swap the code here:
Line 110 in ccd88a4
and here:
Line 127 in ccd88a4
so that order becomes:
if(CONFIG_BUILD_OUTPUT_HEX)
# Do signing of hex file
endif()
if(CONFIG_BUILD_OUTPUT_BIN AND CONFIG_BUILD_OUTPUT_HEX)
# Both hex and bin output is enabled, convert signed hex to signed bin to mitigate #52271.
elseif(CONFIG_BUILD_OUTPUT_BIN)
# Only bin output is enabled, keep existing image bin signing.
endif()
There was a problem hiding this comment.
I went with this approach as west sign current automatically discovers files to be signed, so even without the bin options it still actually signs the .bin. If this file is generated anyway the easiest option IMO is just to overwrite it. Obviously this can be updated but is a larger change.
zephyr/scripts/west_commands/sign.py
Lines 155 to 175 in fd94ca7
I didn't go with if(CONFIG_BUILD_OUTPUT_BIN AND CONFIG_BUILD_OUTPUT_HEX) directly in the cmake just to provide the option to disable this behaviour if it happens to cause issues for someone.
There was a problem hiding this comment.
I went with this approach as west sign current automatically discovers files to be signed
Right, I had forgotten about the pure west sign behavior.
Having different behavior on west sign and during build is not good.
I didn't go with if(CONFIG_BUILD_OUTPUT_BIN AND CONFIG_BUILD_OUTPUT_HEX) directly in the cmake just to provide the option to disable this behaviour if it happens to cause issues for someone.
and that's a fair point.
But I dislike having an extra Kconfig for this.
and even though it's configurable, there is still a mismatch to how it works when west sign is invoked.
Yes, doing it somewhere else in a common file so that it can be called from here or anywhere as a generic "copy hex to bin" function |
|
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
Ensure that the automatically generated
zephyr.signed.hexandzephyr.signed.binfiles (and derivatives) have the same logical content. Previously the two files would have different image signatures due to the indepenent calls to the image signing tool.Note this only resolves the issue when the images are automatically signed, calling
west signmanually with still result in different content. Resolving this is much harder as the tool has no knowledge of the commands requires to convert a.hexto a.bin.Fixes #52271.