mirror of https://github.com/ArduPilot/ardupilot
waf: add support for secure bootloader
This commit is contained in:
parent
e6e56674d3
commit
3f951c3e0b
|
@ -253,6 +253,10 @@ class Board:
|
||||||
if cfg.options.bootloader:
|
if cfg.options.bootloader:
|
||||||
# don't let bootloaders try and pull scripting in
|
# don't let bootloaders try and pull scripting in
|
||||||
cfg.options.disable_scripting = True
|
cfg.options.disable_scripting = True
|
||||||
|
if cfg.options.signed_fw:
|
||||||
|
env.DEFINES.update(
|
||||||
|
ENABLE_HEAP = 1,
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
env.DEFINES.update(
|
env.DEFINES.update(
|
||||||
ENABLE_HEAP = 1,
|
ENABLE_HEAP = 1,
|
||||||
|
@ -576,6 +580,7 @@ class sitl(Board):
|
||||||
cfg.define('HAL_WITH_RAMTRON', 1)
|
cfg.define('HAL_WITH_RAMTRON', 1)
|
||||||
cfg.define('AP_GENERATOR_RICHENPOWER_ENABLED', 1)
|
cfg.define('AP_GENERATOR_RICHENPOWER_ENABLED', 1)
|
||||||
cfg.define('AP_OPENDRONEID_ENABLED', 1)
|
cfg.define('AP_OPENDRONEID_ENABLED', 1)
|
||||||
|
cfg.define('AP_SIGNED_FIRMWARE', 0)
|
||||||
|
|
||||||
if self.with_can:
|
if self.with_can:
|
||||||
cfg.define('HAL_NUM_CAN_IFACES', 2)
|
cfg.define('HAL_NUM_CAN_IFACES', 2)
|
||||||
|
@ -1011,6 +1016,17 @@ class chibios(Board):
|
||||||
else:
|
else:
|
||||||
cfg.msg("Enabling -Werror", "no")
|
cfg.msg("Enabling -Werror", "no")
|
||||||
|
|
||||||
|
if cfg.options.signed_fw:
|
||||||
|
cfg.define('AP_SIGNED_FIRMWARE', 1)
|
||||||
|
env.CFLAGS += [
|
||||||
|
'-DAP_SIGNED_FIRMWARE=1',
|
||||||
|
]
|
||||||
|
else:
|
||||||
|
cfg.define('AP_SIGNED_FIRMWARE', 0)
|
||||||
|
env.CFLAGS += [
|
||||||
|
'-DAP_SIGNED_FIRMWARE=0',
|
||||||
|
]
|
||||||
|
|
||||||
try:
|
try:
|
||||||
import intelhex
|
import intelhex
|
||||||
env.HAVE_INTEL_HEX = True
|
env.HAVE_INTEL_HEX = True
|
||||||
|
|
|
@ -236,7 +236,11 @@ class set_app_descriptor(Task.Task):
|
||||||
def keyword(self):
|
def keyword(self):
|
||||||
return "app_descriptor"
|
return "app_descriptor"
|
||||||
def run(self):
|
def run(self):
|
||||||
|
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
|
||||||
|
descriptor = b'\x41\xa3\xe5\xf2\x65\x69\x92\x07'
|
||||||
|
else:
|
||||||
descriptor = b'\x40\xa2\xe4\xf1\x64\x68\x91\x06'
|
descriptor = b'\x40\xa2\xe4\xf1\x64\x68\x91\x06'
|
||||||
|
|
||||||
img = open(self.inputs[0].abspath(), 'rb').read()
|
img = open(self.inputs[0].abspath(), 'rb').read()
|
||||||
offset = img.find(descriptor)
|
offset = img.find(descriptor)
|
||||||
if offset == -1:
|
if offset == -1:
|
||||||
|
@ -251,10 +255,16 @@ class set_app_descriptor(Task.Task):
|
||||||
upload_tools = self.env.get_flat('UPLOAD_TOOLS')
|
upload_tools = self.env.get_flat('UPLOAD_TOOLS')
|
||||||
sys.path.append(upload_tools)
|
sys.path.append(upload_tools)
|
||||||
from uploader import crc32
|
from uploader import crc32
|
||||||
|
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
|
||||||
|
desc_len = 92
|
||||||
|
else:
|
||||||
desc_len = 16
|
desc_len = 16
|
||||||
crc1 = to_unsigned(crc32(bytearray(img[:offset])))
|
