cmake: sysbuild: Fix b0 signing

Fixes b0 signing to work for both application and network core images, and to only generate the dfu_mcuboot.zip if it is an MCUboot image Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
nordicjm · May 14, 2024 · a635286 · a635286
1 parent 61f902f
commit a635286
Showing 1 changed file with 34 additions and 35 deletions.
diff --git a/cmake/sysbuild/b0_mcuboot_signing.cmake b/cmake/sysbuild/b0_mcuboot_signing.cmake
@@ -10,7 +10,7 @@
 # Since this file is brought in via include(), we do the work in a
 # function to avoid polluting the top-level scope.
 
-function(ncs_secure_boot_mcuboot_sign application application_name bin_files signed_targets)
+function(ncs_secure_boot_mcuboot_sign application output_name bin_files signed_targets prefix)
   set(keyfile "${SB_CONFIG_BOOT_SIGNATURE_KEY_FILE}")
 
   # Find imgtool. Even though west is installed, imgtool might not be.
@@ -38,15 +38,15 @@ function(ncs_secure_boot_mcuboot_sign application application_name bin_files sig
   sysbuild_get(CONFIG_BUILD_OUTPUT_BIN IMAGE ${application} VAR CONFIG_BUILD_OUTPUT_BIN KCONFIG)
   sysbuild_get(CONFIG_BUILD_OUTPUT_HEX IMAGE ${application} VAR CONFIG_BUILD_OUTPUT_HEX KCONFIG)
 
-  string(TOUPPER "${application_name}" application_name_uppercase)
-  set(imgtool_sign ${imgtool_path} sign --version ${SB_CONFIG_SECURE_BOOT_MCUBOOT_VERSION} --align 4 --slot-size $<TARGET_PROPERTY:partition_manager,PM_${application_name_uppercase}_SIZE> --pad-header --header-size ${SB_CONFIG_PM_MCUBOOT_PAD})
+  string(TOUPPER "${application}" application_uppercase)
+  set(imgtool_sign ${imgtool_path} sign --version ${SB_CONFIG_SECURE_BOOT_MCUBOOT_VERSION} --align 4 --slot-size $<TARGET_PROPERTY:partition_manager,${prefix}PM_${application_uppercase}_SIZE> --pad-header --header-size ${SB_CONFIG_PM_MCUBOOT_PAD})
 
   if(NOT "${keyfile}" STREQUAL "")
     set(imgtool_extra -k "${keyfile}" ${imgtool_extra})
   endif()
 
   # Extensionless prefix of any output file.
-  set(output ${PROJECT_BINARY_DIR}/signed_by_mcuboot_and_b0_${application})
+  set(output ${PROJECT_BINARY_DIR}/signed_by_mcuboot_and_b0_${output_name})
 
   # List of additional build byproducts.
   set(byproducts)
@@ -121,45 +121,44 @@ function(ncs_secure_boot_mcuboot_sign application application_name bin_files sig
   endif()
 endfunction()
 
-if(SB_CONFIG_BOOTLOADER_MCUBOOT AND SB_CONFIG_SECURE_BOOT)
-  set(bin_files)
-  set(signed_targets)
-
+if(SB_CONFIG_BOOTLOADER_MCUBOOT)
   if(SB_CONFIG_SECURE_BOOT_APPCORE)
-    set(s0_image_name "mcuboot")
-    set(s0_application_name "${s0_image_name}")
-  else()
-    get_property(image_name GLOBAL PROPERTY DOMAIN_APP_CPUNET)
-    set(s0_image_name "${image_name}")
-    set(s0_application_name "mcuboot_primary_1")
-  endif()
+    set(bin_files)
+    set(signed_targets)
 
-  ncs_secure_boot_mcuboot_sign("${s0_image_name}" "${s0_application_name}" "${bin_files}" "${signed_targets}")
+    ncs_secure_boot_mcuboot_sign(mcuboot s0_image "${bin_files}" "${signed_targets}" "")
 
-  if(SB_CONFIG_SECURE_BOOT_BUILD_S1_VARIANT_IMAGE)
-    ncs_secure_boot_mcuboot_sign("s1_image" "s1_image" "${bin_files}" "${signed_targets}")
+    if(SB_CONFIG_SECURE_BOOT_BUILD_S1_VARIANT_IMAGE)
+      ncs_secure_boot_mcuboot_sign(s1_image s1_image "${bin_files}" "${signed_targets}" "")
+    endif()
+
+    if(bin_files)
+      sysbuild_get(mcuboot_fw_info_firmware_version IMAGE mcuboot VAR CONFIG_FW_INFO_FIRMWARE_VERSION KCONFIG)
+
+      include(${ZEPHYR_NRF_MODULE_DIR}/cmake/fw_zip.cmake)
+
+      generate_dfu_zip(
+        OUTPUT ${PROJECT_BINARY_DIR}/dfu_mcuboot.zip
+        BIN_FILES ${bin_files}
+        TYPE mcuboot
+        IMAGE mcuboot
+        SCRIPT_PARAMS
+        "signed_by_mcuboot_and_b0_s0_image.binload_address=$<TARGET_PROPERTY:partition_manager,PM_S0_ADDRESS>"
+        "signed_by_mcuboot_and_b0_s1_image.binload_address=$<TARGET_PROPERTY:partition_manager,PM_S1_ADDRESS>"
+        "version_MCUBOOT=${SB_CONFIG_SECURE_BOOT_MCUBOOT_VERSION}"
+        "version_B0=${mcuboot_fw_info_firmware_version}"
+        DEPENDS ${signed_targets}
+        )
+    endif()
   endif()
 
-  if(bin_files)
-    sysbuild_get(mcuboot_fw_info_firmware_version IMAGE mcuboot VAR CONFIG_FW_INFO_FIRMWARE_VERSION KCONFIG)
-
-    include(${ZEPHYR_NRF_MODULE_DIR}/cmake/fw_zip.cmake)
-
-    generate_dfu_zip(
-      OUTPUT ${PROJECT_BINARY_DIR}/dfu_mcuboot.zip
-      BIN_FILES ${bin_files}
-      TYPE mcuboot
-      IMAGE mcuboot
-      SCRIPT_PARAMS
-      "signed_by_mcuboot_and_b0_${s0_image_name}.binload_address=$<TARGET_PROPERTY:partition_manager,PM_S0_ADDRESS>"
-      "signed_by_mcuboot_and_b0_s1_image.binload_address=$<TARGET_PROPERTY:partition_manager,PM_S1_ADDRESS>"
-      "version_MCUBOOT=${SB_CONFIG_SECURE_BOOT_MCUBOOT_VERSION}"
-      "version_B0=${mcuboot_fw_info_firmware_version}"
-      DEPENDS ${signed_targets}
-      )
+  if(SB_CONFIG_SECURE_BOOT_NETCORE)
+    get_property(image_name GLOBAL PROPERTY DOMAIN_APP_CPUNET)
+    ncs_secure_boot_mcuboot_sign(${image_name} ${image_name} "${bin_files}" "${signed_targets}" CPUNET_)
   endif()
 
   # Clear temp variables
+  set(image_name)
   set(bin_files)
   set(signed_targets)
 endif()