From a0e6ab454048ae127bbd846f6d5386d33ae3558f Mon Sep 17 00:00:00 2001
From: Patrick Rathje <git@patrickrathje.de>
Date: Sun, 13 Sep 2020 15:55:41 +0200
Subject: [PATCH] WIP

---
 .gitmodules     |  3 +++
 README.md       | 36 ++++++++++++++++++++++++++++++++++++
 extra_script.py | 19 ++++++++++++++++++-
 3 files changed, 57 insertions(+), 1 deletion(-)
 create mode 100644 .gitmodules

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..5170c6d
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "lib/mbedtls"]
+	path = lib/mbedtls
+	url = git@github.com:ARMmbed/mbedtls.git
diff --git a/README.md b/README.md
index a2dc2fa..0fbf8b6 100644
--- a/README.md
+++ b/README.md
@@ -62,3 +62,39 @@ However, many would need the firmware to be shipped to manufactures.
 ## TODOs App and Basestation
 * extend this beyond the simple basestation
 * read keys form national databases
+
+
+
+
+## Updates Over the Air
+
+### Compiling the Bootloader
+The bootloader is responsible to manage the application images.
+
+Make sure that you have installed the correct toolchain
+
+export GNUARMEMB_TOOLCHAIN_PATH="~/Applications/ARM"
+export ZEPHYR_TOOLCHAIN_VARIANT=gnuarmemb   
+You might need to install missing python modules
+
+1. Install west "python3 -m pip install west"
+2. Create temporary directory "mkdir boot && cd boot"
+3. Init west "west init --mr v2.3.0"
+4. Update west "west update"
+5. Update ./bootloader/mcuboot/boot/zephyr/keys.c and update it with custom keys (required for production usage)
+5. Build the bootloader "west build -d build -b nrf52840dk_nrf52840 -s ./bootloader/mcuboot/boot/zephyr" (if you encounter errors, remove the build directory before retrying)
+
+
+### Install packages for signing
+
+```
+~/.platformio/penv/bin/python3 -m pip install cryptography cbor intelhex
+```
+
+
+TODO:
+
+Check arguments for imgtool signing
+* slot size
+* alignment
+* header size
\ No newline at end of file
diff --git a/extra_script.py b/extra_script.py
index a6fbd03..0a054e5 100644
--- a/extra_script.py
+++ b/extra_script.py
@@ -1,6 +1,8 @@
 Import("env", "projenv")
 
 from os.path import isdir, join
+import subprocess
+
 
 try:
     import configparser
@@ -21,7 +23,20 @@ if 'PIOENV' in projenv:
 # access to global build environment
 print("Using boot hex file: " + str(boot_hex_file))
 
+
+def append_signed_path(source_path):
+    return "{0}_signed.{1}".format(*source_path.rsplit('.', 1))
+
+def sign_source(source):
+
+    source_path = source[0].get_path()
+    signed_source_path = append_signed_path(source[0].get_path())
+
+    print("Signing %s to %s" % (source_path, signed_source_path))
+    res = env.Execute("$PYTHONEXE ./boot/bootloader/mcuboot/scripts/imgtool.py sign --key ./boot/bootloader/mcuboot/root-rsa-2048.pem --header-size 0x200 --align 8 --version 1.0 --slot-size 0xE0000 %s %s" % (source_path, signed_source_path))
+
 def _jlink_cmd_script_overwrite(env, source):
+ 
     build_dir = env.subst("$BUILD_DIR")
     if not isdir(build_dir):
         makedirs(build_dir)
@@ -29,7 +44,7 @@ def _jlink_cmd_script_overwrite(env, source):
     
     commands = [ "h" ]
     commands.append("loadfile %s" % (boot_hex_file))
-    commands.append("loadfile %s" % (source))
+    commands.append("loadfile %s" % (append_signed_path(str(source))))
     commands.append("r")
     commands.append("q")
 
@@ -39,6 +54,8 @@ def _jlink_cmd_script_overwrite(env, source):
     return script_path
 
 def before_upload(source, target, env):    
+    sign_source(source)
     env.Replace(__jlink_cmd_script=_jlink_cmd_script_overwrite)
 
+
 env.AddPreAction("upload", before_upload)
\ No newline at end of file