module: mcuboot: Add config option to support unsigned binary generation

This commit adds a change to support running west sign command even if the keyfile is not provided. Default value of the configuration is set to n in order to maintain backward compatibility. Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
zephyrproject-rtos · Dec 18, 2021 · f9eaabb · f9eaabb
1 parent f1b77d3
commit f9eaabb
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 7 deletions.
diff --git a/Kconfig.zephyr b/Kconfig.zephyr
@@ -614,6 +614,7 @@ if BOOTLOADER_MCUBOOT
 config MCUBOOT_SIGNATURE_KEY_FILE
 	string "Path to the mcuboot signing key file"
 	default ""
+	depends on !MCUBOOT_GENERATE_UNSIGNED_IMAGE
 	help
 	  The file contains a key pair whose public half is verified
 	  by your target's MCUboot image. The file is in PEM format.
@@ -672,6 +673,13 @@ config MCUBOOT_EXTRA_IMGTOOL_ARGS
 	  you can use this option to pass extra options to imgtool.
 	  For example, you could set this to "--version 1.2".
 
+config MCUBOOT_GENERATE_UNSIGNED_IMAGE
+	bool "Generate unsigned binary image bootable with MCUboot"
+	help
+	  Enabling this configuration allows automatic unsigned binary image
+	  generation when MCUboot signing key is not provided,
+	  i.e., MCUBOOT_SIGNATURE_KEY_FILE is left empty.
+
 config MCUBOOT_GENERATE_CONFIRMED_IMAGE
 	bool "Also generate a padded, confirmed image"
 	help

diff --git a/cmake/mcuboot.cmake b/cmake/mcuboot.cmake
@@ -20,11 +20,13 @@ function(zephyr_mcuboot_tasks)
   set(keyfile "${CONFIG_MCUBOOT_SIGNATURE_KEY_FILE}")
   set(keyfile_enc "${CONFIG_MCUBOOT_ENCRYPTION_KEY_FILE}")
 
-  # Check for misconfiguration.
-  if("${keyfile}" STREQUAL "")
-    # No signature key file, no signed binaries. No error, though:
-    # this is the documented behavior.
-    return()
+  if(NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
+    # Check for misconfiguration.
+    if("${keyfile}" STREQUAL "")
+      # No signature key file, no signed binaries. No error, though:
+      # this is the documented behavior.
+      return()
+    endif()
   endif()
 
   if(NOT WEST)
@@ -39,7 +41,7 @@ function(zephyr_mcuboot_tasks)
         set(${file} "${WEST_TOPDIR}/${${file}}")
       endif()
 
-      if(NOT EXISTS "${${file}}")
+      if(NOT EXISTS "${${file}}" AND NOT "${CONFIG_MCUBOOT_GENERATE_UNSIGNED_IMAGE}")
         message(FATAL_ERROR "west sign can't find file ${${file}} (Note: Relative paths are relative to the west workspace topdir \"${WEST_TOPDIR}\")")
       elseif(NOT (CONFIG_BUILD_OUTPUT_BIN OR CONFIG_BUILD_OUTPUT_HEX))
         message(FATAL_ERROR "Can't sign images for MCUboot: Neither CONFIG_BUILD_OUTPUT_BIN nor CONFIG_BUILD_OUTPUT_HEX is enabled, so there's nothing to sign.")
@@ -84,7 +86,12 @@ function(zephyr_mcuboot_tasks)
   else()
     set(imgtool_extra)
   endif()
-  set(imgtool_args -- --key "${keyfile}" ${imgtool_extra})
+
+  if(NOT "${keyfile}" STREQUAL "")
+    set(imgtool_extra --key "${keyfile}" ${imgtool_extra})
+  endif()
+
+  set(imgtool_args -- ${imgtool_extra})
 
   # Extensionless prefix of any output file.
   set(output ${ZEPHYR_BINARY_DIR}/${KERNEL_NAME})