fix(cmake/signing): do not clean up the CONFIG_SECURE_BOOT_VERIFICATI… (IDFGH-13799) #14657
+2
−3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ON_KEY file provided separately
Description
with secure boot V1 remote signing, the private key is not part of the project, as the binaries are signed in a separate process. however, the derived verification key must be available at compile time.
if “Sign binaries during build” is deactivated according to the documentation and the generated verification key file is defined via CONFIG_SECURE_BOOT_VERIFICATION_KEY, then this verification key is currently deleted in a project clean!
this patch no longer deletes the file specified by the user.
Related
https://docs.espressif.com/projects/esp-idf/en/stable/esp32/security/secure-boot-v1.html#remote-signing-of-images
Testing
sdkconfig: