-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mcuboot.mk: refactor into a declarative-style makefile. #10494
Conversation
d53a60e
to
85f0864
Compare
I tested this PR and I confirm it fixes build problems when building I also tested on a nrf52dk, but I have no idea what I should expect from the test. When I flash the mcuboot on the board, I have nothing on the terminal, either if using master or this PR. |
Me neither. To be honest, I don't know what anything of this is supposed to do. Maybe @kYc0o has something to say. |
I am currently not sure where the BUILD_IN_DOCKER=1 DOCKER="sudo docker" make -C tests/mcuboot/ mcuboot
make: Entering directory '/home/harter/work/git/RIOT/tests/mcuboot'
Launching build container using image "riot/riotbuild:latest".
sudo docker run --rm -t -u "$(id -u)" \
-v '/home/harter/work/git/RIOT:/data/riotbuild/riotbase' \
-v '/home/harter/work/git/RIOT/cpu:/data/riotbuild/riotcpu' \
-v '/home/harter/work/git/RIOT/boards:/data/riotbuild/riotboard' \
-v '/home/harter/work/git/RIOT/makefiles:/data/riotbuild/riotmake' \
-v '/home/harter/work/git/RIOT:/data/riotbuild/riotproject' \
-v /etc/localtime:/etc/localtime:ro \
-e 'RIOTBASE=/data/riotbuild/riotbase' \
-e 'CCACHE_BASEDIR=/data/riotbuild/riotbase' \
-e 'RIOTCPU=/data/riotbuild/riotcpu' \
-e 'RIOTBOARD=/data/riotbuild/riotboard' \
-e 'RIOTMAKE=/data/riotbuild/riotmake' \
-e 'RIOTPROJECT=/data/riotbuild/riotproject' \
-v /home/harter/.gitcache:/data/riotbuild/gitcache -e GIT_CACHE_DIR=/data/riotbuild/gitcache \
\
-w '/data/riotbuild/riotproject/tests/mcuboot/' \
'riot/riotbuild:latest' make
[sudo] password for harter: To at least verify what happens in master, I will do a |
Unfortunately, the I used a fixed My test command was the following, I first copied one generated
The
With this I can see the name changes and that at least here, And the output is the same for the elf files One thing to pay attention while reviewing, |
The signature process may involve random data. |
The only thing that can be tested is an actual boot. If there's nothing even after a reboot, then it didn't succeed and something went wrong. Can you test in previous releases? |
Anyways, the pre-compiled binary doesn't check any signature, but only the hash of the image. |
For me, when flashed with
When using So for me it's good on the testing for the normal out of docker functionality. |
MCUBOOT_ELF ?= $(ELFFILE:.elf=.mcuboot.elf) | ||
MCUBOOT_BIN ?= $(MCUBOOT_ELF:.elf=.bin) | ||
|
||
MCUBOOT_LOADER_BIN ?= $(BINDIR)/mcuboot.bin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I prefered MCUBOOT_BIN
has it is the mcuboot
binary file. For me it was completely clear. Here loader
does not mean anything to me, at least bootloader
would be clear.
However renaming the file to keep the full mynewt.mcuboot.bin
name would prevent possible issues with the filename in bin
.
|
||
export IMAGE_HDR_SIZE ?= 512 | ||
MCUBOOT_ELF ?= $(ELFFILE:.elf=.mcuboot.elf) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not a mcuboot_elf
specific thing it is only a normal RIOT firmware but linked for slot0
.
In the bootloader PR it is $(BINDIR_APP)-slot0.elf
.
So maybe something like ELFFILE_MCUBOOT_SLOT0 = $(ELFFILE:.elf=.mcuboot-slot0.elf)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"normal RIOT firmware": it also has space for the header. I saw the message "Re-linking for MCUBoot at..." and assumed it was a MCUBoot-specific thing.
ifdef MCUBOOT_SLOT0_SIZE | ||
|
||
IMGTOOL ?= $(RIOTTOOLS)/mcuboot/imgtool.py | ||
override IMGTOOL := $(abspath $(IMGTOOL)) | ||
IMGTOOL_KEYFLAGS ?= keygen -t rsa-2048 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently I do not find necessary to add the KEYFLAGS
. If it was imgtool.py
specific I would not put keygen
in it.
And if supposed to be generic, here you do not include the -k
so cannot be replaced by an other tool anyway.
Maybe keep this change for when there is a need.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can remove that commit.
makefiles/mcuboot.mk
Outdated
@@ -55,3 +58,4 @@ mcuboot: | |||
$(Q)echo "error: mcuboot not supported on board $(BOARD)!" | |||
$(Q)false | |||
endif # MCUBOOT_SLOT0_SIZE | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Newline added here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll remove it.
