Secure Bootloader Error despite being disabled

BrettG
Posts: 29
Joined: Wed Feb 15, 2017 7:32 pm

Secure Bootloader Error despite being disabled

Postby BrettG » Wed Dec 26, 2018 4:52 pm

Hi, After creating a new ESP32 project I am running accross an issue where I get the below error when compiling my project:

Code: Select all

C:/msys32/home/brettG/Git/project/build/bootloader_support\libbootloader_support.a(secure_boot_signatures.o):(.literal+0x8): undefined reference to `_binary_signature_verification_key_bin_end'
C:/msys32/home/brettG/Git/project/build/bootloader_support\libbootloader_support.a(secure_boot_signatures.o):(.literal+0xc): undefined reference to `_binary_signature_verification_key_bin_start'
From what I understand, despite secure boot being disabled in make menuconfig, there is still dependency looking for the key files. If I add a key file and enable secure boot it compiles successfully but I do not want to be forced into using secure boot for now.

Any ideas on how to remove the dependency on secure boot would be greatly appreciated.

Thanks,
- Brett

BrettG
Posts: 29
Joined: Wed Feb 15, 2017 7:32 pm

Re: Secure Bootloader Error despite being disabled

Postby BrettG » Thu Dec 27, 2018 1:52 pm

As a temporary solution I have just changed the signature verification key initialization to be based off of CONFIG_SECURE_BOOT_ENABLED in secure_boot_signatures.c:
  1. #ifdef CONFIG_SECURE_BOOT_ENABLED
  2. extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
  3. extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
  4. #else
  5. const uint8_t signature_verification_key_start[];
  6. const uint8_t signature_verification_key_end[];
  7. #endif

ESP_igrr
Posts: 2072
Joined: Tue Dec 01, 2015 8:37 am

Re: Secure Bootloader Error despite being disabled

Postby ESP_igrr » Fri Dec 28, 2018 3:35 am

Hi Brett,
Are you passing any extra flags to the compiler via CFLAGS or CPPFLAGS in the project makefiile?

BrettG
Posts: 29
Joined: Wed Feb 15, 2017 7:32 pm

Re: Secure Bootloader Error despite being disabled

Postby BrettG » Wed Jan 02, 2019 4:18 pm

Yes, I've had to use -mlongcalls due to issues in setting up our project repository.

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Secure Bootloader Error despite being disabled

Postby ESP_Angus » Thu Jan 03, 2019 1:21 am

Hi Brett,

What Ivan has guessed is that if you're overwriting the default compiler flags then -ffunction-sections -fdata-sections is not being passed to the compiler, which means otherwise unused parts of the object files are being linked into the final binary. This is why the "extern" references are failing to link despite not being referenced from used code (without those flags, if one symbol in a given object file is linked in then all of that object file's section is linked in).

This will also result in binaries being larger than they would otherwise be.

If you're using GNU Make, the recommended way to add CFLAGS/CPPFLAGS project-wide is to use CFLAGS += in a Makefile.projbuild file (to append), see here.

However, -mlongcalls should already be set in the ESP-IDF default build configuration so it's unexpected that you had to add it at all. Do you have any more information about why that was necessary?

Angus

BrettG
Posts: 29
Joined: Wed Feb 15, 2017 7:32 pm

Re: Secure Bootloader Error despite being disabled

Postby BrettG » Thu Jan 03, 2019 3:40 pm

I found the issue. I had a preprocessor definition I was adding to CFLAGS with '=' instead of '+='. Over the past few days I have been slowly fixing issues that cropped up by adding more of those commonly used flags (-mlongcalls -ffunction-sections -fstrict-volatile-bitfields) when it was the '=' all along.

This is embarrassing, but thanks so much for your help.

- Brett

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Secure Bootloader Error despite being disabled

Postby ESP_Angus » Thu Jan 03, 2019 9:52 pm

Hi Brett,

Thanks for updating. Glad you found the root case.

Angus

Who is online

Users browsing this forum: prashant.anlg and 89 guests