Mirror
/
ardupilot
mirror of https://github.com/ArduPilot/ardupilot
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

waf: add support for secure bootloader

This commit is contained in:
bugobliterator 2022-08-11 10:03:46 +05:30 committed by Andrew Tridgell
parent e6e56674d3
commit 3f951c3e0b
3 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Tools/ardupilotwaf/boards.py
View File

@ -253,6 +253,10 @@ class Board:
if cfg.options.bootloader:
# don't let bootloaders try and pull scripting in
cfg.options.disable_scripting = True
if cfg.options.signed_fw:
env.DEFINES.update(
ENABLE_HEAP = 1,
)
else:
env.DEFINES.update(
ENABLE_HEAP = 1,
@ -576,6 +580,7 @@ class sitl(Board):
cfg.define('HAL_WITH_RAMTRON', 1)
cfg.define('AP_GENERATOR_RICHENPOWER_ENABLED', 1)
cfg.define('AP_OPENDRONEID_ENABLED', 1)
cfg.define('AP_SIGNED_FIRMWARE', 0)
if self.with_can:
cfg.define('HAL_NUM_CAN_IFACES', 2)
@ -1011,6 +1016,17 @@ class chibios(Board):
else:
cfg.msg("Enabling -Werror", "no")
if cfg.options.signed_fw:
cfg.define('AP_SIGNED_FIRMWARE', 1)
env.CFLAGS += [
'-DAP_SIGNED_FIRMWARE=1',
]
else:
cfg.define('AP_SIGNED_FIRMWARE', 0)
env.CFLAGS += [
'-DAP_SIGNED_FIRMWARE=0',
]
try:
import intelhex
env.HAVE_INTEL_HEX = True

20
Tools/ardupilotwaf/chibios.py
View File

@ -236,7 +236,11 @@ class set_app_descriptor(Task.Task):
def keyword(self):
return "app_descriptor"
def run(self):
descriptor = b'\x40\xa2\xe4\xf1\x64\x68\x91\x06'
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
descriptor = b'\x41\xa3\xe5\xf2\x65\x69\x92\x07'
else:
descriptor = b'\x40\xa2\xe4\xf1\x64\x68\x91\x06'
img = open(self.inputs[0].abspath(), 'rb').read()
offset = img.find(descriptor)
if offset == -1:
@ -251,11 +255,17 @@ class set_app_descriptor(Task.Task):
upload_tools = self.env.get_flat('UPLOAD_TOOLS')
sys.path.append(upload_tools)
from uploader import crc32
desc_len = 16
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
desc_len = 92
else:
desc_len = 16
crc1 = to_unsigned(crc32(bytearray(img[:offset])))
crc2 = to_unsigned(crc32(bytearray(img[offset+desc_len:])))
githash = to_unsigned(int('0x' + os.environ.get('GIT_VERSION', self.generator.bld.git_head_hash(short=True)),16))
desc = struct.pack('<IIII', crc1, crc2, len(img), githash)
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
desc = struct.pack('<IIIII72s', crc1, crc2, len(img), githash, 0, bytes(bytearray([0 for i in range(72)])))
else:
desc = struct.pack('<IIII', crc1, crc2, len(img), githash)
img = img[:offset] + desc + img[offset+desc_len:]
Logs.info("Applying APP_DESCRIPTOR %08x%08x" % (crc1, crc2))
open(self.inputs[0].abspath(), 'wb').write(img)
@ -548,6 +558,10 @@ def generate_hwdef_h(env):
env.HWDEF = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/%s/hwdef.dat' % env.BOARD)
env.BOOTLOADER_OPTION=""
if env.AP_SIGNED_FIRMWARE:
print(env.BOOTLOADER_OPTION)
env.BOOTLOADER_OPTION += " --signed-fw"
print(env.BOOTLOADER_OPTION)
hwdef_script = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/scripts/chibios_hwdef.py')
hwdef_out = env.BUILDROOT
if not os.path.exists(hwdef_out):

9
wscript
View File

@ -175,6 +175,11 @@ def options(opt):
default=False,
help='Configure for building a bootloader.')
g.add_option('--signed-fw',
action='store_true',
default=False,
help='Configure for signed firmware support.')
g.add_option('--no-autoconfig',
dest='autoconfig',
action='store_false',
@ -392,6 +397,10 @@ def configure(cfg):
_set_build_context_variant(cfg.env.BOARD)
cfg.setenv(cfg.env.BOARD)
if cfg.options.signed_fw:
cfg.env.AP_SIGNED_FIRMWARE = True
cfg.options.enable_check_firmware = True
cfg.env.BOARD = cfg.options.board
cfg.env.DEBUG = cfg.options.debug
cfg.env.COVERAGE = cfg.options.coverage