diff options
author | Andrei Narkevitch <ainh@cypress.com> | 2020-01-20 11:45:23 -0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2020-01-23 01:47:17 +0000 |
commit | a995432c475dcf14fc189b2d689e05573a0c85a2 (patch) | |
tree | 92c3320d923f7e8ab7804085d796a403c4968f3f | |
parent | 995bb45fed30c65108e5189d0fd0cee78573fd18 (diff) | |
download | trusted-firmware-m-a995432c475dcf14fc189b2d689e05573a0c85a2.tar.gz |
Platform: update sign.py for cysecuretools v1.3.3 (psoc64)
Fixed artifacts file names, updated the doc.
Also added a section about flashing the images with PyOCD.
Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: Ibe9d2e6a412637cd92f5d3848fa9d54dc5815bbd
-rw-r--r-- | platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst | 49 | ||||
-rwxr-xr-x | platform/ext/target/cypress/psoc64/security/sign.py | 17 |
2 files changed, 50 insertions, 16 deletions
diff --git a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst index 91203ea662..ddef62ec30 100644 --- a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst +++ b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst @@ -308,12 +308,21 @@ Note: each image can be signed individually, for example: -d cy8ckit-064b0s2-4343w \ -s <build folder>/tfm_s.hex +Running the sign.py script will result in creation of the following files: + +tfm_<s/ns>_signed.hex - signed image for programming +tfm_<s/ns>_unsigned.hex - a copy of original unsigned hex file for reference +tfm_<s/ns>_upgrade.hex - signed image for upgrade (if device policy specifies + upgrade slot). Flashing this image into device will + trigger the image update. Upgrade image from the + secondary slot will be moved to the primary slot. + ********************** Programming the Device ********************** After building and signing, the TFM images must be programmed into flash -memory on the PSoC64 device. There are two methods to program it. +memory on the PSoC64 device. There are three methods to program it. DAPLink mode ============ @@ -327,17 +336,17 @@ Copy tfm hex files one by one to the DAPLINK device: .. code-block:: bash - cp <build folder>/tfm_ns.hex <mount point>/DAPLINK/; sync - cp <build folder>/tfm_s.hex <mount point>/DAPLINK/; sync + cp <build folder>/tfm_ns_signed.hex <mount point>/DAPLINK/; sync + cp <build folder>/tfm_s_signed.hex <mount point>/DAPLINK/; sync OpenOCD v.2.2 ============= Using KitProg3 mode button, switch to KitProg3 CMSIS-DAP BULK mode. Status LED should be ON and not blinking. -To program the signed tfm_s image to the device with openocd (assuming -OPENOCD_PATH is pointing at the openocd installation directory) run the -following commands: +To program the signed tfm_s and tfm_ns images to the device with openocd +(assuming OPENOCD_PATH is pointing at the openocd installation directory) +run the following commands: .. code-block:: bash @@ -349,7 +358,7 @@ following commands: -f interface/kitprog3.cfg \ -c "set ENABLE_ACQUIRE 0" \ -f target/psoc6_2m_secure.cfg \ - -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_s.hex" \ + -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_s_signed.hex" \ -c "resume; reset; exit" ${OPENOCD_PATH}/bin/openocd \ @@ -357,7 +366,7 @@ following commands: -f interface/kitprog3.cfg \ -c "set ENABLE_ACQUIRE 0" \ -f target/psoc6_2m_secure.cfg \ - -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_ns.hex" \ + -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_ns_signed.hex" \ -c "resume; reset; exit" Optionally, erase SST partition: @@ -379,6 +388,30 @@ address of the secure primary image specified in the file: so be sure to change it if you change that file. + +PyOCD v.0.23.0 +============== + +PyOCD v0.23.0 is installed by CySecureTools automatically. It can be used +to program TFM images into the board. + +Using KitProg3 mode button, switch to KitProg3 CMSIS-DAP BULK mode. +Status LED should be ON and not blinking. +To program the signed tfm_s and tfm_ns images to the device with pyocd +run the following commands: + +.. code-block:: bash + + pyocd flash -t cy8c64xa_cm4_full_flash ${BUILD_DIR}/tfm_s_signed.hex + + pyocd flash -t cy8c64xa_cm4_full_flash ${BUILD_DIR}/tfm_ns_signed.hex + +Optionally, erase SST partition: + +.. code-block:: bash + + pyocd erase -t cy8c64xa_cm4_full_flash 0x101c0000+0x10000 + *Copyright (c) 2017-2019, Arm Limited. All rights reserved.* *Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.* diff --git a/platform/ext/target/cypress/psoc64/security/sign.py b/platform/ext/target/cypress/psoc64/security/sign.py index f5315101c7..214b14085d 100755 --- a/platform/ext/target/cypress/psoc64/security/sign.py +++ b/platform/ext/target/cypress/psoc64/security/sign.py @@ -73,36 +73,37 @@ def main(argv): if options.s_hex_file: print('signing tfm_s image:', options.s_hex_file) + tools.sign_image(options.s_hex_file, 1) - # sign_image overwrites original image, make a copy of it + # rename signed image to *_signed.hex name, ext = os.path.splitext(options.s_hex_file) s_hex_signed_file = name + '_signed' + ext try: - copyfile(options.s_hex_file, s_hex_signed_file) + move(options.s_hex_file, s_hex_signed_file) except IOError as e: print("Failed to copy file '{}' to '{}' ({})" .format(options.s_hex_file, s_hex_signed_file, e.message)) raise - - tools.sign_image(s_hex_signed_file, 1) + print('Signed TFM-S image:', s_hex_signed_file) if options.ns_hex_file: print('signing tfm_ns image:', options.ns_hex_file) + tools.sign_image(options.ns_hex_file, 16) + # rename signed image to *_signed.hex name, ext = os.path.splitext(options.ns_hex_file) ns_hex_signed_file = name + '_signed' + ext try: - copyfile(options.ns_hex_file, ns_hex_signed_file) + move(options.ns_hex_file, ns_hex_signed_file) except IOError as e: print("Failed to copy file '{}' to '{}' ({})" .format(options.ns_hex_file, ns_hex_signed_file, e.message)) raise - - tools.sign_image(ns_hex_signed_file, 16) + print('Signed TFM-NS image:', ns_hex_signed_file) # for CM4, sign_image creates an unsigned copy of the image # named <image to sign>_cm4.hex. Delete it to avoid confusion. - file_name = name + '_signed_cm4' + ext + file_name = name + '_cm4' + ext if os.path.isfile(file_name): try: os.remove(file_name) |