aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Narkevitch <ainh@cypress.com>2020-01-20 11:45:23 -0800
committerDavid Hu <david.hu@arm.com>2020-01-23 01:47:17 +0000
commita995432c475dcf14fc189b2d689e05573a0c85a2 (patch)
tree92c3320d923f7e8ab7804085d796a403c4968f3f
parent995bb45fed30c65108e5189d0fd0cee78573fd18 (diff)
downloadtrusted-firmware-m-a995432c475dcf14fc189b2d689e05573a0c85a2.tar.gz
Platform: update sign.py for cysecuretools v1.3.3 (psoc64)
Fixed artifacts file names, updated the doc. Also added a section about flashing the images with PyOCD. Signed-off-by: Andrei Narkevitch <ainh@cypress.com> Change-Id: Ibe9d2e6a412637cd92f5d3848fa9d54dc5815bbd
-rw-r--r--platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst49
-rwxr-xr-xplatform/ext/target/cypress/psoc64/security/sign.py17
2 files changed, 50 insertions, 16 deletions
diff --git a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
index 91203ea66..ddef62ec3 100644
--- a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
+++ b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
@@ -308,12 +308,21 @@ Note: each image can be signed individually, for example:
-d cy8ckit-064b0s2-4343w \
-s <build folder>/tfm_s.hex
+Running the sign.py script will result in creation of the following files:
+
+tfm_<s/ns>_signed.hex - signed image for programming
+tfm_<s/ns>_unsigned.hex - a copy of original unsigned hex file for reference
+tfm_<s/ns>_upgrade.hex - signed image for upgrade (if device policy specifies
+ upgrade slot). Flashing this image into device will
+ trigger the image update. Upgrade image from the
+ secondary slot will be moved to the primary slot.
+
**********************
Programming the Device
**********************
After building and signing, the TFM images must be programmed into flash
-memory on the PSoC64 device. There are two methods to program it.
+memory on the PSoC64 device. There are three methods to program it.
DAPLink mode
============
@@ -327,17 +336,17 @@ Copy tfm hex files one by one to the DAPLINK device:
.. code-block:: bash
- cp <build folder>/tfm_ns.hex <mount point>/DAPLINK/; sync
- cp <build folder>/tfm_s.hex <mount point>/DAPLINK/; sync
+ cp <build folder>/tfm_ns_signed.hex <mount point>/DAPLINK/; sync
+ cp <build folder>/tfm_s_signed.hex <mount point>/DAPLINK/; sync
OpenOCD v.2.2
=============
Using KitProg3 mode button, switch to KitProg3 CMSIS-DAP BULK mode.
Status LED should be ON and not blinking.
-To program the signed tfm_s image to the device with openocd (assuming
-OPENOCD_PATH is pointing at the openocd installation directory) run the
-following commands:
+To program the signed tfm_s and tfm_ns images to the device with openocd
+(assuming OPENOCD_PATH is pointing at the openocd installation directory)
+run the following commands:
.. code-block:: bash
@@ -349,7 +358,7 @@ following commands:
-f interface/kitprog3.cfg \
-c "set ENABLE_ACQUIRE 0" \
-f target/psoc6_2m_secure.cfg \
- -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_s.hex" \
+ -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_s_signed.hex" \
-c "resume; reset; exit"
${OPENOCD_PATH}/bin/openocd \
@@ -357,7 +366,7 @@ following commands:
-f interface/kitprog3.cfg \
-c "set ENABLE_ACQUIRE 0" \
-f target/psoc6_2m_secure.cfg \
- -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_ns.hex" \
+ -c "init; reset init; flash write_image erase ${BUILD_DIR}/tfm_ns_signed.hex" \
-c "resume; reset; exit"
Optionally, erase SST partition:
@@ -379,6 +388,30 @@ address of the secure primary image specified in the file:
so be sure to change it if you change that file.
+
+PyOCD v.0.23.0
+==============
+
+PyOCD v0.23.0 is installed by CySecureTools automatically. It can be used
+to program TFM images into the board.
+
+Using KitProg3 mode button, switch to KitProg3 CMSIS-DAP BULK mode.
+Status LED should be ON and not blinking.
+To program the signed tfm_s and tfm_ns images to the device with pyocd
+run the following commands:
+
+.. code-block:: bash
+
+ pyocd flash -t cy8c64xa_cm4_full_flash ${BUILD_DIR}/tfm_s_signed.hex
+
+ pyocd flash -t cy8c64xa_cm4_full_flash ${BUILD_DIR}/tfm_ns_signed.hex
+
+Optionally, erase SST partition:
+
+.. code-block:: bash
+
+ pyocd erase -t cy8c64xa_cm4_full_flash 0x101c0000+0x10000
+
*Copyright (c) 2017-2019, Arm Limited. All rights reserved.*
*Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.*
diff --git a/platform/ext/target/cypress/psoc64/security/sign.py b/platform/ext/target/cypress/psoc64/security/sign.py
index f5315101c..214b14085 100755
--- a/platform/ext/target/cypress/psoc64/security/sign.py
+++ b/platform/ext/target/cypress/psoc64/security/sign.py
@@ -73,36 +73,37 @@ def main(argv):
if options.s_hex_file:
print('signing tfm_s image:', options.s_hex_file)
+ tools.sign_image(options.s_hex_file, 1)
- # sign_image overwrites original image, make a copy of it
+ # rename signed image to *_signed.hex
name, ext = os.path.splitext(options.s_hex_file)
s_hex_signed_file = name + '_signed' + ext
try:
- copyfile(options.s_hex_file, s_hex_signed_file)
+ move(options.s_hex_file, s_hex_signed_file)
except IOError as e:
print("Failed to copy file '{}' to '{}' ({})"
.format(options.s_hex_file, s_hex_signed_file, e.message))
raise
-
- tools.sign_image(s_hex_signed_file, 1)
+ print('Signed TFM-S image:', s_hex_signed_file)
if options.ns_hex_file:
print('signing tfm_ns image:', options.ns_hex_file)
+ tools.sign_image(options.ns_hex_file, 16)
+ # rename signed image to *_signed.hex
name, ext = os.path.splitext(options.ns_hex_file)
ns_hex_signed_file = name + '_signed' + ext
try:
- copyfile(options.ns_hex_file, ns_hex_signed_file)
+ move(options.ns_hex_file, ns_hex_signed_file)
except IOError as e:
print("Failed to copy file '{}' to '{}' ({})"
.format(options.ns_hex_file, ns_hex_signed_file, e.message))
raise
-
- tools.sign_image(ns_hex_signed_file, 16)
+ print('Signed TFM-NS image:', ns_hex_signed_file)
# for CM4, sign_image creates an unsigned copy of the image
# named <image to sign>_cm4.hex. Delete it to avoid confusion.
- file_name = name + '_signed_cm4' + ext
+ file_name = name + '_cm4' + ext
if os.path.isfile(file_name):
try:
os.remove(file_name)