aboutsummaryrefslogtreecommitdiff
path: root/bl2
diff options
context:
space:
mode:
authorMark Horvath <mark.horvath@arm.com>2020-09-09 10:48:22 +0200
committerSoby Mathew <soby.mathew@arm.com>2020-12-10 10:54:43 +0000
commitb9ac0d5b7be394c93bad5eaa6c1cbb1c5580685d (patch)
tree5027cecf4e625eb2c0f7dc5cbfeb55a0b6028549 /bl2
parent652b900e885759d3c2d835e8882187ef450138e5 (diff)
downloadtrusted-firmware-m-b9ac0d5b7be394c93bad5eaa6c1cbb1c5580685d.tar.gz
Platform: Add support to forward PSA msg in Musca-B1
PSA RoT messages can be forwarded from the SSE-200 subsystem to the Secure Enclave in Musca-B1. Change-Id: Iab2c525cf41eae34585fb16a4b9bab941e6c7587 Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com> Signed-off-by: Mark Horvath <mark.horvath@arm.com>
Diffstat (limited to 'bl2')
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt5
1 files changed, 4 insertions, 1 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index d113a92de..c8dd0a385 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -197,10 +197,13 @@ if(NS)
DEPENDS tfm_s_ns_bin tfm_s_ns.bin
DEPENDS signing_layout_s
+ # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
+ # In such a configuration there is a subsystem with higher privileges controlling the
+ # the boot process and current implementation requires to use the non-secure key here.
COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
-v ${MCUBOOT_IMAGE_VERSION_S}
--layout $<TARGET_OBJECTS:signing_layout_s>
- -k ${MCUBOOT_KEY_S}
+ -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
--align 1
--pad