aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst17
-rw-r--r--platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json175
-rw-r--r--platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json (renamed from platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json)337
3 files changed, 185 insertions, 344 deletions
diff --git a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
index 783b2a6980..91203ea662 100644
--- a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
+++ b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst
@@ -9,6 +9,9 @@ Prerequisites
PSoC64 must first be provisioned with SecureBoot firmware and a provisioning packet
containing policy and secure keys. Please refer to the guide at
https://www.cypress.com/documentation/software-and-drivers/psoc-64-secure-mcu-secure-boot-sdk-user-guide
+Use the following policy file for provisioning and signing:
+policy_multi_img_CM0p_CM4_debug_2M.json
+
Please make sure you have all required software installed as explained in the
:doc:`software requirements </docs/user_guides/tfm_sw_requirement>`.
@@ -284,8 +287,8 @@ Sign the images (sign.py overwrites unsigned files with signed ones):
.. code-block:: bash
./platform/ext/target/cypress/psoc64/security/sign.py \
- -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \
- -d cy8cproto-064s2-sb \
+ -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \
+ -d cy8ckit-064b0s2-4343w \
-s <build folder>/tfm_s.hex \
-n <build folder>/tfm_ns.hex
@@ -294,15 +297,15 @@ Note: each image can be signed individually, for example:
.. code-block:: bash
./platform/ext/target/cypress/psoc64/security/sign.py \
- -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \
- -d cy8cproto-064s2-sb \
+ -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \
+ -d cy8ckit-064b0s2-4343w \
-n <build folder>/tfm_ns.hex
.. code-block:: bash
./platform/ext/target/cypress/psoc64/security/sign.py \
- -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \
- -d cy8cproto-064s2-sb \
+ -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \
+ -d cy8ckit-064b0s2-4343w \
-s <build folder>/tfm_s.hex
**********************
@@ -378,4 +381,4 @@ so be sure to change it if you change that file.
*Copyright (c) 2017-2019, Arm Limited. All rights reserved.*
-*Copyright (c) 2019, Cypress Semiconductor Corporation. All rights reserved.*
+*Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.*
diff --git a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json b/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json
deleted file mode 100644
index 71c539ddc6..0000000000
--- a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json
+++ /dev/null
@@ -1,175 +0,0 @@
-{
- "debug" :
- {
- "m0p" : {
- "permission" : "enabled",
- "control" : "firmware",
- "key" : 5
- },
- "m4" : {
- "permission" : "allowed",
- "control" : "firmware",
- "key" : 5
- },
- "system" : {
- "permission" : "enabled",
- "control" : "firmware",
- "key" : 5,
- "syscall": true,
- "mmio": true,
- "flash": true,
- "workflash": true,
- "sflash": true,
- "sram": true
- },
- "rma" : {
- "permission" : "allowed",
- "destroy_fuses" : [
- {
- "start" : 888,
- "size" : 136
- },
- {
- "start" : 648,
- "size" : 104
- }
- ],
- "destroy_flash" : [
- {
- "start" : 268435456,
- "size" : 851968
- },
- {
- "start" : 269483520,
- "size" : 16
- }
- ],
- "key" : 5
- }
- },
- "wounding" :
- {
- },
- "boot_upgrade" :
- {
- "firmware": [
- {
