diff options
author | Jamie Fox <jamie.fox@arm.com> | 2018-10-24 14:09:34 +0100 |
---|---|---|
committer | Jamie Fox <jamie.fox@arm.com> | 2018-12-06 10:20:24 +0000 |
commit | 287885f9515ae21cbbe3ad24984f3f22461f6f8b (patch) | |
tree | 67b2af2a6937e170b39e69da7e4bfa7d5a917ab6 | |
parent | 30654e8253d8e729d51478aabb99f04da72555d2 (diff) | |
download | trusted-firmware-m-287885f9515ae21cbbe3ad24984f3f22461f6f8b.tar.gz |
Build: Compile Mbed TLS as MinSizeRel by default
Changes the build system to compile Mbed TLS without debug symbols by
default. It can still be built with debug symbols by adding
-DMBEDTLS_DEBUG=ON to the CMake command. Most of the time TF-M
developers do not need to debug Mbed TLS, and building it as
"MinSizeRel" by default allows for smaller, faster binaries. It also
eliminates the need for Musca-specific build settings to shrink the
binary size.
Change-Id: I4b691a50f63ddbb4707a196bf7950f8e7603a32c
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
-rw-r--r-- | BuildMbedtls.cmake | 11 | ||||
-rw-r--r-- | CommonConfig.cmake | 9 | ||||
-rw-r--r-- | bl2/ext/mcuboot/CMakeLists.txt | 11 | ||||
-rwxr-xr-x | docs/user_guides/tfm_build_instruction.md | 8 | ||||
-rw-r--r-- | secure_fw/services/audit_logging/CMakeLists.txt | 7 | ||||
-rw-r--r-- | secure_fw/services/crypto/CMakeLists.txt | 7 | ||||
-rw-r--r-- | secure_fw/services/secure_storage/CMakeLists.txt | 7 |
7 files changed, 16 insertions, 44 deletions
diff --git a/BuildMbedtls.cmake b/BuildMbedtls.cmake index 89859207bc..d8411da20b 100644 --- a/BuildMbedtls.cmake +++ b/BuildMbedtls.cmake @@ -13,8 +13,8 @@ cmake_minimum_required(VERSION 3.7) set (MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") #Check input variables -if(NOT DEFINED MBEDTLS_BUILD_TYPE) - message(FATAL_ERROR "Please set MBEDTLS_BUILD_TYPE to 'Debug' or 'Release' before including this file.") +if(NOT DEFINED MBEDTLS_DEBUG) + message(FATAL_ERROR "Please set MBEDTLS_DEBUG to 'OFF' or 'ON' before including this file.") endif() if(NOT DEFINED MBEDTLS_SOURCE_DIR) @@ -33,6 +33,12 @@ if(NOT DEFINED MBEDTLS_TARGET_NAME) message(FATAL_ERROR "Please set MBEDTLS_TARGET_NAME before including this file.") endif() +if(MBEDTLS_DEBUG) + set(MBEDTLS_BUILD_TYPE "Debug") +else() + set(MBEDTLS_BUILD_TYPE "MinSizeRel") +endif() + #Based on preinclude input variables, decide if preinclude flags need to be appended if((NOT DEFINED MBEDTLS_PREINCLUDE_PREFIX) OR (NOT DEFINED MBEDTLS_PREINCLUDE_HEADER)) message(STATUS "Building mbedTLS without pre-included headers and global symbols prefixing.") @@ -72,6 +78,7 @@ externalproject_add(${MBEDTLS_TARGET_NAME} CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER_ID:string=${CMAKE_C_COMPILER_ID} CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS:string=${MBEDTLS_C_FLAGS} CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_DEBUG:string=${CMAKE_C_FLAGS_DEBUG} + CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_MINSIZEREL:string=${CMAKE_C_FLAGS_MINSIZEREL} CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_RELEASE:string=${CMAKE_C_FLAGS_RELEASE} CMAKE_CACHE_ARGS -DCMAKE_C_OUTPUT_EXTENSION:string=.o CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER_WORKS:bool=true diff --git a/CommonConfig.cmake b/CommonConfig.cmake index d5f4ab19bc..964a51c849 100644 --- a/CommonConfig.cmake +++ b/CommonConfig.cmake @@ -230,14 +230,7 @@ if (NOT DEFINED ENABLE_SECURE_STORAGE) endif() if (NOT DEFINED MBEDTLS_DEBUG) - if (${COMPILER} STREQUAL "GNUARM" AND ${TARGET_PLATFORM} MATCHES "MUSCA_A|MUSCA_B1" AND BL2) - #The size of the MCUboot binary compiled with GCC exceeds the size limit on - #Musca-A/B1. By turning off the mbed TLS debug build is a good way to go below - #that limit, while it is still possible to debug TFM/bootloader code. - set (MBEDTLS_DEBUG OFF) - else () - set (MBEDTLS_DEBUG ON) - endif () + set(MBEDTLS_DEBUG OFF) endif() ##Set mbedTLS compiler flags for BL2 