Skip to content

Commit

Permalink
module: mcuboot: Add config option to support unsigned binary generation
Browse files Browse the repository at this point in the history
This commit adds a change to support running west sign command even if
the keyfile is not provided. Default value of the configuration
is set to n in order to maintain backward compatibility.

Signed-off-by: Shubham Kulkarni <[email protected]>
  • Loading branch information
shubhamkulkarni97 authored and cfriedt committed Dec 18, 2021
1 parent f1b77d3 commit f9eaabb
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 7 deletions.
8 changes: 8 additions & 0 deletions Kconfig.zephyr
Original file line number Diff line number Diff line change
Expand Up @@ -614,6 +614,7 @@ if BOOTLOADER_MCUBOOT
config MCUBOOT_SIGNATURE_KEY_FILE
string "Path to the mcuboot signing key file"
default ""
depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
help
The file contains a key pair whose public half is verified
by your target's MCUboot image. The file is in PEM format.
Expand Down Expand Up @@ -672,6 +673,13 @@ config MCUBOOT_EXTRA_IMGTOOL_ARGS
you can use this option to pass extra options to imgtool.
For example, you could set this to "--version 1.2".

config MCUBOOT_GENERATE_UNSIGNED_IMAGE
bool "Generate unsigned binary image bootable with MCUboot"
help
Enabling this configuration allows automatic unsigned binary image
generation when MCUboot signing key is not provided,
i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.

config MCUBOOT_GENERATE_CONFIRMED_IMAGE
bool "Also generate a padded, confirmed image"
help
Expand Down
21 changes: 14 additions & 7 deletions cmake/mcuboot.cmake
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,13 @@ function(zephyr_mcuboot_tasks)
set(keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}")
set(keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}")

# Check for misconfiguration.
if("${keyfile}" STREQUAL "")
# No signature key file, no signed binaries. No error, though:
# this is the documented behavior.
return()
if(NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
# Check for misconfiguration.
if("${keyfile}" STREQUAL "")
# No signature key file, no signed binaries. No error, though:
# this is the documented behavior.
return()
endif()
endif()

if(NOT WEST)
Expand All @@ -39,7 +41,7 @@ function(zephyr_mcuboot_tasks)
set(${file} "${WEST_TOPDIR}/${${file}}")
endif()

if(NOT EXISTS "${${file}}")
if(NOT EXISTS "${${file}}" AND NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
message(FATAL_ERROR "west sign can't find file ${${file}} (Note: Relative paths are relative to the west workspace topdir \"${WEST_TOPDIR}\")")
elseif(NOT (CONFIG_BUILD_OUTPUT_BIN OR CONFIG_BUILD_OUTPUT_HEX))
message(FATAL_ERROR "Can't sign images for MCUboot: Neither CONFIG_BUILD_OUTPUT_BIN nor CONFIG_BUILD_OUTPUT_HEX is enabled, so there's nothing to sign.")
Expand Down Expand Up @@ -84,7 +86,12 @@ function(zephyr_mcuboot_tasks)
else()
set(imgtool_extra)
endif()
set(imgtool_args -- --key "${keyfile}" ${imgtool_extra})

if(NOT "${keyfile}" STREQUAL "")
set(imgtool_extra --key "${keyfile}" ${imgtool_extra})
endif()

set(imgtool_args -- ${imgtool_extra})

# Extensionless prefix of any output file.
set(output ${ZEPHYR_BINARY_DIR}/${KERNEL_NAME})
Expand Down

0 comments on commit f9eaabb

Please sign in to comment.