MCUboot-compatible builds in Zephyr #5756
Comments
carlescufi
assigned mbolivar, carlescufi, SebastianBoe, d3zd3z and nashif and unassigned mbolivar
|
Comments welcome, this is just an idea for now |
IMHO, stuffing signing into Zephyr build system is too much. Also, we seem to move towards splitting of e.g. emulation to a separate tool instead of "make run" (well, I heard talks about...). Here, instead, more adhoc tools get integrated into Cmake system. No consistent direction of motion... |
That's where we really need to take a decision. We either go for an external tool that does all of this sort of stuff, or we integrate it into CMake. I think we need quorum to take that decision, so I will ressucitate the old issue and add people there. |
|
I think I agree with @pfalcon that putting explicit mcuboot support into Zephyr feels strange. We have DT partitions that let us build images in an mcuboot compatible way. I think perhaps a more flexible and general approach would be to allow combining multiple DT overlay files we can specify at CMake generation or build convenient time, rather than just having DTC_OVERLAY_FILE and falling back to DTC_OVERLAY_DIR/board.overlay). This would allow building for mcuboot as a single, perhaps SoC-specific overlay file, but also allow application-specific overlay files too. |
|
re: Image signing, I also think it's a strange thing to add directly to Zephyr's CMake build system. In a non-toy environment, the location of the manufacturer or device specific signing keys probably need to be passed at runtime to the tooling that does the signing (which is, in sufficiently paranoid places, not the same environment as the one that does the building). CMake-generated build systems are not a good fit for this since they require manipulating the environment to pass runtime arguments, and the issue of separate environments pushes me towards separate (but still convenient) tools than the Zephyr build system. |
|
Current tweaks required to have a Zephyr application boot with MCUboot:
|
I disagree. It fits nicely into Zephyr's build system because signing from a build system perspective is just files depending on other files with a command or two to implement the dependency rule.
I'd say we are consistently moving in the direction of Zephyr using the build system to integrate tools needed by the user. Examples; DTC, Kconfig, gdb, pyocd, gen_syscalls, merge_config, git (for downloading OpenThread), etc. If this separate tool had existed and been responsible for certain workflows not covered today I would agree we were inconsistent, but today at least things are consistent. |
Sounds good. No matter how we end up integrating with MCUBoot we probably would want this at some point down the road anyway. |
Toy environments are useful though, for early prototyping work. So I figure why not support both use-cases, especially when supporting signing in the build system appears to be straightforward to implement. |
@SebastianBoe, I appreciate your comments, and definitely don't try to argue with you. Instead, just try to pinpoint arguments which may conflict with the desired goal. In this regard, answer to "why" in "why not support both use-cases" would be "because unless 2 ways are well aligned and overlap, that might mean doing double-work (one-time, minor factor) and then double-work in maintenance and support (recurring, major factor)". Surely, if there're no bigger problems in the build system maintenance (e.g. #5605, #5723, #5153, #4917 are resolved/no longer apply), then why not? |
|
Closing this for now since we now have |
Uh oh!
There was an error while loading. Please reload this page.
The goal is to be able to generate
.hexand.binfiles from the Zephyr build system that are compatible with MCUboot, either as a "slot0" or as a "slot1" image.Here's a rough outline of how I see this working:
The first line would generate a
.hexor.binthat contains both the MCUboot and the Slot0 images together, with Slot0 signed as necessary byimgtool.py.The second line would generate a
.hexor a.binwith the Slot1 image signed as necessary.The text was updated successfully, but these errors were encountered: