components/bootloader_support/component.mk

   1 COMPONENT_ADD_INCLUDEDIRS := include
   2 COMPONENT_PRIV_INCLUDEDIRS := include_priv
   3
   4 ifdef IS_BOOTLOADER_BUILD
   5 # share "private" headers with the bootloader component
   6 # eventual goal: all functionality that needs this lives in bootloader_support
   7 COMPONENT_ADD_INCLUDEDIRS += include_priv
   8 endif
   9
  10 COMPONENT_SRCDIRS := src
  11
  12 #
  13 # Secure boot signing key support
  14 #
  15 ifdef CONFIG_SECURE_BOOT_ENABLED
  16
  17 # this path is created relative to the component build directory
  18 SECURE_BOOT_VERIFICATION_KEY := $(abspath signature_verification_key.bin)
  19
  20 ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
  21 # verification key derived from signing key.
  22 $(SECURE_BOOT_VERIFICATION_KEY): $(SECURE_BOOT_SIGNING_KEY) $(SDKCONFIG_MAKEFILE)
  23         $(ESPSECUREPY) extract_public_key --keyfile $< $@
  24 else
  25 # find the configured public key file
  26 ORIG_SECURE_BOOT_VERIFICATION_KEY := $(call resolvepath,$(call dequote,$(CONFIG_SECURE_BOOT_VERIFICATION_KEY)),$(PROJECT_PATH))
  27
  28 $(ORIG_SECURE_BOOT_VERIFICATION_KEY):
  29         @echo "Secure boot verification public key '$@' missing."
  30         @echo "This can be extracted from the private signing key, see"
  31         @echo "docs/security/secure-boot.rst for details."
  32         exit 1
  33
  34 # copy it into the build dir, so the secure boot verification key has
  35 # a predictable file name
  36 $(SECURE_BOOT_VERIFICATION_KEY): $(ORIG_SECURE_BOOT_VERIFICATION_KEY) $(SDKCONFIG_MAKEFILE)
  37         $(summary) CP $< $@
  38         cp $< $@
  39 endif
  40
  41 COMPONENT_EXTRA_CLEAN += $(SECURE_BOOT_VERIFICATION_KEY)
  42
  43 COMPONENT_EMBED_FILES := $(SECURE_BOOT_VERIFICATION_KEY)
  44
  45 endif