mirror/pico-sdk
1
0
Fork 0
mirror of https://github.com/raspberrypi/pico-sdk.git synced 2025-12-10 07:14:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Throw a warning when using the example signing/encryption keys (#2352)

Browse source 
* Raise a warning when using the example signing/encryption keys
  This is automatically disabled for pico-examples, and can be manually disabled by setting PICO_ALLOW_EXAMPLE_KEYS
This commit is contained in:
will-v-pi 2025-03-22 23:22:37 +00:00 committed by GitHub
parent bbb94e51f9
commit f81851a2cb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
tools/CMakeLists.txt
View file

@ -153,6 +153,28 @@ function(picotool_check_configurable TARGET)
endif() endif()
endfunction() endfunction()
# Compare 2 key files, used by picotool_check_default_keys
function(picotool_compare_keys TARGET KEY DEFAULT TYPE)
if (KEY)
execute_process(COMMAND ${CMAKE_COMMAND} -E compare_files "${KEY}" "${PICO_SDK_PATH}/tools/example_keys/${DEFAULT}"
RESULT_VARIABLE compare_result
)
if(compare_result EQUAL 0)
message(WARNING "${TARGET} is using a default ${TYPE} key - this must be changed before production")
endif()
endif()
endfunction()
# Check if default signing/encryption keys are being used
function(picotool_check_default_keys TARGET)
get_target_property(picotool_sigfile ${TARGET} PICOTOOL_SIGFILE)
picotool_compare_keys(${TARGET} ${picotool_sigfile} private.pem "signing")
get_target_property(picotool_aesfile ${TARGET} PICOTOOL_AESFILE)
picotool_compare_keys(${TARGET} ${picotool_aesfile} privateaes.bin "encryption")
get_target_property(picotool_enc_sigfile ${TARGET} PICOTOOL_ENC_SIGFILE)
picotool_compare_keys(${TARGET} ${picotool_enc_sigfile} private.pem "encrypted signing")
endfunction()
# Generate pio header and include it in the build # Generate pio header and include it in the build
# PICO_CMAKE_CONFIG: PICO_DEFAULT_PIOASM_OUTPUT_FORMAT, Default output format used by pioasm when using pico_generate_pio_header, type=string, default=c-sdk, group=build # PICO_CMAKE_CONFIG: PICO_DEFAULT_PIOASM_OUTPUT_FORMAT, Default output format used by pioasm when using pico_generate_pio_header, type=string, default=c-sdk, group=build
function(pico_generate_pio_header TARGET) function(pico_generate_pio_header TARGET)
@ -449,6 +471,12 @@ function(picotool_postprocess_binary TARGET)
set_target_properties(${TARGET} PROPERTIES set_target_properties(${TARGET} PROPERTIES
PICOTOOL_PROCESSING_CONFIGURED true PICOTOOL_PROCESSING_CONFIGURED true
) )
# PICO_CMAKE_CONFIG: PICO_ALLOW_EXAMPLE_KEYS, Don't raise a warning when using default signing/encryption keys, type=bool, default=0, group=build
if (NOT PICO_ALLOW_EXAMPLE_KEYS)
picotool_check_default_keys(${TARGET})
endif()
# Read target properties # Read target properties
get_target_property(picotool_sign_output ${TARGET} PICOTOOL_SIGN_OUTPUT) get_target_property(picotool_sign_output ${TARGET} PICOTOOL_SIGN_OUTPUT)
if (picotool_sign_output) if (picotool_sign_output)

8
tools/example_keys/private.pem Normal file
View file

@ -0,0 +1,8 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQACg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIAXAdiilH8wT07TESUzWPt+BY9+NcchvYU3xbnpK+CBNoAcGBSuBBAAK
oUQDQgAEYYJtMQFGW4AB94tU3u/Qir5sRcYjBYMqCa+8gxsYd9OwMS3dqWKsnVBz
dyy7bFWdJzXDMb9o20xRRd57Q9xSYw==
-----END EC PRIVATE KEY-----

BIN
tools/example_keys/privateaes.bin Normal file
View file

Binary file not shown.