crc1 = to_unsigned(crc32(bytearray(img[:offset])))
|
||||||
crc2 = to_unsigned(crc32(bytearray(img[offset+desc_len:])))
|
crc2 = to_unsigned(crc32(bytearray(img[offset+desc_len:])))
|
||||||
githash = to_unsigned(int('0x' + os.environ.get('GIT_VERSION', self.generator.bld.git_head_hash(short=True)),16))
|
githash = to_unsigned(int('0x' + os.environ.get('GIT_VERSION', self.generator.bld.git_head_hash(short=True)),16))
|
||||||
|
if self.generator.bld.env.AP_SIGNED_FIRMWARE:
|
||||||
|
desc = struct.pack('<IIIII72s', crc1, crc2, len(img), githash, 0, bytes(bytearray([0 for i in range(72)])))
|
||||||
|
else:
|
||||||
desc = struct.pack('<IIII', crc1, crc2, len(img), githash)
|
desc = struct.pack('<IIII', crc1, crc2, len(img), githash)
|
||||||
img = img[:offset] + desc + img[offset+desc_len:]
|
img = img[:offset] + desc + img[offset+desc_len:]
|
||||||
Logs.info("Applying APP_DESCRIPTOR %08x%08x" % (crc1, crc2))
|
Logs.info("Applying APP_DESCRIPTOR %08x%08x" % (crc1, crc2))
|
||||||
|
@ -548,6 +558,10 @@ def generate_hwdef_h(env):
|
||||||
env.HWDEF = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/%s/hwdef.dat' % env.BOARD)
|
env.HWDEF = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/%s/hwdef.dat' % env.BOARD)
|
||||||
env.BOOTLOADER_OPTION=""
|
env.BOOTLOADER_OPTION=""
|
||||||
|
|
||||||
|
if env.AP_SIGNED_FIRMWARE:
|
||||||
|
print(env.BOOTLOADER_OPTION)
|
||||||
|
env.BOOTLOADER_OPTION += " --signed-fw"
|
||||||
|
print(env.BOOTLOADER_OPTION)
|
||||||
hwdef_script = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/scripts/chibios_hwdef.py')
|
hwdef_script = os.path.join(env.SRCROOT, 'libraries/AP_HAL_ChibiOS/hwdef/scripts/chibios_hwdef.py')
|
||||||
hwdef_out = env.BUILDROOT
|
hwdef_out = env.BUILDROOT
|
||||||
if not os.path.exists(hwdef_out):
|
if not os.path.exists(hwdef_out):
|
||||||
|
|
9
wscript
9
wscript
|
@ -175,6 +175,11 @@ def options(opt):
|
||||||
default=False,
|
default=False,
|
||||||
help='Configure for building a bootloader.')
|
help='Configure for building a bootloader.')
|
||||||
|
|
||||||
|
g.add_option('--signed-fw',
|
||||||
|
action='store_true',
|
||||||
|
default=False,
|
||||||
|
help='Configure for signed firmware support.')
|
||||||
|
|
||||||
g.add_option('--no-autoconfig',
|
g.add_option('--no-autoconfig',
|
||||||
dest='autoconfig',
|
dest='autoconfig',
|
||||||
action='store_false',
|
action='store_false',
|
||||||
|
@ -392,6 +397,10 @@ def configure(cfg):
|
||||||
_set_build_context_variant(cfg.env.BOARD)
|
_set_build_context_variant(cfg.env.BOARD)
|
||||||
cfg.setenv(cfg.env.BOARD)
|
cfg.setenv(cfg.env.BOARD)
|
||||||
|
|
||||||
|
if cfg.options.signed_fw:
|
||||||
|
cfg.env.AP_SIGNED_FIRMWARE = True
|
||||||
|
cfg.options.enable_check_firmware = True
|
||||||
|
|
||||||
cfg.env.BOARD = cfg.options.board
|
cfg.env.BOARD = cfg.options.board
|
||||||
cfg.env.DEBUG = cfg.options.debug
|
cfg.env.DEBUG = cfg.options.debug
|
||||||
cfg.env.COVERAGE = cfg.options.coverage
|
cfg.env.COVERAGE = cfg.options.coverage
|
||||||
|
|
Loading…
Reference in New Issue