Merge branch 'feat/remove_global_cmake_vars' into 'master'

change(esptool_py): Make esptool_py component idempotent in the build

Closes IDF-13073

See merge request espressif/esp-idf!39589

Author: sudeep-mohanty

components/app_update/CMakeLists.txt

@@ -29,7 +29,9 @@ if(NOT BOOTLOADER_BUILD)
 
         add_custom_target(blank_ota_data ALL DEPENDS ${blank_otadata_file})
         add_dependencies(flash blank_ota_data)
-        add_dependencies(encrypted-flash blank_ota_data)
+        if(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)
+            add_dependencies(encrypted-flash blank_ota_data)
+        endif()
 
         set(otatool_py "${python}" "${COMPONENT_DIR}/otatool.py")
 

components/bootloader/subproject/CMakeLists.txt

@@ -79,16 +79,36 @@ idf_build_set_property(COMPILE_DEFINITIONS "BOOTLOADER_BUILD=1" APPEND)
 idf_build_set_property(COMPILE_DEFINITIONS "NON_OS_BUILD=1" APPEND)
 idf_build_set_property(COMPILE_OPTIONS "-fno-stack-protector" APPEND)
 
+# Set up the bootloader binary generation targets
+set(PROJECT_BIN "bootloader.bin")
+if(CONFIG_SECURE_BOOT_V2_ENABLED AND CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+    set(bootloader_unsigned_bin "bootloader-unsigned.bin")
+else()
+    set(bootloader_unsigned_bin "${PROJECT_BIN}")
+endif()
+
+# Set the final binary name as a project property
+idf_build_set_property(PROJECT_BIN "${PROJECT_BIN}")
+
+# Generate the unsigned binary from the ELF file.
+if(CONFIG_APP_BUILD_GENERATE_BINARIES)
+    set(target_name "gen_bootloader_binary")
+    __idf_build_binary("${bootloader_unsigned_bin}" "${target_name}")
+endif()
+
 idf_component_get_property(main_args esptool_py FLASH_ARGS)
 idf_component_get_property(sub_args esptool_py FLASH_SUB_ARGS)
+idf_component_get_property(esptool_py_cmd esptool_py ESPTOOLPY_CMD)
+idf_component_get_property(espsecure_py_cmd esptool_py ESPSECUREPY_CMD)
+idf_component_get_property(espefuse_py_cmd esptool_py ESPEFUSEPY_CMD)
 
 # String for printing flash command
 string(REPLACE ";" " " esptoolpy_write_flash
-    "${ESPTOOLPY} --port=(PORT) --baud=(BAUD) ${main_args} "
+    "${esptool_py_cmd} --port=(PORT) --baud=(BAUD) ${main_args} "
     "write_flash ${sub_args}")
 
-string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")
-string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")
+string(REPLACE ";" " " espsecurepy "${espsecure_py_cmd}")
+string(REPLACE ";" " " espefusepy "${espefuse_py_cmd}")
 
 # Suppress warning: "Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY"
 set(ignore_signing_key "${SECURE_BOOT_SIGNING_KEY}")
@@ -109,7 +129,7 @@ if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
         ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
 
     add_custom_command(OUTPUT "${secure_bootloader_key}"
-        COMMAND ${ESPSECUREPY} digest_private_key
+        COMMAND ${espsecure_py_cmd} digest_private_key
             --keylen "${key_digest_len}"
             --keyfile "${SECURE_BOOT_SIGNING_KEY}"
             "${secure_bootloader_key}"
@@ -134,7 +154,7 @@ if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
 
     add_custom_command(OUTPUT "${bootloader_digest_bin}"
         COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
-        COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
+        COMMAND ${espsecure_py_cmd} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
         -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
         MAIN_DEPENDENCY "${CMAKE_BINARY_DIR}/.bin_timestamp"
         DEPENDS gen_secure_bootloader_key gen_project_binary
@@ -143,39 +163,34 @@ if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
     add_custom_target(gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
 endif()
 
+# If secure boot is enabled, generate the signed binary from the unsigned one.
 if(CONFIG_SECURE_BOOT_V2_ENABLED)
-    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
-        get_filename_component(secure_boot_signing_key
-            "${SECURE_BOOT_SIGNING_KEY}" ABSOLUTE BASE_DIR "${project_dir}")
+    set(target_name "gen_signed_bootloader")
 
-        if(NOT EXISTS "${secure_boot_signing_key}")
-        message(FATAL_ERROR
-            "Secure Boot Signing Key Not found."
-            "\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."
-            "\nTo generate one, you can use this command:"
-            "\n\t${espsecurepy} generate_signing_key --version 2 ${SECURE_BOOT_SIGNING_KEY}")
+    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+        # The SECURE_BOOT_SIGNING_KEY is passed in from the parent build and
+        # is already an absolute path.
+        if(NOT EXISTS "${SECURE_BOOT_SIGNING_KEY}")
+            message(FATAL_ERROR
+                "Secure Boot Signing Key Not found."
+                "\nGenerate the Secure Boot V2 RSA-PSS 3072 Key."
+                "\nTo generate one, you can use this command:"
+                "\n\t${espsecurepy} generate_signing_key --version 2 your_key.pem"
+            )
         endif()
 
-        set(bootloader_unsigned_bin "bootloader-unsigned.bin")
-        add_custom_command(OUTPUT ".signed_bin_timestamp"
-            COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
-            "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
-            COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"
-            -o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
-            COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"
-            "from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
-            COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
-            > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
-            DEPENDS "${build_dir}/.bin_timestamp"
-            VERBATIM
-            COMMENT "Generated the signed Bootloader")
+        set(comment "Generated the signed Bootloader")
+        set(key_arg KEYFILE "${SECURE_BOOT_SIGNING_KEY}")
     else()
-        add_custom_command(OUTPUT ".signed_bin_timestamp"
-        VERBATIM
-        COMMENT "Bootloader generated but not signed")
+        # If we are not building signed binaries, we don't pass a key.
+        set(comment "Bootloader generated but not signed")
+        set(key_arg "")
     endif()
 
