Image signing

nickhaman
Posts: 6
Joined: Sat Mar 09, 2019 10:57 pm

Image signing

Postby nickhaman » Sat Oct 19, 2019 8:30 pm

I followed the instructions in the esp-idf for turning on code signing. After generating the keys, I get the following linking error:
------ Build started: Project: app-template, Configuration: Debug VisualGDB ------
VisualGDB: Run "C:\PROGRA~2\Sysprogs\VISUAL~1/ninja.exe " in directory "D:\VS2\EmbeddedProject5\EmbeddedProject5/..\..\Git2\VoltageSensor\firmware/VisualGDB/Debug" on local computer
[1/6] Performing build step for 'bootloader'
[1/5] Generating ../../signature_verification_key.bin.S
[2/5] Building ASM object esp-idf/bootloader_support/CMakeFiles/__idf_bootloader_support.dir/__/__/signature_verification_key.bin.S.obj
[3/5] Linking C static library esp-idf\bootloader_support\libbootloader_support.a
[4/5] Linking C executable bootloader.elf
[5/5] Generating binary image from built executable
esptool.py v2.8-dev
Generated D:/VS2/Git2/VoltageSensor/firmware/VisualGDB/Debug/bootloader/bootloader.bin
[2/4] Linking CXX executable app-template.elf
FAILED: app-template.elf
cmd.exe /C "cd . && C:\sysgcc\esp32\opt\xtensa-esp32-elf\bin\xtensa-esp32-elf-g++.exe -mlongcalls -Wno-frame-address -g -nostdlib @CMakeFiles\app-template.elf.rsp -o app-template.elf && cd ."
c:/sysgcc/esp32/opt/xtensa-esp32-elf/bin/../lib/gcc/xtensa-esp32-elf/8.2.0/../../../../xtensa-esp32-elf/bin/ld.exe: esp-idf/bootloader_support/libbootloader_support.a(secure_boot_signatures.c.obj)(0): error : undefined reference to `_binary_signature_verification_key_bin_end'
c:/sysgcc/esp32/opt/xtensa-esp32-elf/bin/../lib/gcc/xtensa-esp32-elf/8.2.0/../../../../xtensa-esp32-elf/bin/ld.exe: esp-idf/bootloader_support/libbootloader_support.a(secure_boot_signatures.c.obj)(0): error : undefined reference to `_binary_signature_verification_key_bin_start'
collect2.exe: error: ld returned 1 exit status
ninja: build stopped: subcommand failed.
-------------------------------------------------------------
Command exited with code 1
Executable: C:\PROGRA~2\Sysprogs\VISUAL~1/ninja.exe
Arguments:
Directory: D:\VS2\EmbeddedProject5\EmbeddedProject5/..\..\Git2\VoltageSensor\firmware/VisualGDB/Debug
VisualGDB: Error: Command-line action failed
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========


According to this, the signature_verification_key.bin.S file was generated, the object file was generated from that, but the linker can't find a reference to the binary data.

Anyone else seen this?

TTrupp
Posts: 3
Joined: Sat Jul 21, 2018 11:27 pm

Re: Image signing

Postby TTrupp » Sun Oct 27, 2019 6:24 pm

Did you ever figure this out? I'm getting this too.

nickhaman
Posts: 6
Joined: Sat Mar 09, 2019 10:57 pm

Re: Image signing

Postby nickhaman » Mon Oct 28, 2019 4:46 pm

I found this link that says that it is incompatible with CMAKE, so I gave up:
https://esp32.com/viewtopic.php?t=9640

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Image signing

Postby ESP_Angus » Mon Oct 28, 2019 11:12 pm

Hi nick,

CMake is no longer a preview and this is supported on ESP-IDF v4.x.

However, I'm able to reproduce this problem. The verification key binary is being linked to the bootloader correctly but not the app. Will fix ASAP.


Angus

TTrupp
Posts: 3
Joined: Sat Jul 21, 2018 11:27 pm

Re: Image signing

Postby TTrupp » Fri Nov 29, 2019 6:37 am

Just a quick update on this for anyone else struggling to find a solution. I created a support request for this issue:
https://github.com/espressif/esp-idf/issues/4419

There are some further clues on the linked thread. It seems to still be occurring on 3.3, but looks like there's a fix already within 4.1. Unfortunately we can't update beyond 3.3 since we're using Arduino-ESP32, so hoping there's a fix possible within 3.3. If anyone has any suggestions, please let me know, because getting secure signed builds is a critical feature for us.

Who is online

Users browsing this forum: No registered users and 99 guests