- "boot_auth": [
- 3
- ],
- "id": 0,
- "launch": 1,
- "monotonic": 0,
- "smif_id": 0,
- "upgrade": false,
- "upgrade_auth": [
- 3
- ],
- "upgrade_keys": [
- { "kid": 3, "key": "./keys/MCUBOOT_CM0P_KEY.json" }
- ],
- "backup": false,
- "resources": [
- {
- "type": "FLASH_PC1_SPM",
- "address": 269287424,
- "size": 65536
- },
- {
- "type": "SRAM_SPM_PRIV",
- "address": 134348800,
- "size": 65536
- }
- ]
- },
- {
- "boot_auth": [
- 6
- ],
- "boot_keys": [
- { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" }
- ],
- "id": 1,
- "launch": 16,
- "monotonic": 0,
- "smif_id": 0,
- "version": "0.1",
- "rollback_counter": 0,
- "upgrade": false,
- "encrypt": false,
- "encrypt_key_id": 1,
- "upgrade_auth": [
- 6
- ],
- "upgrade_keys": [
- { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" }
- ],
- "backup": false,
- "resources": [
- {
- "type": "BOOT",
- "address": 268959744,
- "size": 327680
- },
- {
- "type": "UPGRADE",
- "address": 268730368,
- "size": 327680
- }
- ]
- },
- {
- "boot_auth": [
- 8
- ],
- "boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
- ],
- "id": 16,
- "monotonic": 0,
- "smif_id": 0,
- "version": "0.1",
- "rollback_counter": 0,
- "upgrade": false,
- "upgrade_auth": [
- 8
- ],
- "upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
- ],
- "backup": false,
- "resources": [
- {
- "type": "BOOT",
- "address": 268435456,
- "size": 163840
- },
- {
- "type": "UPGRADE",
- "address": 268730368,
- "size": 262144
- }
- ]
- }
- ],
- "reprogram": [
- {
- "size": 917504,
- "start": 268435456
- },
- {
- "size": 131072,
- "start": 268828672
- }
- ],
- "reprovision": {
- "boot_loader": false,
- "keys_and_policies": true
- },
- "title": "upgrade_policy"
- },
- "cy_bootloader":
- {
- "mode": "debug"
- }
-}
diff --git a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json
index d2cdadcfc0..e2515f16e6 100644
--- a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json
+++ b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json
@@ -1,162 +1,175 @@
-{
- "debug" :
- {
- "m0p" : {
- "permission" : "enabled",
- "control" : "firmware",
- "key" : 5
- },
- "m4" : {
- "permission" : "allowed",
- "control" : "firmware",
- "key" : 5
- },
- "system" : {
- "permission" : "enabled",
- "control" : "firmware",
- "key" : 5,
- "syscall": true,
- "mmio": true,
- "flash": true,
- "workflash": true,
- "sflash": true,
- "sram": true
- },
- "rma" : {
- "permission" : "allowed",
- "destroy_fuses" : [
- {
- "start" : 888,
- "size" : 136
- },
- {
- "start" : 648,
- "size" : 104
- }
- ],
- "destroy_flash" : [
- {
- "start" : 268435456,
- "size" : 851968
- },
- {
- "start" : 269483520,
- "size" : 16
- }
- ],
- "key" : 5
- }
- },
- "wounding" :
- {
- },
- "boot_upgrade" :
- {
- "title": "upgrade_policy",
- "firmware": [
- {
- "boot_auth": [
- 3
- ],
- "id": 0,
- "launch": 1,
- "monotonic": 0,
- "smif_id": 0,
- "upgrade": false,
- "upgrade_auth": [
- 3
- ],
- "resources": [
- {
- "type": "FLASH_PC1_SPM",
- "address": 270336000,
- "size": 65536
- },
- {
- "type": "SRAM_SPM_PRIV",
- "address": 135004160,
- "size": 262144
- },
- {
- "type": "SRAM_DAP",
- "address": 135184384,
- "size": 16384
- }
- ]
- },
- {
- "boot_auth": [
- 6
- ],
- "boot_keys": [
- { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" }
- ],
- "id": 1,
- "launch": 16,
- "monotonic": 0,
- "smif_id": 0,
- "version": "0.1",
- "rollback_counter": 0,
- "upgrade": true,
- "encrypt": false,
- "encrypt_key_id": 1,
