1 # Copyright 2016-2017 Espressif Systems (Shanghai) PTE LTD
2 # Copyright 2018 apeos contributors
4 # Bootloader component (top-level project parts)
6 # The bootloader is not a real component that gets linked into the project.
7 # Instead it is an entire standalone project (in subproject/) that gets
8 # built in the upper project's build directory. This Makefile.projbuild provides
9 # the glue to build the bootloader project from the original project. It
10 # basically runs Make in the subproject/ directory but it needs to
11 # zero some variables the ESP-IDF project.mk makefile exports first, to not
14 # Licensed under the Apache License, Version 2.0 (the "License");
15 # you may not use this file except in compliance with the License.
16 # You may obtain a copy of the License at
18 # http://www.apache.org/licenses/LICENSE-2.0
20 # Unless required by applicable law or agreed to in writing, software
21 # distributed under the License is distributed on an "AS IS" BASIS,
22 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
23 # See the License for the specific language governing permissions and
24 # limitations under the License.
26 BOOTLOADER_COMPONENT_PATH := $(COMPONENT_PATH)
27 BOOTLOADER_BUILD_DIR=$(abspath $(BUILD_DIR_BASE)/bootloader)
28 BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin
30 # signing key path is resolved relative to the project directory
31 CONFIG_SECURE_BOOT_SIGNING_KEY ?=
32 SECURE_BOOT_SIGNING_KEY=$(abspath $(call dequote,$(CONFIG_SECURE_BOOT_SIGNING_KEY)))
33 export SECURE_BOOT_SIGNING_KEY # used by bootloader_support component
35 # Has a matching value in bootloader_support esp_flash_partitions.h
36 BOOTLOADER_OFFSET := 0x1000
38 # Custom recursive make for bootloader sub-project
40 # NB: Some variables are cleared in the environment, not
41 # overriden, because they need to be re-defined in the child
46 $(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/subproject \
48 BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \
54 .PHONY: bootloader-clean bootloader-flash bootloader-list-components bootloader
55 .PHONY: $(BOOTLOADER_BIN)
57 $(BOOTLOADER_BIN): $(SDKCONFIG_MAKEFILE)
60 clean: bootloader-clean
62 bootloader-list-components:
63 $(BOOTLOADER_MAKE) list-components
65 ifndef CONFIG_SECURE_BOOT_ENABLED
66 # If secure boot disabled, bootloader flashing is integrated
67 # with 'make flash' and no warnings are printed.
69 bootloader: $(BOOTLOADER_BIN)
71 @echo "Bootloader built. Default flash command is:"
72 @echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $^"
74 ESPTOOL_ALL_FLASH_ARGS += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
76 bootloader-flash: $(BOOTLOADER_BIN) $(call prereq_if_explicit,erase_flash)
77 $(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
79 else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
81 # One time flashing requires user to run esptool.py command themselves,
82 # and warning is printed about inability to reflash.
84 # The flashing command is deliberately printed without an auto-reset
85 # step, so the device doesn't immediately reset to flash itself.
87 bootloader: $(BOOTLOADER_BIN)
89 @echo "Bootloader built. One-time flash command is:"
90 @echo "$(subst hard_reset,no_reset,$(ESPTOOLPY_WRITE_FLASH)) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
92 @echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
94 else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
95 # Reflashable secure bootloader
96 # generates a digest binary (bootloader + digest)
98 BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
99 SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
101 ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
102 $(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY)
103 $(ESPSECUREPY) digest_private_key -k $< $@
105 $(SECURE_BOOTLOADER_KEY):
106 @echo "No pre-generated key for a reflashable secure bootloader is available, due to signing configuration."
107 @echo "To generate one, you can use this command:"
108 @echo "espsecure.py generate_flash_encryption_key $@"
109 @echo "then re-run make."
113 bootloader: $(BOOTLOADER_DIGEST_BIN)
115 @echo "Bootloader built and secure digest generated. First time flash command is:"
116 @echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
117 @echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
119 @echo "To reflash the bootloader after initial flash:"
120 @echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
122 @echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
123 @echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
125 $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY)
126 @echo "DIGEST $(notdir $@)"
127 $(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
129 else # CONFIG_SECURE_BOOT_ENABLED && !CONFIG_SECURE_BOOTLOADER_REFLASHABLE && !CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
131 @echo "Invalid bootloader target: bad sdkconfig?"
135 ifndef CONFIG_SECURE_BOOT_ENABLED
136 # don't build bootloader by default is secure boot is enabled
137 all_binaries: $(BOOTLOADER_BIN)
140 bootloader-clean: $(SDKCONFIG_MAKEFILE)
141 ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
142 rm -f $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)