$(BOOTLOADER_BIN): | $(BOOTLOADER_BUILD_DIR)/sdkconfig
$(Q) $(BOOTLOADER_MAKE) $@
- bootloader-clean:
- $(Q) $(BOOTLOADER_MAKE) app-clean config-clean
- $(Q) rm -f $(BOOTLOADER_SDKCONFIG) $(BOOTLOADER_SDKCONFIG).old
-
clean: bootloader-clean
+ ifdef CONFIG_SECURE_BOOTLOADER_DISABLED
+ # If secure boot disabled, bootloader flashing is integrated
+ # with 'make flash' and no warnings are printed.
+
bootloader: $(BOOTLOADER_BIN)
+ @echo $(SEPARATOR)
@echo "Bootloader built. Default flash command is:"
- @echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $(BOOTLOADER_BIN)"
+ @echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^"
- all_binaries: $(BOOTLOADER_BIN)
-
ESPTOOL_ALL_FLASH_ARGS += 0x1000 $(BOOTLOADER_BIN)
- # bootloader-flash calls flash in the bootloader dummy project
bootloader-flash: $(BOOTLOADER_BIN)
- $(BOOTLOADER_MAKE) flash
+ $(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
+ else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
+
+ #### TEMPORARILY DISABLE THIS OPTION
+ ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
+ bootloader:
+ @echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device"
+ @echo "If you flash this bootloader, you will be left with an non-updateable bootloader that is missing features."
+ @echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
+ exit 1
+ else
+
+ # One time flashing requires user to run esptool.py command themselves,
+ # and warning is printed about inability to reflash.
+
+ bootloader: $(BOOTLOADER_BIN)
+ @echo $(SEPARATOR)
+ @echo "Bootloader built. One-time flash command is:"
+ @echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $(BOOTLOADER_BIN)"
+ @echo $(SEPARATOR)
+ @echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
+
+ endif # IDF_INSECURE_SECURE_BOOT
+ else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
+ # Reflashable secure bootloader
+ # generates a digest binary (bootloader + digest)
+
+ #### TEMPORARILY DISABLE THIS OPTION
+ ifneq ("$(IDF_INSECURE_SECURE_BOOT)","1")
+ bootloader:
+ @echo "Secure boot features are not yet mature, so the current secure bootloader will not properly secure the device."
+ @echo "If using this feature, expect to reflash the bootloader at least one more time."
+ @echo "If you really want to do this, set the environment variable IDF_INSECURE_SECURE_BOOT=1 and rerun make."
+ exit 1
+ else
+
+ BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
+ SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
+
+ $(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY)
+ $(Q) $(ESPSECUREPY) digest_private_key -k $< $@
+
+ bootloader: $(BOOTLOADER_DIGEST_BIN)
+ @echo $(SEPARATOR)
+ @echo "Bootloader built and secure digest generated. First time flash command is:"
+ @echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
+ @echo "$(ESPTOOLPY_WRITE_FLASH) 0x1000 $(BOOTLOADER_BIN)"
+ @echo $(SEPARATOR)
+ @echo "To reflash the bootloader after initial flash:"
+ @echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
+ @echo $(SEPARATOR)
+ @echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
+ @echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
+
+ $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY)
+ @echo "DIGEST $(notdir $@)"
+ $(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
+
+ endif # IDF_INSECURE_SECURE_BOOT
+ else
+ bootloader:
+ @echo "Invalid bootloader target: bad sdkconfig?"
+ @exit 1
+ endif
+
+ bootloader-clean:
+ $(Q) $(BOOTLOADER_MAKE) app-clean config-clean
+ $(Q) rm -f $(BOOTLOADER_SDKCONFIG) $(BOOTLOADER_SDKCONFIG).old $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)
+
+ all_binaries: $(BOOTLOADER_BIN)
+
# synchronise the project level config to the bootloader's
# config
$(BOOTLOADER_SDKCONFIG): $(PROJECT_PATH)/sdkconfig | $(BOOTLOADER_BUILD_DIR)
partition-tables
build_system
openocd
+ Secure Boot <security/secure-boot>
+.. API Reference
+ ..
+ Table of Contents Outline
+ ..
+ 1. System - TBA
+ 1.1. Fundamentals of multiprocessor programming with FreeRTOS - TBA
+ 1.2. Application startup flow - TBA
+ 1.3. Flash encryption and secure boot: how they work and APIs - TBA
+ 1.4. Lower Power Coprocessor - TBA
+ 1.5. Watchdogs
+ 1.6. ...
+ 2. Memeory - TBA
+ 2.1. Memory layout of the application (IRAM/IROM, limitations of each) - TBA
+ 2.2. Flash layout and partitions - TBA
+ 2.3. Flash access APIs - TBA
+ 2.4. Partition APIs - TBA
+ 2.5. OTA mechanism (app partitions, OTA partition) and APIs - TBA
+ 2.6. ...
+ 3. Wi-Fi
+ 4. Bluetooth
+ 4.1. BT Classic - TBA
+ 4.2. BLE
+ 5. Ethernet - TBA
+ 6. Interfaces
+ 6.1. GPIO
+ 6.2. ADC - TBA
+ 6.3. DAC - TBA
+ 6.4. UART - TBA
+ 6.5. I2C - TBA
+ 6.6. I2S - TBA
+ 6.7. SPI - TBA
+ 6.8. CAN - TBA
+ 6.9. SD Controller - TBA
+ 6.10. Infrared - TBA
+ 6.11. Pulse Counter - TBA
+ 6.12. PWM - TBA
+ 6.13. LED PWM
+ 6.14. ...
+ 7. Sensors - TBA
+ 7.1. Hall Sensor - TBA
+ 7.2. Temperature Sensor - TBA
+ 7.3. Touch Sensor - TBA
+ 8. Protocols - TBA
+ 9. Components
+ 9.1. Logging <api/log>
+ 9.2 Non-Volatile Storage <api/nvs_flash>
+ 9.3 Virtual Filesystem <api/vfs>
+ 9.3. Http sever - TBA
+ 10. Applications - TBA
+ ..
+ API Dcoumentation Teamplate
+ ..
+
.. toctree::
:caption: API Reference
:maxdepth: 1
projects / esp-idf / commitdiff