From a713eb4e03296f84c464800f93b64d39c764107e Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 22 Jun 2025 20:22:38 +0200
Subject: [PATCH 1/3] Fix ESP32 build.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 CMakeLists.txt             | 10 +++++-----
 pico-keys-sdk              |  2 +-
 src/openpgp/CMakeLists.txt |  2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 37fe6fb..8d618ba 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,7 +45,11 @@ else()
     add_executable(pico_openpgp)
 endif()
 
-set(SOURCES ${SOURCES}
+set(USB_ITF_CCID 1)
+set(USB_ITF_WCID 1)
+include(pico-keys-sdk/pico_keys_sdk_import.cmake)
+
+set(SOURCES ${PICO_KEYS_SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/piv.c
@@ -70,10 +74,6 @@ set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/defs.c
 )
 
-set(USB_ITF_CCID 1)
-set(USB_ITF_WCID 1)
-include(pico-keys-sdk/pico_keys_sdk_import.cmake)
-
 SET_VERSION(ver_major ver_minor "${CMAKE_CURRENT_LIST_DIR}/src/openpgp/version.h" 1)
 
 if(ESP_PLATFORM)
diff --git a/pico-keys-sdk b/pico-keys-sdk
index 580b0ac..113e720 160000
--- a/pico-keys-sdk
+++ b/pico-keys-sdk
@@ -1 +1 @@
-Subproject commit 580b0acffa8e685caee4508fb656b78247064248
+Subproject commit 113e720fcaaa6b9ca74d114bee1923bb2619ba3b
diff --git a/src/openpgp/CMakeLists.txt b/src/openpgp/CMakeLists.txt
index a0fff70..3dff49c 100644
--- a/src/openpgp/CMakeLists.txt
+++ b/src/openpgp/CMakeLists.txt
@@ -1,6 +1,6 @@
 idf_component_register(
     SRCS ${SOURCES}
     INCLUDE_DIRS . ../../pico-keys-sdk/src ../../pico-keys-sdk/src/fs ../../pico-keys-sdk/src/rng ../../pico-keys-sdk/src/usb ../../pico-keys-sdk/tinycbor/src
-    REQUIRES bootloader_support esp_partition esp_tinyusb zorxx__neopixel mbedtls efuse
+    REQUIRES mbedtls efuse
 )
 idf_component_set_property(${COMPONENT_NAME} WHOLE_ARCHIVE ON)

From edfcd087c1959347ca88fe369301769d7eaa07b1 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 22 Jun 2025 20:26:53 +0200
Subject: [PATCH 2/3] Fix cross build.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 CMakeLists.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8d618ba..c601804 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -49,7 +49,10 @@ set(USB_ITF_CCID 1)
 set(USB_ITF_WCID 1)
 include(pico-keys-sdk/pico_keys_sdk_import.cmake)
 
-set(SOURCES ${PICO_KEYS_SOURCES}
+if(NOT ESP_PLATFORM)
+    set(SOURCES ${PICO_KEYS_SOURCES})
+endif()
+set(SOURCES ${SOURCES}
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/openpgp.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/files.c
         ${CMAKE_CURRENT_LIST_DIR}/src/openpgp/piv.c

From 33ce1c50aa335d298434239cc1daf53997b43af5 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sat, 5 Jul 2025 00:52:30 +0200
Subject: [PATCH 3/3] Add autobuild for RP2350.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 .github/workflows/nightly.yml | 7 +++++++
 build_pico_openpgp.sh         | 5 +++--
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index c55ee85..1ff1a9e 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -19,13 +19,20 @@ jobs:
         with:
           ref: ${{ matrix.refs }}
           submodules: 'recursive'
+      - name: Restore private key
+        run: |
+          echo "${{ secrets.PRIVATE_KEY_B64 }}" | base64 -d > private.pem
+          chmod 600 private.pem
       - name : Build
         env:
           PICO_SDK_PATH: ../pico-sdk
+          SECURE_BOOT_PKEY: ../private.pem
         run: |
            ./workflows/autobuild.sh pico
            ./build_pico_openpgp.sh --no-eddsa
            ./workflows/autobuild.sh esp32
+      - name: Delete private key
+        run: rm private.pem
       - name: Update nightly release
         uses: pyTooling/Actions/releaser@main
         with:
diff --git a/build_pico_openpgp.sh b/build_pico_openpgp.sh
index 9ffde94..46ea1b6 100755
--- a/build_pico_openpgp.sh
+++ b/build_pico_openpgp.sh
@@ -23,12 +23,13 @@ fi
 cd build_release
 
 PICO_SDK_PATH="${PICO_SDK_PATH:-../../pico-sdk}"
+SECURE_BOOT_PKEY="${SECURE_BOOT_PKEY:-../../ec_private_key.pem}"
 board_dir=${PICO_SDK_PATH}/src/boards/include/boards
 for board in "$board_dir"/*
 do
     board_name="$(basename -- "$board" .h)"
     rm -rf -- ./*
-    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem
+    PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY}
     make -j`nproc`
     mv pico_openpgp.uf2 ../release/pico_openpgp_$board_name-$SUFFIX.uf2
 done
@@ -40,7 +41,7 @@ if [[ $NO_EDDSA -eq 0 ]]; then
     do
         board_name="$(basename -- "$board" .h)"
         rm -rf -- ./*
-        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=../../ec_private_key.pem -DENABLE_EDDSA=1
+        PICO_SDK_PATH="${PICO_SDK_PATH}" cmake .. -DPICO_BOARD=$board_name -DSECURE_BOOT_PKEY=${SECURE_BOOT_PKEY} -DENABLE_EDDSA=1
         make -j`nproc`
         mv pico_openpgp.uf2 ../release_eddsa/pico_openpgp_$board_name-$SUFFIX-eddsa1.uf2
     done