1 # Bootloader component (top-level project parts)
3 # The bootloader is not a real component that gets linked into the project.
4 # Instead it is an entire standalone project (in subproject/) that gets
5 # built in the upper project's build directory. This Makefile.projbuild provides
6 # the glue to build the bootloader project from the original project. It
7 # basically runs Make in the subproject/ directory but it needs to
8 # zero some variables the ESP-IDF project.mk makefile exports first, to not
11 BOOTLOADER_COMPONENT_PATH := $(COMPONENT_PATH)
12 BOOTLOADER_BUILD_DIR=$(abspath $(BUILD_DIR_BASE)/bootloader)
13 BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin
15 # signing key path is resolved relative to the project directory
16 CONFIG_SECURE_BOOT_SIGNING_KEY ?=
17 SECURE_BOOT_SIGNING_KEY=$(abspath $(call dequote,$(CONFIG_SECURE_BOOT_SIGNING_KEY)))
18 export SECURE_BOOT_SIGNING_KEY # used by bootloader_support component
20 # Has a matching value in bootloader_support esp_flash_partitions.h
21 BOOTLOADER_OFFSET := 0x1000
23 # Custom recursive make for bootloader sub-project
25 # NB: Some variables are cleared in the environment, not
26 # overriden, because they need to be re-defined in the child
31 $(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/subproject \
33 BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \
38 .PHONY: bootloader-clean bootloader-flash bootloader-list-components bootloader $(BOOTLOADER_BIN)
40 $(BOOTLOADER_BIN): $(SDKCONFIG_MAKEFILE)
43 clean: bootloader-clean
45 bootloader-list-components:
46 $(BOOTLOADER_MAKE) list-components
48 ifndef CONFIG_SECURE_BOOT_ENABLED
49 # If secure boot disabled, bootloader flashing is integrated
50 # with 'make flash' and no warnings are printed.
52 bootloader: $(BOOTLOADER_BIN) | check_python_dependencies
54 @echo "Bootloader built. Default flash command is:"
55 @echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $^"
57 ESPTOOL_ALL_FLASH_ARGS += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
59 bootloader-flash: $(BOOTLOADER_BIN) $(call prereq_if_explicit,erase_flash) check_python_dependencies
60 $(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
62 else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
64 # One time flashing requires user to run esptool.py command themselves,
65 # and warning is printed about inability to reflash.
67 # The flashing command is deliberately printed without an auto-reset
68 # step, so the device doesn't immediately reset to flash itself.
70 bootloader: $(BOOTLOADER_BIN) | check_python_dependencies
72 @echo "Bootloader built. One-time flash command is:"
73 @echo "$(subst hard_reset,no_reset,$(ESPTOOLPY_WRITE_FLASH)) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
75 @echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
77 else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
78 # Reflashable secure bootloader
79 # generates a digest binary (bootloader + digest)
81 BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
82 SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
84 ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
85 $(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY) | check_python_dependencies
86 $(ESPSECUREPY) digest_private_key -k $< $@
88 $(SECURE_BOOTLOADER_KEY):
89 @echo "No pre-generated key for a reflashable secure bootloader is available, due to signing configuration."
90 @echo "To generate one, you can use this command:"
91 @echo "espsecure.py generate_flash_encryption_key $@"
92 @echo "then re-run make."
96 bootloader: $(BOOTLOADER_DIGEST_BIN)
98 @echo "Bootloader built and secure digest generated. First time flash command is:"
99 @echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
100 @echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
102 @echo "To reflash the bootloader after initial flash:"
103 @echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
105 @echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
106 @echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
108 $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY) | check_python_dependencies
109 @echo "DIGEST $(notdir $@)"
110 $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
112 else # CONFIG_SECURE_BOOT_ENABLED && !CONFIG_SECURE_BOOTLOADER_REFLASHABLE && !CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
114 @echo "Invalid bootloader target: bad sdkconfig?"
118 ifndef CONFIG_SECURE_BOOT_ENABLED
119 # don't build bootloader by default if secure boot is enabled
120 all_binaries: $(BOOTLOADER_BIN)
123 bootloader-clean: $(SDKCONFIG_MAKEFILE)
124 $(BOOTLOADER_MAKE) app-clean
125 ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
126 rm -f $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)