Skip to content

Commit 8729fa9

Browse files
nordicjmnordicjm
committed
cmake: sysbuild: Fix not configuring key file strings
Fixes an issue whereby key file Kconfig values could have contained CMake variables which should have been configured to proper strings NCSIDB-1394 Signed-off-by: Jamie McCrae <[email protected]>
1 parent 4a73546 commit 8729fa9

File tree

3 files changed

+10
-5
lines changed

3 files changed

+10
-5
lines changed

cmake/sysbuild/debug_keys.cmake

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,14 @@ if(NOT SB_CONFIG_SECURE_BOOT_SIGNING_CUSTOM AND "${SB_CONFIG_SECURE_BOOT_SIGNING
4747
)
4848
set(SIGN_KEY_FILE_DEPENDS debug_sign_key_target)
4949
else()
50-
if(IS_ABSOLUTE ${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
51-
set(SIGNATURE_PRIVATE_KEY_FILE ${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
50+
string(CONFIGURE "${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE}" keyfile)
51+
if(IS_ABSOLUTE ${keyfile})
52+
set(SIGNATURE_PRIVATE_KEY_FILE ${keyfile})
5253
else()
5354
# Resolve path relative to the application configuration directory.
54-
set(SIGNATURE_PRIVATE_KEY_FILE ${APPLICATION_CONFIG_DIR}/${SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE})
55+
set(SIGNATURE_PRIVATE_KEY_FILE ${APPLICATION_CONFIG_DIR}/${keyfile})
5556
endif()
57+
set(keyfile)
5658

5759
if(NOT EXISTS ${SIGNATURE_PRIVATE_KEY_FILE})
5860
message(FATAL_ERROR "Config points to non-existing PEM file '${SIGNATURE_PRIVATE_KEY_FILE}'")

cmake/sysbuild/image_signing.cmake

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,8 @@ endfunction()
1919
function(zephyr_mcuboot_tasks)
2020
set(keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}")
2121
set(keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}")
22+
string(CONFIGURE "${keyfile}" keyfile)
23+
string(CONFIGURE "${keyfile_enc}" keyfile_enc)
2224

2325
if(NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
2426
# Check for misconfiguration.

cmake/sysbuild/sign.cmake

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ function(b0_gen_keys)
3030
-out ${SIGNATURE_PUBLIC_KEY_FILE}
3131
)
3232
elseif(SB_CONFIG_SECURE_BOOT_SIGNING_CUSTOM)
33-
set(SIGNATURE_PUBLIC_KEY_FILE ${SB_CONFIG_SECURE_BOOT_SIGNING_PUBLIC_KEY})
34-
set(SIGNATURE_PUBLIC_KEY_FILE ${SB_CONFIG_SECURE_BOOT_SIGNING_PUBLIC_KEY} PARENT_SCOPE)
33+
string(CONFIGURE "${SB_CONFIG_SECURE_BOOT_SIGNING_PUBLIC_KEY}" SIGNATURE_PUBLIC_KEY_FILE)
34+
set(SIGNATURE_PUBLIC_KEY_FILE ${SIGNATURE_PUBLIC_KEY_FILE} PARENT_SCOPE)
3535

3636
if(NOT EXISTS ${SIGNATURE_PUBLIC_KEY_FILE} OR IS_DIRECTORY ${SIGNATURE_PUBLIC_KEY_FILE})
3737
message(WARNING "Invalid public key file: ${SIGNATURE_PUBLIC_KEY_FILE}")
@@ -165,6 +165,7 @@ function(b0_sign_image slot)
165165
)
166166
elseif(SB_CONFIG_SECURE_BOOT_SIGNING_CUSTOM)
167167
set(custom_sign_cmd "${SB_CONFIG_SECURE_BOOT_SIGNING_COMMAND}")
168+
string(CONFIGURE "${custom_sign_cmd}" custom_sign_cmd)
168169

169170
if (("${custom_sign_cmd}" STREQUAL "") OR (NOT EXISTS ${SIGNATURE_PUBLIC_KEY_FILE}))
170171
message(FATAL_ERROR "You must specify a signing command and valid public key file for custom signing.")

0 commit comments

Comments
 (0)