espressif: ci: Add new building jobs configs for Espressif chips
Add jobs for testing build ESP32-XX within more features:
Serial Recovery, Multi Image and Multi Boot
Signed-off-by: Almir Okato <almir.okato@espressif.com>
diff --git a/.github/workflows/espressif.yaml b/.github/workflows/espressif.yaml
index 5996407..a5c3a75 100644
--- a/.github/workflows/espressif.yaml
+++ b/.github/workflows/espressif.yaml
@@ -20,11 +20,20 @@
matrix:
targets: [esp32, esp32s2, esp32s3, esp32c3]
features:
- - "sign-rsa2048,sign-rsa3072,sign-ec256,sign-ed25519"
+ - "secureboot-sign-rsa2048,secureboot-sign-rsa3072,secureboot-sign-ec256,secureboot-sign-ed25519"
+ - "serialrecovery"
+ include:
+ - targets: esp32
+ features: "multi-image,multi-boot"
+ img: "multi"
+ - targets: esp32s3
+ features: "multi-image,multi-boot"
+ img: "multi"
runs-on: ubuntu-latest
env:
MCUBOOT_TARGETS: ${{ matrix.targets }}
MCUBOOT_FEATURES: ${{ matrix.features }}
+ MCUBOOT_IMG_NUM: ${{ matrix.img }}
steps:
- uses: actions/checkout@v2
with:
diff --git a/boot/espressif/ci_configs/multi-boot.conf b/boot/espressif/ci_configs/multi-boot.conf
new file mode 100644
index 0000000..4adf253
--- /dev/null
+++ b/boot/espressif/ci_configs/multi-boot.conf
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# ATTENTION:
+# This configuration file targets the building for CI environment and contains
+# a set of definitions to resemble a bootloader image for RELEASE environment.
+
+CONFIG_ESP_IMAGE_NUMBER=2
+CONFIG_ESP_MULTI_PROCESSOR_BOOT=y
diff --git a/boot/espressif/ci_configs/multi-image.conf b/boot/espressif/ci_configs/multi-image.conf
new file mode 100644
index 0000000..895a865
--- /dev/null
+++ b/boot/espressif/ci_configs/multi-image.conf
@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# ATTENTION:
+# This configuration file targets the building for CI environment and contains
+# a set of definitions to resemble a bootloader image for RELEASE environment.
+
+CONFIG_ESP_IMAGE_NUMBER=2
diff --git a/boot/espressif/secureboot-sign-ec256.conf b/boot/espressif/ci_configs/secureboot-sign-ec256.conf
similarity index 88%
rename from boot/espressif/secureboot-sign-ec256.conf
rename to boot/espressif/ci_configs/secureboot-sign-ec256.conf
index 37d4f7b..17b032b 100644
--- a/boot/espressif/secureboot-sign-ec256.conf
+++ b/boot/espressif/ci_configs/secureboot-sign-ec256.conf
@@ -18,3 +18,5 @@
CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem
CONFIG_ESP_USE_TINYCRYPT=1
CONFIG_ESP_SIGN_EC256=1
+CONFIG_ESP_DOWNGRADE_PREVENTION=1
+CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1
diff --git a/boot/espressif/secureboot-sign-ed25519.conf b/boot/espressif/ci_configs/secureboot-sign-ed25519.conf
similarity index 88%
rename from boot/espressif/secureboot-sign-ed25519.conf
rename to boot/espressif/ci_configs/secureboot-sign-ed25519.conf
index a317aa4..9cbdcd6 100644
--- a/boot/espressif/secureboot-sign-ed25519.conf
+++ b/boot/espressif/ci_configs/secureboot-sign-ed25519.conf
@@ -18,3 +18,5 @@
CONFIG_ESP_SIGN_KEY_FILE=root-ed25519.pem
CONFIG_ESP_USE_TINYCRYPT=1
CONFIG_ESP_SIGN_ED25519=1
+CONFIG_ESP_DOWNGRADE_PREVENTION=1
+CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1
diff --git a/boot/espressif/secureboot-sign-rsa2048.conf b/boot/espressif/ci_configs/secureboot-sign-rsa2048.conf
similarity index 89%
rename from boot/espressif/secureboot-sign-rsa2048.conf
rename to boot/espressif/ci_configs/secureboot-sign-rsa2048.conf
index f5ad883..2b22150 100644
--- a/boot/espressif/secureboot-sign-rsa2048.conf
+++ b/boot/espressif/ci_configs/secureboot-sign-rsa2048.conf
@@ -19,3 +19,5 @@
CONFIG_ESP_USE_MBEDTLS=1
CONFIG_ESP_SIGN_RSA=1
CONFIG_ESP_SIGN_RSA_LEN=2048
+CONFIG_ESP_DOWNGRADE_PREVENTION=1
+CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1
diff --git a/boot/espressif/secureboot-sign-rsa3072.conf b/boot/espressif/ci_configs/secureboot-sign-rsa3072.conf
similarity index 89%
rename from boot/espressif/secureboot-sign-rsa3072.conf
rename to boot/espressif/ci_configs/secureboot-sign-rsa3072.conf
index f6b2c9b..9f13785 100644
--- a/boot/espressif/secureboot-sign-rsa3072.conf
+++ b/boot/espressif/ci_configs/secureboot-sign-rsa3072.conf
@@ -19,3 +19,5 @@
CONFIG_ESP_USE_MBEDTLS=1
CONFIG_ESP_SIGN_RSA=1
CONFIG_ESP_SIGN_RSA_LEN=3072
+CONFIG_ESP_DOWNGRADE_PREVENTION=1
+CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1
diff --git a/boot/espressif/ci_configs/serialrecovery.conf b/boot/espressif/ci_configs/serialrecovery.conf
new file mode 100644
index 0000000..7e81bde
--- /dev/null
+++ b/boot/espressif/ci_configs/serialrecovery.conf
@@ -0,0 +1,10 @@
+# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# ATTENTION:
+# This configuration file targets the building for CI environment and contains
+# a set of definitions to resemble a bootloader image for RELEASE environment.
+
+CONFIG_ESP_MCUBOOT_SERIAL=y
+CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY=y
diff --git a/boot/espressif/port/esp32/bootloader-multi.conf b/boot/espressif/port/esp32/bootloader-multi.conf
new file mode 100644
index 0000000..ad3355e
--- /dev/null
+++ b/boot/espressif/port/esp32/bootloader-multi.conf
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+#
+# SPDX-License-Identifier: Apache-2.0
+
+CONFIG_ESP_FLASH_SIZE=4MB
+CONFIG_ESP_BOOTLOADER_SIZE=0xF000
+CONFIG_ESP_BOOTLOADER_OFFSET=0x1000
+# Example of values to be used when multi image is enabled
+# Notice that the OS layer and update agent must be aware
+# of these regions
+CONFIG_ESP_APPLICATION_SIZE=0x80000
+CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000
+CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x90000
+CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS=0x110000
+CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS=0x190000
+CONFIG_ESP_SCRATCH_OFFSET=0x210000
+CONFIG_ESP_SCRATCH_SIZE=0x40000
+CONFIG_ESP_MCUBOOT_WDT_ENABLE=y
+
+CONFIG_ESP_CONSOLE_UART=y
+CONFIG_ESP_CONSOLE_UART_NUM=0
+# Configures alternative UART port for console printing
+# CONFIG_ESP_CONSOLE_UART_CUSTOM=y
+# CONFIG_ESP_CONSOLE_UART_TX_GPIO=26
+# CONFIG_ESP_CONSOLE_UART_RX_GPIO=25
+
+# Enables multi image, if it is not defined, it is assumed
+# only one updatable image
+# CONFIG_ESP_IMAGE_NUMBER=2
+
+# Enables multi image boot on independent processors
