aboutsummaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorshejia01 <jianliang.shen@arm.com>2021-07-07 10:49:09 +0800
committerDavid Hu <david.hu@arm.com>2021-09-16 05:23:10 +0200
commit8444011d03733e0855d36d1c59d68c2159cb1b0a (patch)
tree61cfa512206648a6b143d587d2bb581a2cdad630 /config
parent8482a05395328c4433a702958300b6e736b2ce32 (diff)
downloadtrusted-firmware-m-8444011d03733e0855d36d1c59d68c2159cb1b0a.tar.gz
Build: Move MCUboot configs to bl2 specific config file
Move MCUboot configurations to bl2 path to clean config_default. Signed-off-by: Jianliang Shen <jianliang.shen@arm.com> Change-Id: I09ffbb800d6e5957032b04e6f6034c897160f6af
Diffstat (limited to 'config')
-rw-r--r--config/check_config.cmake2
-rw-r--r--config/config_default.cmake39
-rw-r--r--config/set_config.cmake5
3 files changed, 6 insertions, 40 deletions
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 42042009dc..2ac6380fd6 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -52,7 +52,7 @@ tfm_invalid_config(CRYPTO_HW_ACCELERATOR_OTP_STATE AND NOT (CRYPTO_HW_ACCELERATO
########################## BL2 #################################################
get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
-tfm_invalid_config(NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST)
+tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST))
####################### Code sharing ###########################################
diff --git a/config/config_default.cmake b/config/config_default.cmake
index b21f938fbb..09db32e52f 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -46,41 +46,6 @@ set(TFM_PXN_ENABLE OFF CACHE BOOL "Use Privile
set(TFM_EXCEPTION_INFO_DUMP OFF CACHE BOOL "On fatal errors in the secure firmware, capture info about the exception. Print the info if the SPM log level is sufficient.")
-########################## BL2 #################################################
-
-set(DEFAULT_MCUBOOT_SECURITY_COUNTERS ON CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
-set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project")
-
-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
-set(MCUBOOT_EXECUTION_SLOT 1 CACHE STRING "Slot from which to execute the image, used for XIP mode")
-set(MCUBOOT_LOG_LEVEL "INFO" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
-set(MCUBOOT_HW_KEY ON CACHE BOOL "Whether to embed the entire public key in the image metadata instead of the hash only")
-set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Upgrade strategy for images")
-set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode")
-set(MCUBOOT_MEASURED_BOOT ON CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token")
-set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters")
-set(MCUBOOT_ENC_IMAGES OFF CACHE BOOL "Enable encrypted image upgrade support")
-set(MCUBOOT_ENCRYPT_RSA OFF CACHE BOOL "Use RSA for encrypted image upgrade support")
-set(MCUBOOT_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
-
-# Note - If either SIGNATURE_TYPE or KEY_LEN are changed, the entries for KEY_S
-# and KEY_NS will either have to be updated manually or removed from the cache.
-# `cmake .. -UMCUBOOT_KEY_S -UMCUBOOT_KEY_NS`. Once removed from the cache it
-# will be set to default again.
-set(MCUBOOT_SIGNATURE_TYPE "RSA" CACHE STRING "Algorithm to use for signature validation")
-set(MCUBOOT_SIGNATURE_KEY_LEN 3072 CACHE STRING "Key length to use for signature validation")
-set(MCUBOOT_KEY_S "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}.pem" CACHE FILEPATH "Path to key with which to sign secure binary")
-set(MCUBOOT_KEY_NS "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}_1.pem" CACHE FILEPATH "Path to key with which to sign non-secure binary")
-
-set(MCUBOOT_IMAGE_VERSION_S ${TFM_VERSION} CACHE STRING "Version number of S image")
-set(MCUBOOT_IMAGE_VERSION_NS 0.0.0 CACHE STRING "Version number of NS image")
-set(MCUBOOT_SECURITY_COUNTER_S "auto" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S")
-set(MCUBOOT_SECURITY_COUNTER_NS "auto" CACHE STRING "Security counter for NS image. auto sets it to IMAGE_VERSION_NS")
-set(MCUBOOT_S_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of secure image required by the non-secure image for upgrade to this non-secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
-set(MCUBOOT_NS_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of non-secure image required by the secure image for upgrade to this secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
-
-set(MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h" CACHE FILEPATH "Mbedtls config file to use with MCUboot")
-
############################ Platform ##########################################
set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Whether to build for a dual-cpu architecture")
@@ -170,10 +135,6 @@ set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version
# Specifying the accepted values for certain configuration options to facilitate
# their later validation.
-########################## BL2 #################################################
-
-set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWAP;DIRECT_XIP;RAM_LOAD")
-
########################## FIH #################################################
set_property(CACHE TFM_FIH_PROFILE PROPERTY STRINGS "OFF;LOW;MEDIUM;HIGH")
diff --git a/config/set_config.cmake b/config/set_config.cmake
index 63a7bc76ac..9cb3cff465 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -50,6 +50,11 @@ endif()
# Load defaults, setting options not already set
include(config/config_default.cmake)
+# Load MCUboot specific default.cmake
+if (BL2)
+ include(${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/mcuboot_default_config.cmake)
+endif()
+
# Fetch tf-m-tests repo during config, if NS or regression test is required.
# Therefore tf-m-tests configs can be set with TF-M configs since their configs
# are coupled.