- "upgrade_auth": [
- 6
- ],
- "upgrade_keys": [
- { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" }
- ],
- "backup": false,
- "resources": [
- {
- "type": "BOOT",
- "address": 268435456,
- "size": 327680
- },
- {
- "type": "UPGRADE",
- "address": 269942784,
- "size": 327680
- }
- ]
- },
- {
- "boot_auth": [
- 8
- ],
- "boot_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
- ],
- "id": 16,
- "monotonic": 0,
- "smif_id": 0,
- "version": "0.1",
- "rollback_counter": 0,
- "upgrade": false,
- "upgrade_auth": [
- 8
- ],
- "upgrade_keys": [
- { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
- ],
- "backup": false,
- "resources": [
- {
- "type": "BOOT",
- "address": 268763136,
- "size": 1179648
- }
- ]
- }
- ]
- },
- "cy_bootloader":
- {
- "mode": "debug"
- },
- "provisioning":
- {
- "packet_dir": "../packet",
- "chain_of_trust": []
- }
-}
+{
+ "debug" :
+ {
+ "m0p" : {
+ "permission" : "enabled",
+ "control" : "firmware",
+ "key" : 5
+ },
+ "m4" : {
+ "permission" : "allowed",
+ "control" : "firmware",
+ "key" : 5
+ },
+ "system" : {
+ "permission" : "enabled",
+ "control" : "firmware",
+ "key" : 5,
+ "syscall": true,
+ "mmio": true,
+ "flash": true,
+ "workflash": true,
+ "sflash": true,
+ "sram": true
+ },
+ "rma" : {
+ "permission" : "allowed",
+ "destroy_fuses" : [
+ {
+ "start" : 888,
+ "size" : 136
+ },
+ {
+ "start" : 648,
+ "size" : 104
+ }
+ ],
+ "destroy_flash" : [
+ {
+ "start" : 268435456,
+ "size" : 851968
+ },
+ {
+ "start" : 269483520,
+ "size" : 16
+ }
+ ],
+ "key" : 5
+ }
+ },
+ "wounding" :
+ {
+ },
+ "boot_upgrade" :
+ {
+ "title": "upgrade_policy",
+ "firmware": [
+ {
+ "boot_auth": [
+ 3
+ ],
+ "id": 0,
+ "launch": 1,
+ "monotonic": 0,
+ "smif_id": 0,
+ "upgrade": false,
+ "upgrade_auth": [
+ 3
+ ],
+ "resources": [
+ {
+ "type": "FLASH_PC1_SPM",
+ "address": 270336000,
+ "size": 65536
+ },
+ {
+ "type": "SRAM_SPM_PRIV",
+ "address": 135004160,
+ "size": 262144
+ },
+ {
+ "type": "SRAM_DAP",
+ "address": 135184384,
+ "size": 16384
+ }
+ ]
+ },
+ {
+ "boot_auth": [
+ 8
+ ],
+ "boot_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "id": 1,
+ "launch": 16,
+ "monotonic": 0,
+ "smif_id": 0,
+ "multi_image" : 1,
+ "upgrade": true,
+ "version": "0.1",
+ "rollback_counter": 0,
+ "encrypt": false,
+ "encrypt_key": "./keys/image-aes-128.key",
+ "encrypt_key_id": 1,
+ "encrypt_peer": "./keys/dev_pub_key.pem",
+ "upgrade_auth": [
+ 8
+ ],
+ "upgrade_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "backup": false,
+ "resources": [
+ {
+ "type": "BOOT",
+ "address": 268435456,
+ "size": 327680
+ },
+ {
+ "type": "UPGRADE",
+ "address": 269942784,
+ "size": 327680
+ }
+ ]
+ },
+ {
+ "boot_auth": [
+ 8
+ ],
+ "boot_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "id": 16,
+ "monotonic": 0,
+ "smif_id": 0,
+ "multi_image" : 2,
+ "upgrade": false,
+ "version": "0.1",
+ "rollback_counter": 0,
+ "encrypt": false,
+ "encrypt_key": "./keys/image-aes-128.key",
+ "encrypt_key_id": 1,
+ "encrypt_peer": "./keys/dev_pub_key.pem",
+ "upgrade_auth": [
+ 8
+ ],
+ "upgrade_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "backup": false,
+ "resources": [
+ {
+ "type": "BOOT",
+ "address": 268763136,
+ "size": 1179648
+ },
+ {
+ "type": "UPGRADE",
+ "address": 270307840,
+ "size": 28160
+ }
+ ]
+ }
+ ]
+ },
+ "cy_bootloader":
+ {
+ "mode": "debug"
+ },
+ "provisioning":
+ {
+ "packet_dir": "../packet",
+ "chain_of_trust": []
+ }
+}