+# (main host OS is not responsible for booting the second image)
+# Use only with CONFIG_ESP_IMAGE_NUMBER=2
+# CONFIG_ESP_MULTI_PROCESSOR_BOOT=y
diff --git a/boot/espressif/port/esp32s3/bootloader-multi.conf b/boot/espressif/port/esp32s3/bootloader-multi.conf
new file mode 100644
index 0000000..21c3457
--- /dev/null
+++ b/boot/espressif/port/esp32s3/bootloader-multi.conf
@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+#
+# SPDX-License-Identifier: Apache-2.0
+
+CONFIG_ESP_FLASH_SIZE=4MB
+CONFIG_ESP_BOOTLOADER_SIZE=0xF000
+CONFIG_ESP_BOOTLOADER_OFFSET=0x0000
+CONFIG_ESP_MCUBOOT_WDT_ENABLE=y
+# Example of values to be used when multi image is enabled
+# Notice that the OS layer and update agent must be aware
+# of these regions
+CONFIG_ESP_APPLICATION_SIZE=0x80000
+CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000
+CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x90000
+CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS=0x110000
+CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS=0x190000
+CONFIG_ESP_SCRATCH_OFFSET=0x210000
+CONFIG_ESP_SCRATCH_SIZE=0x40000
+
+# Use UART0 for console printing (use either UART or USB alone)
+CONFIG_ESP_CONSOLE_UART=y
+CONFIG_ESP_CONSOLE_UART_NUM=0
+# Configures alternative UART port for console printing
+# (UART_NUM=0 must not be changed)
+# CONFIG_ESP_CONSOLE_UART_CUSTOM=y
+# CONFIG_ESP_CONSOLE_UART_TX_GPIO=17
+# CONFIG_ESP_CONSOLE_UART_RX_GPIO=18
+# Use USB JTAG Serial for console printing
+# CONFIG_ESP_CONSOLE_USB_SERIAL_JTAG=y
+
+# Enables multi image, if it is not defined, it is assumed
+# only one updatable image
+# CONFIG_ESP_IMAGE_NUMBER=2
+
+# Enables multi image boot on independent processors
+# (main host OS is not responsible for booting the second image)
+# Use only with CONFIG_ESP_IMAGE_NUMBER=2
+# CONFIG_ESP_MULTI_PROCESSOR_BOOT=y
diff --git a/ci/espressif_run.sh b/ci/espressif_run.sh
index 30e1082..e4729fe 100755
--- a/ci/espressif_run.sh
+++ b/ci/espressif_run.sh
@@ -18,12 +18,17 @@
build_mcuboot() {
local target=${1}
local feature=${2}
- local toolchain_file="${ESPRESSIF_ROOT}/tools/toolchain-${target}.cmake"
- local mcuboot_config="${ESPRESSIF_ROOT}/port/${target}/bootloader.conf"
+ local img_num=${3}
local build_dir=".build-${target}"
+ local toolchain_file="${ESPRESSIF_ROOT}/tools/toolchain-${target}.cmake"
+
+ if [ -n "$img_num" ]; then
+ img_num="-${img_num}"
+ fi
+ local mcuboot_config="${ESPRESSIF_ROOT}/port/${target}/bootloader${img_num}.conf"
if [ -n "${feature}" ]; then
- mcuboot_config="${mcuboot_config};${ESPRESSIF_ROOT}/secureboot-${feature}.conf"
+ mcuboot_config="${mcuboot_config};${ESPRESSIF_ROOT}/ci_configs/${feature}.conf"
build_dir=".build-${target}-${feature}"
fi
@@ -44,11 +49,12 @@
if [ -n "${MCUBOOT_FEATURES}" ]; then
IFS=','
read -ra target_list <<< "${MCUBOOT_TARGETS}"
+ read img_num <<< "${MCUBOOT_IMG_NUM}"
for target in "${target_list[@]}"; do
read -ra feature_list <<< "${MCUBOOT_FEATURES}"
for feature in "${feature_list[@]}"; do
echo "Building MCUboot for \"${target}\" with support for \"${feature}\""
- build_mcuboot "${target}" "${feature}"
+ build_mcuboot "${target}" "${feature}" "${img_num}"
done
done
fi