ec5904846b
Some checks failed
ClearGrow Controller CI / Run Unit Tests (push) Has been cancelled
ClearGrow Controller CI / Build Development Firmware (push) Has been cancelled
ClearGrow Controller CI / Build Production Firmware (push) Has been cancelled
ClearGrow Controller CI / CI Status Summary (push) Has been cancelled
60 lines
2.6 KiB
CMake
60 lines
2.6 KiB
CMake
# ClearGrow Controller Firmware
|
|
# ESP-IDF v5.2+ Project for ESP32-S3
|
|
|
|
cmake_minimum_required(VERSION 3.16)
|
|
|
|
# Include ESP-IDF build system
|
|
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
|
|
|
project(cleargrow-controller)
|
|
|
|
# ============================================================================
|
|
# Build Configuration Validation
|
|
# ============================================================================
|
|
# Verify that production security features are configured consistently.
|
|
# This catches misconfigurations before deployment.
|
|
|
|
if(CONFIG_SECURE_BOOT)
|
|
# Production build with secure boot enabled
|
|
if(NOT CONFIG_NVS_ENCRYPTION)
|
|
message(FATAL_ERROR
|
|
"\n"
|
|
"=================================================================\n"
|
|
"BUILD CONFIGURATION ERROR: Inconsistent Security Settings\n"
|
|
"=================================================================\n"
|
|
"CONFIG_SECURE_BOOT is enabled but CONFIG_NVS_ENCRYPTION is disabled.\n"
|
|
"\n"
|
|
"Production builds MUST enable NVS encryption to protect sensitive\n"
|
|
"data stored in flash (WiFi credentials, Thread network keys).\n"
|
|
"\n"
|
|
"To fix this:\n"
|
|
" 1. Use the production build configuration:\n"
|
|
" idf.py -D SDKCONFIG_DEFAULTS=\"sdkconfig.defaults;sdkconfig.defaults.prod\" build\n"
|
|
"\n"
|
|
" 2. OR manually enable in sdkconfig:\n"
|
|
" CONFIG_NVS_ENCRYPTION=y\n"
|
|
"\n"
|
|
"See: docs/guides/developer/onboarding/production-build.md\n"
|
|
"=================================================================\n"
|
|
)
|
|
endif()
|
|
|
|
# Verify flash encryption is also enabled in secure boot builds
|
|
if(NOT CONFIG_SECURE_FLASH_ENC_ENABLED)
|
|
message(WARNING
|
|
"\n"
|
|
"=================================================================\n"
|
|
"BUILD CONFIGURATION WARNING: Flash Encryption Recommended\n"
|
|
"=================================================================\n"
|
|
"CONFIG_SECURE_BOOT is enabled but CONFIG_SECURE_FLASH_ENC_ENABLED\n"
|
|
"is disabled. Production builds should enable both for defense-in-depth.\n"
|
|
"\n"
|
|
"Flash encryption protects firmware and data from physical readout.\n"
|
|
"\n"
|
|
"To enable:\n"
|
|
" Use: idf.py -D SDKCONFIG_DEFAULTS=\"sdkconfig.defaults;sdkconfig.defaults.prod\" build\n"
|
|
"=================================================================\n"
|
|
)
|
|
endif()
|
|
endif()
|