Build: Sign the S and NS images separately
This patch modifies the build system to sign the secure and non-secure
images independently if the MCUBOOT_IMAGE_NUMBER build time switch is
greater than 1. This way the bootloader will be able to handle and
update the S and NS images separately.
Add separate security counter and image version variables for the S and
NS images in the build system. They can be specified at build time with
the SECURITY_COUNTER_S/_NS and IMAGE_VERSION_S/_NS defines.
In that case if any of the security counter values is missing, the
counter value will be generated just like in case of single image boot
(derived from image version).
Change-Id: Ia971fda818b92a7b27ee26f1b3893986322fd62e
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/bl2/ext/mcuboot/MCUBootConfig.cmake b/bl2/ext/mcuboot/MCUBootConfig.cmake
index 2aa6112..f0d8114 100644
--- a/bl2/ext/mcuboot/MCUBootConfig.cmake
+++ b/bl2/ext/mcuboot/MCUBootConfig.cmake
@@ -44,8 +44,21 @@
set(MCUBOOT_SIGNATURE_TYPE "")
endif()
- if (DEFINED SECURITY_COUNTER)
- message(WARNING "Ignoring the value of SECURITY_COUNTER variable as BL2 option is set to False.")
+ if (DEFINED SECURITY_COUNTER OR
+ DEFINED SECURITY_COUNTER_S OR
+ DEFINED SECURITY_COUNTER_NS)
+ message(WARNING "Ignoring the values of SECURITY_COUNTER and/or SECURITY_COUNTER_* variables as BL2 option is set to False.")
set(SECURITY_COUNTER "")
+ set(SECURITY_COUNTER_S "")
+ set(SECURITY_COUNTER_NS "")
+ endif()
+
+ if (DEFINED IMAGE_VERSION OR
+ DEFINED IMAGE_VERSION_S OR
+ DEFINED IMAGE_VERSION_NS)
+ message(WARNING "Ignoring the values of IMAGE_VERSION and/or IMAGE_VERSION_* variables as BL2 option is set to False.")
+ set(IMAGE_VERSION "")
+ set(IMAGE_VERSION_S "")
+ set(IMAGE_VERSION_NS "")
endif()
endif()