aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJamie Fox <jamie.fox@arm.com>2018-10-24 14:09:34 +0100
committerJamie Fox <jamie.fox@arm.com>2018-12-06 10:20:24 +0000
commit287885f9515ae21cbbe3ad24984f3f22461f6f8b (patch)
tree67b2af2a6937e170b39e69da7e4bfa7d5a917ab6
parent30654e8253d8e729d51478aabb99f04da72555d2 (diff)
downloadtrusted-firmware-m-287885f9515ae21cbbe3ad24984f3f22461f6f8b.tar.gz
Build: Compile Mbed TLS as MinSizeRel by default
Changes the build system to compile Mbed TLS without debug symbols by default. It can still be built with debug symbols by adding -DMBEDTLS_DEBUG=ON to the CMake command. Most of the time TF-M developers do not need to debug Mbed TLS, and building it as "MinSizeRel" by default allows for smaller, faster binaries. It also eliminates the need for Musca-specific build settings to shrink the binary size. Change-Id: I4b691a50f63ddbb4707a196bf7950f8e7603a32c Signed-off-by: Jamie Fox <jamie.fox@arm.com>
-rw-r--r--BuildMbedtls.cmake11
-rw-r--r--CommonConfig.cmake9
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt11
-rwxr-xr-xdocs/user_guides/tfm_build_instruction.md8
-rw-r--r--secure_fw/services/audit_logging/CMakeLists.txt7
-rw-r--r--secure_fw/services/crypto/CMakeLists.txt7
-rw-r--r--secure_fw/services/secure_storage/CMakeLists.txt7
7 files changed, 16 insertions, 44 deletions
diff --git a/BuildMbedtls.cmake b/BuildMbedtls.cmake
index 89859207bc..d8411da20b 100644
--- a/BuildMbedtls.cmake
+++ b/BuildMbedtls.cmake
@@ -13,8 +13,8 @@ cmake_minimum_required(VERSION 3.7)
set (MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
#Check input variables
-if(NOT DEFINED MBEDTLS_BUILD_TYPE)
- message(FATAL_ERROR "Please set MBEDTLS_BUILD_TYPE to 'Debug' or 'Release' before including this file.")
+if(NOT DEFINED MBEDTLS_DEBUG)
+ message(FATAL_ERROR "Please set MBEDTLS_DEBUG to 'OFF' or 'ON' before including this file.")
endif()
if(NOT DEFINED MBEDTLS_SOURCE_DIR)
@@ -33,6 +33,12 @@ if(NOT DEFINED MBEDTLS_TARGET_NAME)
message(FATAL_ERROR "Please set MBEDTLS_TARGET_NAME before including this file.")
endif()
+if(MBEDTLS_DEBUG)
+ set(MBEDTLS_BUILD_TYPE "Debug")
+else()
+ set(MBEDTLS_BUILD_TYPE "MinSizeRel")
+endif()
+
#Based on preinclude input variables, decide if preinclude flags need to be appended
if((NOT DEFINED MBEDTLS_PREINCLUDE_PREFIX) OR (NOT DEFINED MBEDTLS_PREINCLUDE_HEADER))
message(STATUS "Building mbedTLS without pre-included headers and global symbols prefixing.")
@@ -72,6 +78,7 @@ externalproject_add(${MBEDTLS_TARGET_NAME}
CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER_ID:string=${CMAKE_C_COMPILER_ID}
CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS:string=${MBEDTLS_C_FLAGS}
CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_DEBUG:string=${CMAKE_C_FLAGS_DEBUG}
+ CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_MINSIZEREL:string=${CMAKE_C_FLAGS_MINSIZEREL}
CMAKE_CACHE_ARGS -DCMAKE_C_FLAGS_RELEASE:string=${CMAKE_C_FLAGS_RELEASE}
CMAKE_CACHE_ARGS -DCMAKE_C_OUTPUT_EXTENSION:string=.o
CMAKE_CACHE_ARGS -DCMAKE_C_COMPILER_WORKS:bool=true
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index d5f4ab19bc..964a51c849 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -230,14 +230,7 @@ if (NOT DEFINED ENABLE_SECURE_STORAGE)
endif()
if (NOT DEFINED MBEDTLS_DEBUG)
- if (${COMPILER} STREQUAL "GNUARM" AND ${TARGET_PLATFORM} MATCHES "MUSCA_A|MUSCA_B1" AND BL2)
- #The size of the MCUboot binary compiled with GCC exceeds the size limit on
- #Musca-A/B1. By turning off the mbed TLS debug build is a good way to go below
- #that limit, while it is still possible to debug TFM/bootloader code.
- set (MBEDTLS_DEBUG OFF)
- else ()
- set (MBEDTLS_DEBUG ON)
- endif ()
+ set(MBEDTLS_DEBUG OFF)
endif()
##Set mbedTLS compiler flags for BL2 bootloader
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index d488825b27..a8c544031e 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -26,10 +26,6 @@ elseif(NOT BL2)
return()
endif()
-if (NOT DEFINED MBEDTLS_DEBUG)
- message(FATAL_ERROR "Incomplete build configuration: MBEDTLS_DEBUG is undefined.")
