Add support for west sign for Silabs SoCs
#92181
Conversation
github-actions
bot
added
area: Documentation
platform: Silabs
github-actions
bot
requested review from
asmellby,
carlescufi,
jhedberg,
kartben,
Martinhoff-maker,
nashif,
pdgendt and
swinslow
jerome-pouiller
force-pushed
the
west-sign
branch
from
8a0aa87 to
1819b4a
Compare
|
Re-assigned to Silabs Platforms maintainers. |
doc/develop/west/sign.rst
Outdated
| silabs_commander | ||
| *************** |
There was a problem hiding this comment.
minor: one more * seems to be needed to be the same length as the subtitle
jerome-pouiller
force-pushed
the
west-sign
branch
from
1819b4a to
1d87b03
Compare
github-actions
bot
requested review from
57300,
jeremybettis,
nordicjm and
tejlmand
There was a problem hiding this comment.
I'm surprised @Aasimshaik11 is not credited as an author, not even in the commit messages...
https://docs.zephyrproject.org/latest/contribute/modifying_contributions.html
jerome-pouiller
force-pushed
the
west-sign
branch
from
1d87b03 to
0457320
Compare
Definitely. Fixed. |
| set_target_properties(runners_yaml_props_target | ||
| PROPERTIES bin_file ${PROJECT_BINARY_DIR}/${KERNEL_NAME}.signed.bin.rps | ||
| ) | ||
| endif() |
There was a problem hiding this comment.
Please use else() instead of overwriting, much clearer IMHO
cmake/flash/CMakeLists.txt
Outdated
| @@ -196,7 +196,7 @@ foreach(target flash debug debugserver attach rtt) | |||
| -DDEPENDENCIES="$<TARGET_PROPERTY:${target},MANUALLY_ADDED_DEPENDENCIES>" | |||
| -P ${CMAKE_CURRENT_LIST_DIR}/check_runner_dependencies.cmake | |||
| COMMAND | |||
| ${CMAKE_COMMAND} -E env | |||
| ${CMAKE_COMMAND} -E env ZEPHYR_BASE=${ZEPHYR_BASE} | |||
There was a problem hiding this comment.
Errr... I really don't think a functional change like that should be hidden in a documentation commit.
While you may require this for some reason (a commit message would be useful), this code change is 100% generic and totally unrelated to Silab or even west sign. Please submit this in a separate PR, get it merged and then wait 1-2 days for nightly test runs to demonstrate it does not break anything or anyone's CI.
There was a problem hiding this comment.
This change was not expected (I expect to create another PR for this one). I did a mistake when I did my first rebase.
| in_file = f'{kernel_prefix}.bin.rps' | ||
| out_file = command.args.sbin or f'{kernel_prefix}.signed.bin.rps' | ||
| in_file = f'{kernel_prefix}.rps' | ||
| out_file = command.args.sbin or f'{kernel_prefix}.signed.rps' |
There was a problem hiding this comment.
.bin: indeed the most overrated name providing the least information ever...
There was a problem hiding this comment.
✔️
This looks fun but you sent a notification for each one :-)
(
| ) | ||
| set_target_properties(runners_yaml_props_target |
There was a problem hiding this comment.
The name runners_yaml_props_target is quite cryptic, does not seem related to flashing at all. So can you add a one-line comment?
Use runners_yaml_props_target to set the name of the file to flash, rather than hard-coding it for each board. Co-developed-by: Aksel Skauge Mellbye <[email protected]> Signed-off-by: Aksel Skauge Mellbye <[email protected]> Signed-off-by: Jérôme Pouiller <[email protected]>
Disable generation of .hex output, since the Commander runner prefers it over the .bin output but SiWx91x needs a .bin.rps file. Signed-off-by: Aksel Skauge Mellbye <[email protected]> Co-developed-by: Aksel Skauge Mellbye <[email protected]> Signed-off-by: Jérôme Pouiller <[email protected]>
Silabs siwx91x support signed and encrypted firmwares. This PR includes support for these features in "west sign" Co-developed-by: Aasim Shaik <[email protected]> Signed-off-by: Aasim Shaik <[email protected]> Signed-off-by: Jérôme Pouiller <[email protected]>
Once the keys has been provisioned on the Silabs siwx91x, the chip expects the firmware to be properly signed. This PR automate the signing process. Hence, "west flash" will work as expected. Co-developed-by: Aasim Shaik <[email protected]> Signed-off-by: Aasim Shaik <[email protected]> Signed-off-by: Jérôme Pouiller <[email protected]>
Add the relevant documentation for the silabs_commander runner. Co-developed-by: Aasim Shaik <[email protected]> Signed-off-by: Aasim Shaik <[email protected]> Signed-off-by: Jérôme Pouiller <[email protected]>
The siwx91x need a specific firmware image format. These image end with .rps extension. The current name of the image is zephyr.bin.rps. However, the .bin suffix is not relevant. It makes even more sense if we consider the output of west sign: zephyr.signed.bin.rps. We can simplify these name by remove the .bin suffix. Signed-off-by: Jérôme Pouiller <[email protected]>
jerome-pouiller
force-pushed
the
west-sign
branch
from
0457320 to
3e6eef8
Compare
|
| ``silabs_commander`` require `Simpliciy Commander`_ to be install on the host. The provisionning of the | ||
| key on the device is described in `UG574 SiWx917 SoC Manufacturing Utility User Guide`_. | ||
|
|
||
| .. _Simpliciy Commander: |
| in_file = f'{kernel_prefix}.bin.rps' | ||
| out_file = command.args.sbin or f'{kernel_prefix}.signed.bin.rps' | ||
| in_file = f'{kernel_prefix}.rps' | ||
| out_file = command.args.sbin or f'{kernel_prefix}.signed.rps' |
There was a problem hiding this comment.
✔️
This looks fun but you sent a notification for each one :-)
(
Silabs siwx91x support various security options. This PR exposes these options in
west sign.This PR is a rework of #87669 opened by @Aasimshaik11.