option (ENABLE_SECURE_BOOT "Build signed binary for Secure Boot" OFF)

if (ENABLE_SECURE_BOOT)
    message(STATUS "Secure boot enabled")
    # NXP CST utility
    set(CST_PATH "" CACHE PATH "NXP Code Signing Tool (CST) utility exec. path. PATH lookup if not specified.")
    if (NOT CST_PATH)
        message(STATUS "Using NXP CST utility from PATH")
    else ()
        message(STATUS "Using NXP CST utility path: ${CST_PATH}")
    endif ()
    # NXP elftosb utility
    set(ELFTOSB_PATH "" CACHE FILEPATH "NXP elftosb utility exec. path. PATH lookup if not specified.")
    if (NOT ELFTOSB_PATH)
        message(STATUS "Using NXP elftosb utility from PATH")
    else ()
        message(STATUS "Using NXP elftosb utility path: ${ELFTOSB_PATH}")
    endif ()
    # SRK table
    set(SRK_TABLE "" CACHE FILEPATH "Super Root Key (SRK) table in a binary form (generated by NXP srktool)")
    if (NOT SRK_TABLE)
        message(FATAL_ERROR "SRK_TABLE not specified (required for Secure Boot)")
    endif ()
    # SRK index
    set(SRK_INDEX "" CACHE STRING "SRK key index in the SRK table (0-3)")
    if (NOT SRK_INDEX)
        set(SRK_INDEX "0" CACHE STRING "" FORCE)
    endif ()
    # CSF key
    set(CSF_KEY "" CACHE FILEPATH "CSF key in PEM format for CSF authentication")
    if (NOT CSF_KEY)
        message(FATAL_ERROR "CSF_KEY not specified (required for Secure Boot)")
    endif ()
    # IMG key
    set(IMG_KEY "" CACHE FILEPATH "IMG key in PEM format for image authentication")
    if (NOT IMG_KEY)
        message(FATAL_ERROR "IMG_KEY not specified (required for Secure Boot)")
    endif ()

    message(STATUS "Using SRK table: ${SRK_TABLE}")
    message(STATUS "Using SRK index: ${SRK_INDEX}")
    message(STATUS "Using CSF key: ${CSF_KEY}")
    message(STATUS "Using IMG key: ${IMG_KEY}")

    configure_file(
        ${CMAKE_SOURCE_DIR}/config/imx_authenticated_hab.cmake_template
        ${CMAKE_BINARY_DIR}/imx_authenticated_hab.bd
        )
endif ()