Page 1 of 1
Secure Bootloader Error despite being disabled
Posted: Wed Dec 26, 2018 4:52 pm
by BrettG
Hi, After creating a new ESP32 project I am running accross an issue where I get the below error when compiling my project:
Code: Select all
C:/msys32/home/brettG/Git/project/build/bootloader_support\libbootloader_support.a(secure_boot_signatures.o):(.literal+0x8): undefined reference to `_binary_signature_verification_key_bin_end'
C:/msys32/home/brettG/Git/project/build/bootloader_support\libbootloader_support.a(secure_boot_signatures.o):(.literal+0xc): undefined reference to `_binary_signature_verification_key_bin_start'
From what I understand, despite secure boot being disabled in make menuconfig, there is still dependency looking for the key files. If I add a key file and enable secure boot it compiles successfully but I do not want to be forced into using secure boot for now.
Any ideas on how to remove the dependency on secure boot would be greatly appreciated.
Thanks,
- Brett
Re: Secure Bootloader Error despite being disabled
Posted: Thu Dec 27, 2018 1:52 pm
by BrettG
As a temporary solution I have just changed the signature verification key initialization to be based off of CONFIG_SECURE_BOOT_ENABLED in secure_boot_signatures.c:
#ifdef CONFIG_SECURE_BOOT_ENABLED
extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
#else
const uint8_t signature_verification_key_start[];
const uint8_t signature_verification_key_end[];
#endif
Re: Secure Bootloader Error despite being disabled
Posted: Fri Dec 28, 2018 3:35 am
by ESP_igrr
Hi Brett,
Are you passing any extra flags to the compiler via CFLAGS or CPPFLAGS in the project makefiile?
Re: Secure Bootloader Error despite being disabled
Posted: Wed Jan 02, 2019 4:18 pm
by BrettG
Yes, I've had to use -mlongcalls due to issues in setting up our project repository.
Re: Secure Bootloader Error despite being disabled
Posted: Thu Jan 03, 2019 1:21 am
by ESP_Angus
Hi Brett,
What Ivan has guessed is that if you're overwriting the default compiler flags then -ffunction-sections -fdata-sections is not being passed to the compiler, which means otherwise unused parts of the object files are being linked into the final binary. This is why the "extern" references are failing to link despite not being referenced from used code (without those flags, if one symbol in a given object file is linked in then all of that object file's section is linked in).
This will also result in binaries being larger than they would otherwise be.
If you're using GNU Make, the recommended way to add CFLAGS/CPPFLAGS project-wide is to use CFLAGS += in a Makefile.projbuild file (to append),
see here.
However, -mlongcalls should already be set in the ESP-IDF default build configuration so it's unexpected that you had to add it at all. Do you have any more information about why that was necessary?
Angus
Re: Secure Bootloader Error despite being disabled
Posted: Thu Jan 03, 2019 3:40 pm
by BrettG
I found the issue. I had a preprocessor definition I was adding to CFLAGS with '=' instead of '+='. Over the past few days I have been slowly fixing issues that cropped up by adding more of those commonly used flags (-mlongcalls -ffunction-sections -fstrict-volatile-bitfields) when it was the '=' all along.
This is embarrassing, but thanks so much for your help.
- Brett
Re: Secure Bootloader Error despite being disabled
Posted: Thu Jan 03, 2019 9:52 pm
by ESP_Angus
Hi Brett,
Thanks for updating. Glad you found the root case.
Angus