$(MCUBOOT_IMAGE_ALIGN) -H $(IMAGE_HDR_SIZE) $(MCUBOOT_BIN) $(SIGN_BINFILE) | ||
|
||
ifeq ($(BUILD_IN_DOCKER),1) | ||
mcuboot: ..in-docker-container |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This currently only works in the tests/mcuboot
application as it will not pass mcuboot
to the docker make command.
A solution for this is to add DOCKER_MAKECMDGOALS_POSSIBLE += mcuboot
.
However, IMAGE_VERSION
must be set in the Makefile and not command line.
So could add a test for this to at least not try to compile.
I will find something for this.
For the docker thing, I did not manage to have the full behavior that I expect. I manage to make it work when doing With this, it currently works with My test command is:
diff --git a/makefiles/mcuboot.mk b/makefiles/mcuboot.mk
index 9b0e7eac8..666e9b2f4 100644
--- a/makefiles/mcuboot.mk
+++ b/makefiles/mcuboot.mk
@@ -16,6 +16,10 @@ MCUBOOT_LOADER_BIN_MD5 ?= 0c71a0589bd3709fc2d90f07a0035ce7
IMAGE_HDR_SIZE ?= 512
+ifeq (,$(IMAGE_VERSION))
+ $(error IMAGE_VERSION not set)
+endif
+
$(MCUBOOT_KEYFILE) $(MCUBOOT_LOADER_BIN): $(filter clean, $(MAKECMDGOALS))
mcuboot-create-key: $(MCUBOOT_KEYFILE)
@@ -39,6 +43,11 @@ $(SIGN_BINFILE): $(MCUBOOT_BIN) $(MCUBOOT_KEYFILE)
ifeq ($(BUILD_IN_DOCKER),1)
mcuboot: ..in-docker-container
+DOCKER_MAKECMDGOALS_POSSIBLE += mcuboot
+ ifneq (,$(filter environment command,$(origin IMAGE_VERSION)))
+ $(warning Setting IMAGE_VERSION from env/command line not supported in docker)
+ $(error IMAGE_VERSION should be set from the application Makefile)
+ endif
else
mcuboot: $(SIGN_BINFILE)
endif # BUILD_IN_DOCKER |
Another solution for the docker integration, as there are other limitations too, is to only do in in the Also, it was not working properly in docker before as the files were also built on the local machine where they should not. So I could split this part in a separate PR anyway. |
Actually, in Not sure what the real behavior that is wanted in that case. |
Could you currently remove the renaming of the variables from this PR ? Going for A solution for the |
193e649
to
dfed9e9
Compare
The previous definition of IMGTOOL was unnecessarily complicated. "abspath" is not needed. Also, the export for IMAGE_HDR_SIZE is not necessary.
There is no point on defining BINFILE again. It is already done by Makefile.include.
The name MCUBOOT_BIN is confusing and not clear. It suggests it is the application binary when in reality it is just the mcuboot bootloader image.
Add rule for MCUBOOT_ELF (do not overwrite normal elf.) Similar to ELFFILE, this depends on BASELIBS. MCUBOOT_BIN is done automatically from MCUBOOT_ELF by an implicit rule. SIGN_BINFILE (the signed binary) depends on MCUBOOT_KEYFILE and not on a phony rule. All phony rules are listed at the beginning.
After the restructuring of mcuboot.mk building in docker was broken. This makes it work again (but only if on uses the mcuboot target.)
Making the rule definition conditional does not make sense, as it should not conflict if the user overrides MCUBOOT_KEYFILE (the rule will just not get used). Factor keygen arguments into IMGTOOL_KEYFLAGS. In the future a flag can be added to generate a determnistic key for reproducibility on CI builds.
I rebased this on top of master. @cladmi what exactly is broken with docker? |
For docker it magically works because there is There are also still other unrelated changes in this one. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you want me to ignore this issue, please mark it with the "State: don't stale" label. Thank you for your contributions. |
Read this before reviewing
The first 3 commits are not part of this PR.The first two commits come from #10461 . The first one is a throwaway commit to induce (i.e. increase the probability of triggering) certain kind of bugs. The third commit comes from #10492 .Whise these commits are not strictly necessary for this PR, it allows me to test is under more conditions: build in docker, build in parallel, use "make clean all" etc.Dependencies where mergedI think this is better reviewed commit-by-commit.
Contribution description
mcuboot.mk was not very makeish: phony targets and no explicit dependencies being the main violations. Also, the mcuboot rule was rewriting the elf file.
The main changes in this PR are:
See the commit messages for more info.
Testing procedure
I only tested building because I do not have the hardware. Could someone with a nrf52 please test this?
Issues/PRs references
Depends on
#10461and#10492.