1 COMPONENT_ADD_INCLUDEDIRS
:= include
2 COMPONENT_PRIV_INCLUDEDIRS
:= include_priv
4 ifdef IS_BOOTLOADER_BUILD
5 # share "private" headers with the bootloader component
6 # eventual goal: all functionality that needs this lives in bootloader_support
7 COMPONENT_ADD_INCLUDEDIRS
+= include_priv
10 COMPONENT_SRCDIRS
:= src
13 # Secure boot signing key support
15 ifdef CONFIG_SECURE_BOOT_ENABLED
17 # this path is created relative to the component build directory
18 SECURE_BOOT_VERIFICATION_KEY
:= $(abspath signature_verification_key.bin
)
20 ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
21 # verification key derived from signing key.
22 $(SECURE_BOOT_VERIFICATION_KEY
): $(SECURE_BOOT_SIGNING_KEY
) $(SDKCONFIG_MAKEFILE
)
23 $(ESPSECUREPY
) extract_public_key
--keyfile
$< $@
25 # find the configured public key file
26 ORIG_SECURE_BOOT_VERIFICATION_KEY
:= $(call resolvepath
,$(call dequote
,$(CONFIG_SECURE_BOOT_VERIFICATION_KEY
)),$(PROJECT_PATH
))
28 $(ORIG_SECURE_BOOT_VERIFICATION_KEY
):
29 @echo
"Secure boot verification public key '$@' missing."
30 @echo
"This can be extracted from the private signing key, see"
31 @echo
"docs/security/secure-boot.rst for details."
34 # copy it into the build dir, so the secure boot verification key has
35 # a predictable file name
36 $(SECURE_BOOT_VERIFICATION_KEY
): $(ORIG_SECURE_BOOT_VERIFICATION_KEY
) $(SDKCONFIG_MAKEFILE
)
41 COMPONENT_EXTRA_CLEAN
+= $(SECURE_BOOT_VERIFICATION_KEY
)
43 COMPONENT_EMBED_FILES
:= $(SECURE_BOOT_VERIFICATION_KEY
)