-    add_custom_target(gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
+    __idf_build_secure_binary("${bootloader_unsigned_bin}" "${PROJECT_BIN}" "${target_name}"
+        COMMENT "${comment}"
+        ${key_arg}
+    )
 endif()
 
 if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
@@ -259,3 +274,19 @@ elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND NOT CONFIG_SECURE_BOOT_FLASH_BOOTLOADER
     DEPENDS gen_signed_bootloader
     VERBATIM)
 endif()
+
+# Generate bootloader post-build check of the bootloader size against the offset
+partition_table_add_check_bootloader_size_target(bootloader_check_size
+    DEPENDS gen_project_binary
+    BOOTLOADER_BINARY_PATH "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
+    RESULT bootloader_check_size_command)
+add_dependencies(app bootloader_check_size)
+
+if(CONFIG_SECURE_BOOT_V2_ENABLED AND CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+    # Check the size of the bootloader + signature block.
+    partition_table_add_check_bootloader_size_target(bootloader_check_size_signed
+        DEPENDS gen_signed_bootloader
+        BOOTLOADER_BINARY_PATH "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
+        RESULT bootloader_check_size_signed_command)
+    add_dependencies(app bootloader_check_size_signed)
+endif()

components/bootloader_support/CMakeLists.txt

@@ -28,7 +28,7 @@ if(esp_tee_build)
 
     idf_component_register(SRCS ${tee_srcs}
                            INCLUDE_DIRS ${tee_inc_dirs}
-                           PRIV_REQUIRES efuse esp_app_format)
+                           PRIV_REQUIRES efuse esp_app_format esptool_py)
     return()
 endif()
 
@@ -72,7 +72,7 @@ endif()
 if(BOOTLOADER_BUILD OR CONFIG_APP_BUILD_TYPE_RAM)
     set(include_dirs "include" "bootloader_flash/include"
         "private_include")
-    set(priv_requires micro-ecc spi_flash efuse esp_bootloader_format esp_app_format)
+    set(priv_requires micro-ecc spi_flash efuse esp_bootloader_format esp_app_format esptool_py)
     list(APPEND srcs
     "src/bootloader_init.c"
     "src/bootloader_clock_loader.c"
@@ -89,7 +89,7 @@ else()
     set(include_dirs "include" "bootloader_flash/include")
     set(priv_include_dirs "private_include")
     # heap is required for `heap_memory_layout.h` header
-    set(priv_requires spi_flash mbedtls efuse heap esp_bootloader_format esp_app_format)
+    set(priv_requires spi_flash mbedtls efuse heap esp_bootloader_format esp_app_format esptool_py)
 endif()
 
 if(BOOTLOADER_BUILD)
@@ -153,6 +153,7 @@ if(NOT BOOTLOADER_BUILD)
 endif()
 
 if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME))
+    idf_component_get_property(espsecure_py_cmd esptool_py ESPSECUREPY_CMD)
     if(BOOTLOADER_BUILD)
         # Whether CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES or not, we need verification key to embed
         # in the library.
@@ -165,7 +166,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE
                 "signature_verification_key.bin"
                 ABSOLUTE BASE_DIR "${CMAKE_CURRENT_BINARY_DIR}")
             add_custom_command(OUTPUT "${secure_boot_verification_key}"
-                COMMAND ${ESPSECUREPY}
+                COMMAND ${espsecure_py_cmd}
                 extract_public_key --keyfile "${secure_boot_signing_key}"
                 "${secure_boot_verification_key}"
                 DEPENDS ${secure_boot_signing_key}
@@ -193,7 +194,7 @@ if(CONFIG_SECURE_SIGNED_APPS AND (CONFIG_SECURE_BOOT_V1_ENABLED OR CONFIG_SECURE
                 ABSOLUTE BASE_DIR "${project_dir}")
 
             add_custom_command(OUTPUT "${secure_boot_verification_key}"
-                COMMAND ${ESPSECUREPY}
+                COMMAND ${espsecure_py_cmd}
                 extract_public_key --keyfile "${secure_boot_signing_key}"
                 "${secure_boot_verification_key}"
                 WORKING_DIRECTORY ${project_dir}

components/driver/test_apps/legacy_i2c_driver/CMakeLists.txt

@@ -12,6 +12,7 @@ set(COMPONENTS main esp_pm)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(legacy_i2c_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                         COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/driver/test_apps/legacy_twai/CMakeLists.txt

@@ -7,6 +7,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(twai_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/esp_adc/test_apps/adc/CMakeLists.txt

@@ -9,6 +9,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(adc_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/esp_driver_ana_cmpr/test_apps/analog_comparator/CMakeLists.txt

@@ -7,6 +7,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(test_ana_cmpr)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/esp_driver_dac/test_apps/dac/CMakeLists.txt

@@ -7,6 +7,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(dac_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/esp_driver_gpio/test_apps/gpio/CMakeLists.txt

@@ -7,6 +7,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(gpio_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py

components/esp_driver_gpio/test_apps/gpio_extensions/CMakeLists.txt

@@ -7,6 +7,7 @@ set(COMPONENTS main)
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(gpio_extension_test)
 
+idf_build_get_property(elf EXECUTABLE)
 if(CONFIG_COMPILER_DUMP_RTL_FILES)
     add_custom_target(check_test_app_sections ALL
                       COMMAND ${PYTHON} $ENV{IDF_PATH}/tools/ci/check_callgraph.py