-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile.esp32_mcuboot_zephyr
53 lines (48 loc) · 2.33 KB
/
Dockerfile.esp32_mcuboot_zephyr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Docker image for building and signing MCUboot and Zephyr images in development
#
# WARNING: DON'T use default SBV2_PRIVATE_KEY and MCUBOOT_PRIVATE_KEY in
# production!!!
#
# To build Docker image, call `docker build` from the current directory of this
# file
#
# Reference:
# - Secure boot: https://docs.mcuboot.com/readme-espressif.html
# - Zephyr dev: https://docs.zephyrproject.org/latest/develop/getting_started/index.html
FROM ghcr.io/thistletech/devenv_zephyr_base:ac9abb297be64e86401562e04435fca316a38dff
ARG TARGET="esp32"
ARG ZEPHYR_BOARD_NAME="esp32"
ARG PORT="/dev/ttyUSB0"
# Secure Boot V2 image signing private key name; file must be under keys/
ARG SBV2_PRIVATE_KEY="sbv2_private_dev.pem"
# MCUboot image signing private key name; file must be under keys/
ARG MCUBOOT_PRIVATE_KEY="mcuboot-ecdsa-p256_private_dev.pem"
# MCUboot bootloader configuration file name; file must be under configs/
ARG BOOTLOADER_CONFIG="bootloader_mcuboot_dev.conf"
COPY --chown=esp:dialout keys ${HOME}/keys
COPY --chown=esp:dialout configs ${HOME}/configs
#############################
# MCUboot
#############################
# Build MCUboot for ESP32
RUN cd ${HOME}/mcuboot/boot/espressif && \
source ./hal/esp-idf/export.sh && \
# Need to pip install again inside IDF env
pip3 install -r ${HOME}/mcuboot/scripts/requirements.txt && \
mv ${HOME}/configs/${BOOTLOADER_CONFIG} port/esp32/bootloader.conf && \
mv ${HOME}/keys/${MCUBOOT_PRIVATE_KEY} ${HOME}/mcuboot/mcuboot_private.pem && \
cmake -DCMAKE_TOOLCHAIN_FILE=tools/toolchain-${TARGET}.cmake -DMCUBOOT_TARGET=${TARGET} -DMCUBOOT_FLASH_PORT=${PORT} -B build -GNinja && \
ninja -C build/ && \
# Sign MCUboot image
espsecure.py sign_data --version 2 --keyfile ${HOME}/keys/${SBV2_PRIVATE_KEY} -o build/mcuboot_esp32_signed.bin build/mcuboot_esp32.bin
#############################
# Zephyr development
#############################
# Sanity check: Build and sign hello_world example for MCUboot
RUN source ${HOME}/zephyrproject/.venv/bin/activate && \
cd ${HOME}/zephyrproject/zephyr && \
west build -p always -b ${ZEPHYR_BOARD_NAME} samples/hello_world -- -DCONFIG_BOOTLOADER_MCUBOOT=y && \
imgtool sign -k ${HOME}/mcuboot/mcuboot_private.pem \
--pad --pad-sig --align 4 -v 0 -H 32 -S \
0x100000 build/zephyr/zephyr.bin build/zephyr/zephyr_signed.bin
CMD ["/bin/bash"]