bootloader diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt index d488825b27..a8c544031e 100644 --- a/bl2/ext/mcuboot/CMakeLists.txt +++ b/bl2/ext/mcuboot/CMakeLists.txt @@ -26,10 +26,6 @@ elseif(NOT BL2) return() endif() -if (NOT DEFINED MBEDTLS_DEBUG) - message(FATAL_ERROR "Incomplete build configuration: MBEDTLS_DEBUG is undefined.") -endif() - if (NOT DEFINED MBEDTLS_C_FLAGS_BL2) message(FATAL_ERROR "Incomplete build configuration: MBEDTLS_C_FLAGS_BL2 is undefined.") endif() @@ -78,13 +74,6 @@ endif() set (MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls") set (MBEDTLS_INSTALL_DIR ${MBEDTLS_BINARY_DIR}/mbedtls_install) -#Set build type for mbedtls libraries -if (MBEDTLS_DEBUG) - set(MBEDTLS_BUILD_TYPE "Debug") -else() - set(MBEDTLS_BUILD_TYPE "Release") -endif() - #Build mbedtls as external project. #This ensures mbedtls is built with exactly defined settings. #mbedtls will be used from is't install location diff --git a/docs/user_guides/tfm_build_instruction.md b/docs/user_guides/tfm_build_instruction.md index 9f9976495a..2ed3ad85d9 100755 --- a/docs/user_guides/tfm_build_instruction.md +++ b/docs/user_guides/tfm_build_instruction.md @@ -7,11 +7,15 @@ Please make sure you have all required software installed as explained in the TF-M uses [cmake](https://cmake.org/overview/) to provide an out-of-tree build environment. The instructions are below. -*Note* In the cmake configuration step, to enable debug symbols, the following +*Note:* In the cmake configuration step, to enable debug symbols, the following option should be added: - `-DCMAKE_BUILD_TYPE=Debug` +*Note:* `-DCMAKE_BUILD_TYPE=Debug` only enables debug symbols for TF-M code. To +enable debug symbols for the Mbed TLS library, add the following option to the +CMake command: +`-DMBEDTLS_DEBUG=ON` + ### External dependency * CMSIS_5 is used to import RTX for the example non-secure app * mbedtls is used as crypto library on the secure side diff --git a/secure_fw/services/audit_logging/CMakeLists.txt b/secure_fw/services/audit_logging/CMakeLists.txt index b7849c7632..c906a2aefd 100644 --- a/secure_fw/services/audit_logging/CMakeLists.txt +++ b/secure_fw/services/audit_logging/CMakeLists.txt @@ -38,13 +38,6 @@ if (NOT DEFINED TFM_LVL) message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ") endif() -#Set build type for mbedtls libraries -if (MBEDTLS_DEBUG) - set(MBEDTLS_BUILD_TYPE "Debug") -else() - set(MBEDTLS_BUILD_TYPE "Release") -endif() - #Set preinclude header options for mbedtls set(MBEDTLS_PREINCLUDE_PREFIX __tfm_audit__) set(MBEDTLS_PREINCLUDE_HEADER ${AUDIT_LOGGING_DIR}/mbedtls_global_symbols.h) diff --git a/secure_fw/services/crypto/CMakeLists.txt b/secure_fw/services/crypto/CMakeLists.txt index 8d42a5d86c..e004836743 100644 --- a/secure_fw/services/crypto/CMakeLists.txt +++ b/secure_fw/services/crypto/CMakeLists.txt @@ -41,13 +41,6 @@ else() set (TFM_LVL 1) endif() -#Set build type for mbed TLS libraries -if (MBEDTLS_DEBUG) - set(MBEDTLS_BUILD_TYPE "Debug") -else() - set(MBEDTLS_BUILD_TYPE "Release") -endif() - #Set preinclude header options for mbed TLS set(MBEDTLS_PREINCLUDE_PREFIX __tfm_crypto__) set(MBEDTLS_PREINCLUDE_HEADER ${CRYPTO_DIR}/mbedtls_global_symbols.h) diff --git a/secure_fw/services/secure_storage/CMakeLists.txt b/secure_fw/services/secure_storage/CMakeLists.txt index 21d3f53b9a..dd963c72a4 100644 --- a/secure_fw/services/secure_storage/CMakeLists.txt +++ b/secure_fw/services/secure_storage/CMakeLists.txt @@ -38,13 +38,6 @@ if (NOT DEFINED TFM_LVL) message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ") endif() -#Set build type for mbedtls libraries -if (MBEDTLS_DEBUG) - set(MBEDTLS_BUILD_TYPE "Debug") -else() - set(MBEDTLS_BUILD_TYPE "Release") -endif() - #Set preinclude header options for mbedtls set(MBEDTLS_PREINCLUDE_PREFIX __tfm_storage__) set(MBEDTLS_PREINCLUDE_HEADER ${SECURE_STORAGE_DIR}/crypto/mbedtls_global_symbols.h) |