Tools: Improvements to building of signed bootloaders

joshanne · peterbarker · commit 9626c27b8a50 · 2025-12-02T12:17:07.000+11:00
Adds ability to pass --omit-ardupilot-keys to build_bootloaders.py

Adds ability to pass multiple public keys to the signing of the bootloader. This extends the functionality of the single key that was previously possible. All keys are prefixed with --signing-key and are appended to the args.signing_key array. All keys are checked for presense, and type before being used to sign the bootloader.

General tidy up of the argument parser, prints a proper description of the role of the file.
diff --git a/Tools/scripts/build_bootloaders.py b/Tools/scripts/build_bootloaders.py
@@ -15,18 +15,14 @@
 
 # get command line arguments
 from argparse import ArgumentParser
-parser = ArgumentParser(description='make_secure_bl')
-parser.add_argument("--signing-key", type=str, default=None, help="signing key for secure bootloader")
+parser = ArgumentParser(description='This Program is used to build ArduPilot bootloaders for boards.')
+parser.add_argument("--signing-key", type=str, action='append', help="signing key for secure bootloader (can be used multiple times)")
+parser.add_argument("--omit-ardupilot-keys", action='store_true', default=False, help="omit ArduPilot signing keys")
 parser.add_argument("--debug", action='store_true', default=False, help="build with debug symbols")
 parser.add_argument("--periph-only", action='store_true', default=False, help="only build AP_Periph boards")
 parser.add_argument("pattern", type=str, default='*', help="board wildcard pattern", nargs='?')
 args = parser.parse_args()
 
-if args.signing_key is not None and os.path.basename(args.signing_key).lower().find("private") != -1:
-    # prevent the easy mistake of using private key
-    print("You must use the public key in the bootloader")
-    sys.exit(1)
-
 os.environ['PYTHONUNBUFFERED'] = '1'
 
 failed_boards = set()
@@ -70,6 +66,32 @@ def get_board_list():
             board_list.append(d)
     return board_list
 
+def validate_signing_keys(keys):
+    """Validate that all signing key files exist and are not private keys"""
+    missing_keys = []
+    private_keys = []
+
+    for key in keys:
+        if not os.path.isfile(key):
+            missing_keys.append(key)
+        elif os.path.basename(key).lower().find("private") != -1:
+            private_keys.append(key)
+
+    if missing_keys:
+        print("Error: The following files were not found:")
+        for key in missing_keys:
+            print(f"  {key}")
+        sys.exit(1)
+
+    if private_keys:
+        print("Error: You must use the public key in the bootloader. Check the following files:")
+        for key in private_keys:
+            print(f"  {key}")
+        sys.exit(1)
+
+if args.signing_key is not None:
+    validate_signing_keys(args.signing_key)
+
 def run_program(cmd_list):
     print("Running (%s)" % " ".join(cmd_list))
     retcode = subprocess.call(cmd_list)
@@ -122,6 +144,10 @@ def get_all_board_dirs():
     if b not in board_list:
         print(f"Skipping {b}: no hwdef-bl.dat (no bootloader for this board)")
 
+additional_args = []
+if args.omit_ardupilot_keys:
+    # If the user has requested to omit ardupilot keys, ensure it is forwarded to the make_secure_bl program
+    additional_args.append("--omit-ardupilot-keys")
 
 # check that the user-supplied board pattern matches something; if not, warn and exit
 for board in board_list:
@@ -142,11 +168,11 @@ def get_all_board_dirs():
     shutil.copy('build/%s/bootloader/AP_Bootloader' % board, elf_file)
     print("Created %s" % elf_file)
     if args.signing_key is not None:
-        print("Signing bootloader with %s" % args.signing_key)
-        if not run_program(["./Tools/scripts/signing/make_secure_bl.py", bl_file, args.signing_key]):
+        print("Signing bootloader with %s" % ", ".join(args.signing_key))
+        if not run_program(["./Tools/scripts/signing/make_secure_bl.py", *additional_args, bl_file] + args.signing_key):
             print("Failed to sign bootloader for %s" % board)
             sys.exit(1)
-        if not run_program(["./Tools/scripts/signing/make_secure_bl.py", elf_file, args.signing_key]):
+        if not run_program(["./Tools/scripts/signing/make_secure_bl.py", *additional_args, elf_file] + args.signing_key):
             print("Failed to sign ELF bootloader for %s" % board)
             sys.exit(1)
     if not run_program([sys.executable, "Tools/scripts/bin2hex.py", "--offset", "0x08000000", bl_file, hex_file]):
