Apply suggestions from code review

umbynos · per1234 · umbynos · commit 06f4bebb0205 · 2022-03-24T10:12:28.000+01:00
Co-authored-by: per1234 &lt;accounts@perglass.com&gt;
diff --git a/docs/guides/secure-boot.md b/docs/guides/secure-boot.md
@@ -1,23 +1,26 @@
 ### Secure Boot
 
-Some boards supports the secure boot. Basically the compiled sketch can be signed and encrypted with a
-[tool](../platform-specification.md#tools) before being flashed to the target board. The bootloader of the board is then
-responsible for starting the compiled sketch if the matching keys are used.
+A "secure boot" capability may be offered by Arduino boards platforms.
+
+The compiled sketch is signed and encrypted by a [tool](../platform-specification.md#tools) before being flashed to the
+target board. The bootloader of the board is then responsible for starting the compiled sketch only if the matching keys
+are used.
 
 To be able to correctly carry out all the operations at the end of the build we can leverage the
 [post build hooks](../platform-specification.md#pre-and-post-build-hooks-since-arduino-ide-165) to sign and encrypt a
 binary by using `recipe.hooks.objcopy.postobjcopy.NUMBER.pattern` key in
-[`platform.txt`](../platform-specification.md#platformtxt). The security keys used are defined in the boards file, this
-way there could be different keys for different boards.
+[`platform.txt`](../platform-specification.md#platformtxt). The security keys used are defined in the
+[`boards.txt`](../platform-specification.md#boardstxt) file, this way there could be different keys for different
+boards.
 
 ```
 [...]
-## Create output secure image (bin file)
+## Create secure image (bin file)
 recipe.hooks.objcopy.postobjcopy.1.pattern={build.postbuild.cmd}
+
 #
 # IMGTOOL
 #
-
 tools.imgtool.cmd=imgtool
 tools.imgtool.build.pattern=sign --key "{build.keys.keychain}/{build.keys.sign_key}" --encrypt "{build.keys.keychain}/{build.keys.encrypt_key}" "{build.path}/{build.project_name}.bin" "{build.path}/{build.project_name}.bin" --align {build.alignment} --max-align {build.alignment} --version {build.version} --header-size {build.header_size} --pad-header --slot-size {build.slot_size}
 [...]
@@ -38,17 +41,15 @@ envie_m7.menu.security.sien=Signature + Encryption
 envie_m7.menu.security.sien.build.postbuild.cmd="{tools.imgtool.cmd}" {tools.imgtool.build.pattern}
 envie_m7.menu.security.none.build.postbuild.cmd="{tools.imgtool.cmd}" exit
 
-envie_m7.menu.security.sien.build.keys.type=public_keys
 envie_m7.menu.security.sien.build.keys.keychain={runtime.hardware.path}/Default_Keys
 envie_m7.menu.security.sien.build.keys.sign_key=default-signing-key.pem
 envie_m7.menu.security.sien.build.keys.encrypt_key=default-encrypt-key.pem
 [...]
 ```
 
-Currently we support the secure boot only with `build.keys.type=public_keys` but in the future other ways can be added.
 The security keys can be added with:
 
-- `keys.keychain` indicates the path of the dir where to search for the custom keys to sign and encrypt a binary.
-- `keys.sign_key` indicates the name of the custom signing key to use to sign a binary during the compile process.
-- `keys.encrypt_key` indicates the name of the custom encryption key to use to encrypt a binary during the compile
+- `build.keys.keychain` indicates the path of the dir where to search for the custom keys to sign and encrypt a binary.
+- `build.keys.sign_key` indicates the name of the custom signing key to use to sign a binary during the compile process.
+- `build.keys.encrypt_key` indicates the name of the custom encryption key to use to encrypt a binary during the compile
   process.
diff --git a/docs/platform-specification.md b/docs/platform-specification.md
@@ -155,8 +155,8 @@ the name of the architecture is set as well.
 
 There are some other **{build.xxx}** properties available, that are explained in the boards.txt section of this guide.
 
-Some of them allows to specify trusted security credentials (sign and encryption keys) that can be used for the secure
-boot:
+Some of them allow specifying trusted security credentials (signing and encryption keys) that can be used by a
+["secure boot" system](guides/secure-boot.md):
 
 - `build.keys.keychain`: for the directory containing the keys
 - `build.keys.sign_key`: for the signing key
diff --git a/legacy/builder/setup_build_properties.go b/legacy/builder/setup_build_properties.go
@@ -127,13 +127,10 @@ func (s *SetupBuildProperties) Run(ctx *types.Context) error {
 
 	buildProperties.Merge(ctx.PackageManager.CustomGlobalProperties)
 
-	if !buildProperties.ContainsKey("build.keys.type") {
-		buildProperties.Set("build.keys.type", "public_keys") // The default is "pubblic_keys" for now
-	}
 	keychainProp := buildProperties.ContainsKey("build.keys.keychain")
 	signProp := buildProperties.ContainsKey("build.keys.sign_key")
 	encryptProp := buildProperties.ContainsKey("build.keys.encrypt_key")
-	// we verify that all the properties for the secure boot keys are defined or nono of them is defined.
+	// we verify that all the properties for the secure boot keys are defined or none of them is defined.
 	if !(keychainProp || signProp || encryptProp) && (keychainProp && signProp && encryptProp) {
 		return errors.Errorf("%s core does not specify correctly default sign and encryption keys", ctx.BuildCore)
 	}
diff --git a/test/testdata/platform_with_secure_boot/boards.local.txt b/test/testdata/platform_with_secure_boot/boards.local.txt
@@ -6,7 +6,6 @@ uno.menu.security.sien=Signature + Encryption
 uno.menu.security.sien.build.postbuild.cmd="{tools.imgtool.cmd}" {tools.imgtool.build.pattern}
 uno.menu.security.none.build.postbuild.cmd="{tools.imgtool.cmd}" exit
 
-uno.menu.security.sien.build.keys.type=public_keys
 uno.menu.security.sien.build.keys.keychain={runtime.hardware.path}/Default_Keys
 uno.menu.security.sien.build.keys.sign_key=default-signing-key.pem
 uno.menu.security.sien.build.keys.encrypt_key=default-encrypt-key.pem