-endif()
-
if (NOT DEFINED MBEDTLS_C_FLAGS_BL2)
message(FATAL_ERROR "Incomplete build configuration: MBEDTLS_C_FLAGS_BL2 is undefined.")
endif()
@@ -78,13 +74,6 @@ endif()
set (MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
set (MBEDTLS_INSTALL_DIR ${MBEDTLS_BINARY_DIR}/mbedtls_install)
-#Set build type for mbedtls libraries
-if (MBEDTLS_DEBUG)
- set(MBEDTLS_BUILD_TYPE "Debug")
-else()
- set(MBEDTLS_BUILD_TYPE "Release")
-endif()
-
#Build mbedtls as external project.
#This ensures mbedtls is built with exactly defined settings.
#mbedtls will be used from is't install location
diff --git a/docs/user_guides/tfm_build_instruction.md b/docs/user_guides/tfm_build_instruction.md
index 9f9976495a..2ed3ad85d9 100755
--- a/docs/user_guides/tfm_build_instruction.md
+++ b/docs/user_guides/tfm_build_instruction.md
@@ -7,11 +7,15 @@ Please make sure you have all required software installed as explained in the
TF-M uses [cmake](https://cmake.org/overview/) to provide an out-of-tree build
environment. The instructions are below.
-*Note* In the cmake configuration step, to enable debug symbols, the following
+*Note:* In the cmake configuration step, to enable debug symbols, the following
option should be added:
-
`-DCMAKE_BUILD_TYPE=Debug`
+*Note:* `-DCMAKE_BUILD_TYPE=Debug` only enables debug symbols for TF-M code. To
+enable debug symbols for the Mbed TLS library, add the following option to the
+CMake command:
+`-DMBEDTLS_DEBUG=ON`
+
### External dependency
* CMSIS_5 is used to import RTX for the example non-secure app
* mbedtls is used as crypto library on the secure side
diff --git a/secure_fw/services/audit_logging/CMakeLists.txt b/secure_fw/services/audit_logging/CMakeLists.txt
index b7849c7632..c906a2aefd 100644
--- a/secure_fw/services/audit_logging/CMakeLists.txt
+++ b/secure_fw/services/audit_logging/CMakeLists.txt
@@ -38,13 +38,6 @@ if (NOT DEFINED TFM_LVL)
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
-#Set build type for mbedtls libraries
-if (MBEDTLS_DEBUG)
- set(MBEDTLS_BUILD_TYPE "Debug")
-else()
- set(MBEDTLS_BUILD_TYPE "Release")
-endif()
-
#Set preinclude header options for mbedtls
set(MBEDTLS_PREINCLUDE_PREFIX __tfm_audit__)
set(MBEDTLS_PREINCLUDE_HEADER ${AUDIT_LOGGING_DIR}/mbedtls_global_symbols.h)
diff --git a/secure_fw/services/crypto/CMakeLists.txt b/secure_fw/services/crypto/CMakeLists.txt
index 8d42a5d86c..e004836743 100644
--- a/secure_fw/services/crypto/CMakeLists.txt
+++ b/secure_fw/services/crypto/CMakeLists.txt
@@ -41,13 +41,6 @@ else()
set (TFM_LVL 1)
endif()
-#Set build type for mbed TLS libraries
-if (MBEDTLS_DEBUG)
- set(MBEDTLS_BUILD_TYPE "Debug")
-else()
- set(MBEDTLS_BUILD_TYPE "Release")
-endif()
-
#Set preinclude header options for mbed TLS
set(MBEDTLS_PREINCLUDE_PREFIX __tfm_crypto__)
set(MBEDTLS_PREINCLUDE_HEADER ${CRYPTO_DIR}/mbedtls_global_symbols.h)
diff --git a/secure_fw/services/secure_storage/CMakeLists.txt b/secure_fw/services/secure_storage/CMakeLists.txt
index 21d3f53b9a..dd963c72a4 100644
--- a/secure_fw/services/secure_storage/CMakeLists.txt
+++ b/secure_fw/services/secure_storage/CMakeLists.txt
@@ -38,13 +38,6 @@ if (NOT DEFINED TFM_LVL)
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
-#Set build type for mbedtls libraries
-if (MBEDTLS_DEBUG)
- set(MBEDTLS_BUILD_TYPE "Debug")
-else()
- set(MBEDTLS_BUILD_TYPE "Release")
-endif()
-
#Set preinclude header options for mbedtls
set(MBEDTLS_PREINCLUDE_PREFIX __tfm_storage__)
set(MBEDTLS_PREINCLUDE_HEADER ${SECURE_STORAGE_DIR}/crypto/mbedtls_global_symbols.h)