From ef65e4175277a371391cf6309b12cbdb8da17db2 Mon Sep 17 00:00:00 2001 From: Samuel MARTIN Date: Mon, 5 Feb 2024 10:45:49 +0100 Subject: [PATCH 1/3] zephyr: Check signature key type at buildtime This change checks whether the signature key file is the default one (i.e. the development one) or another one sets for production. Signed-off-by: Samuel MARTIN --- boot/zephyr/CMakeLists.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6070cd582..6727ce1f7 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -292,6 +292,24 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") + # Check whether the signature key file is tracked in a git repository. + # If so, this is not the production key. + cmake_path(SET sign_key_filepath NORMALIZE "${KEY_FILE}") + + cmake_path(GET sign_key_filepath FILENAME sign_key_filename) + cmake_path(REMOVE_FILENAME sign_key_filepath OUTPUT_VARIABLE sign_key_directory) + + execute_process(COMMAND git ls-files --error-unmatch -- ${sign_key_filename} + WORKING_DIRECTORY ${sign_key_directory} + RESULT_VARIABLE devel_keyfile + OUTPUT_QUIET + ERROR_QUIET) + if(${devel_keyfile} EQUAL 0) + message(STATUS "Using development signature key: ${sign_key_filepath}") + else() + message(STATUS "Using production signature key") + endif() + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} From 23d3e8f22755f5cc66edbe013bff9db8f294f1dc Mon Sep 17 00:00:00 2001 From: Samuel MARTIN Date: Mon, 5 Feb 2024 10:47:45 +0100 Subject: [PATCH 2/3] zephyr: main.c: Print the signature key type Dump the signature key type at start-up. Signed-off-by: Samuel MARTIN --- boot/zephyr/CMakeLists.txt | 2 ++ boot/zephyr/main.c | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6727ce1f7..be334c5b4 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -306,8 +306,10 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") ERROR_QUIET) if(${devel_keyfile} EQUAL 0) message(STATUS "Using development signature key: ${sign_key_filepath}") + zephyr_compile_definitions(SIGNATURE_KEY="development") else() message(STATUS "Using production signature key") + zephyr_compile_definitions(SIGNATURE_KEY="production") endif() set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 3e86fe165..daf554c8b 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -542,6 +542,10 @@ void main(void) (void)rc; +#ifdef SIGNATURE_KEY + BOOT_LOG_INF("Sign. key: " SIGNATURE_KEY); +#endif + mcuboot_status_change(MCUBOOT_STATUS_STARTUP); #ifdef CONFIG_MCUBOOT_SERIAL From 0bf512afe364965fb3812bca7b893dff8a52beaa Mon Sep 17 00:00:00 2001 From: Samuel MARTIN Date: Mon, 5 Feb 2024 10:48:43 +0100 Subject: [PATCH 3/3] zephyr: main.c: Print the HW clock speed at boot Dump the HW clock speed at start-up. Signed-off-by: Samuel MARTIN --- boot/zephyr/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index daf554c8b..97d525fac 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -542,6 +542,7 @@ void main(void) (void)rc; + BOOT_LOG_INF("HW clock : %dMHz", CONFIG_SYS_CLOCK_HW_CYCLES_PER_SEC / 1000000); #ifdef SIGNATURE_KEY BOOT_LOG_INF("Sign. key: " SIGNATURE_KEY); #endif