@@ -47,6 +47,12 @@ define_property(TARGET
4747 BRIEF_DOCS "Embed decryption stage into encrypted binary"
4848 FULL_DOCS "Embed decryption stage into encrypted binary"
4949)
50+ define_property (TARGET
51+ PROPERTY PICOTOOL_OTP_KEY_PAGE
52+ INHERITED
53+ BRIEF_DOCS "OTP page storing the AES key"
54+ FULL_DOCS "OTP page storing the AES key"
55+ )
5056define_property (TARGET
5157 PROPERTY PICOTOOL_ENC_SIGFILE
5258 INHERITED
@@ -364,50 +370,40 @@ function(pico_embed_pt_in_binary TARGET PTFILE)
364370 )
365371endfunction ()
366372
367- # pico_encrypt_binary(TARGET AESFILE [SIGFILE])
373+ # pico_encrypt_binary(TARGET AESFILE [SIGFILE <file>] [EMBED] [OTP_KEY_PAGE <page> ])
368374# Encrypt the target binary with the given AES key (should be a binary
369375# file containing 128 bytes of a random key), and sign the encrypted binary.
370376# This sets PICOTOOL_AESFILE to AESFILE, and PICOTOOL_ENC_SIGFILE to SIGFILE
371377# if present, else PICOTOOL_SIGFILE.
378+ # Optionally, use EMBED to embed a decryption stage into the encrypted binary.
379+ # This sets PICOTOOL_EMBED_DECRYPTION to TRUE.
380+ # Optionally, use OTP_KEY_PAGE to specify the OTP page storing the AES key.
381+ # This sets PICOTOOL_OTP_KEY_PAGE to OTP_KEY_PAGE.
372382function (pico_encrypt_binary TARGET AESFILE)
383+ set (options EMBED)
384+ set (oneValueArgs OTP_KEY_PAGE SIGFILE)
385+ # set(multiValueArgs )
386+ cmake_parse_arguments (PARSE_ARGV 2 ENC "${options} " "${oneValueArgs} " "${multiValueArgs} " )
373387 picotool_check_configurable(${TARGET} )
374388 set_target_properties (${TARGET} PROPERTIES
375389 PICOTOOL_AESFILE ${AESFILE}
376390 )
377- if (ARGC EQUAL 3)
391+
392+ if (ENC_EMBED)
378393 set_target_properties (${TARGET} PROPERTIES
379- PICOTOOL_ENC_SIGFILE ${ARGV2}
394+ PICOTOOL_EMBED_DECRYPTION TRUE
380395 )
381- else ()
382- get_target_property (enc_sig_file ${TARGET} PICOTOOL_ENC_SIGFILE)
383- if (NOT enc_sig_file)
384- get_target_property (sig_file ${TARGET} PICOTOOL_SIGFILE)
385- if (NOT sig_file)
386- message (FATAL_ERROR "Signature file not set for ${TARGET} " )
387- else ()
388- set_target_properties (${TARGET} PROPERTIES
389- PICOTOOL_ENC_SIGFILE ${sig_file}
390- )
391- endif ()
392- endif ()
393396 endif ()
394- endfunction ()
395397
396- # pico_create_decrypting_binary(TARGET AESFILE [SIGFILE])
397- # Encrypt the target binary with the given AES key (should be a binary
398- # file containing 128 bytes of a random key), add a decryption stage to
399- # decrypt the binary at runtime, and then sign the encrypted binary.
400- # This sets PICOTOOL_AESFILE to AESFILE, PICOTOOL_EMBED_DECRYPTION to TRUE,
401- # and PICOTOOL_ENC_SIGFILE to SIGFILE if present, else PICOTOOL_SIGFILE.
402- function (pico_create_decrypting_binary TARGET AESFILE)
403- picotool_check_configurable(${TARGET} )
404- set_target_properties (${TARGET} PROPERTIES
405- PICOTOOL_AESFILE ${AESFILE}
406- PICOTOOL_EMBED_DECRYPTION TRUE
407- )
408- if (ARGC EQUAL 3)
398+ if (ENC_OTP_KEY_PAGE)
409399 set_target_properties (${TARGET} PROPERTIES
410- PICOTOOL_ENC_SIGFILE ${ARGV2}
400+ PICOTOOL_OTP_KEY_PAGE ${ENC_OTP_KEY_PAGE}
401+ )
402+ endif ()
403+
404+ if (ENC_SIGFILE)
405+ set_target_properties (${TARGET} PROPERTIES
406+ PICOTOOL_ENC_SIGFILE ${ENC_SIGFILE}
411407 )
412408 else ()
413409 get_target_property (enc_sig_file ${TARGET} PICOTOOL_ENC_SIGFILE)
@@ -561,6 +557,11 @@ function(picotool_postprocess_binary TARGET)
561557 list (APPEND picotool_encrypt_args "--embed" )
562558 endif ()
563559
560+ get_target_property (otp_key_page ${TARGET} PICOTOOL_OTP_KEY_PAGE)
561+ if (otp_key_page)
562+ list (APPEND picotool_encrypt_args "--otp-key-page" ${otp_key_page} )
563+ endif ()
564+
564565 add_custom_command (TARGET ${TARGET} POST_BUILD
565566 DEPENDS ${picotool_enc_sigfile} ${picotool_aesfile}
566567 COMMAND picotool
0 commit comments