diff options
author | shejia01 <jianliang.shen@arm.com> | 2021-07-07 10:49:09 +0800 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-09-16 05:23:10 +0200 |
commit | 8444011d03733e0855d36d1c59d68c2159cb1b0a (patch) | |
tree | 61cfa512206648a6b143d587d2bb581a2cdad630 /config | |
parent | 8482a05395328c4433a702958300b6e736b2ce32 (diff) | |
download | trusted-firmware-m-8444011d03733e0855d36d1c59d68c2159cb1b0a.tar.gz |
Build: Move MCUboot configs to bl2 specific config file
Move MCUboot configurations to bl2 path to clean config_default.
Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
Change-Id: I09ffbb800d6e5957032b04e6f6034c897160f6af
Diffstat (limited to 'config')
-rw-r--r-- | config/check_config.cmake | 2 | ||||
-rw-r--r-- | config/config_default.cmake | 39 | ||||
-rw-r--r-- | config/set_config.cmake | 5 |
3 files changed, 6 insertions, 40 deletions
diff --git a/config/check_config.cmake b/config/check_config.cmake index 42042009dc..2ac6380fd6 100644 --- a/config/check_config.cmake +++ b/config/check_config.cmake @@ -52,7 +52,7 @@ tfm_invalid_config(CRYPTO_HW_ACCELERATOR_OTP_STATE AND NOT (CRYPTO_HW_ACCELERATO ########################## BL2 ################################################# get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS) -tfm_invalid_config(NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST) +tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST)) ####################### Code sharing ########################################### diff --git a/config/config_default.cmake b/config/config_default.cmake index b21f938fbb..09db32e52f 100644 --- a/config/config_default.cmake +++ b/config/config_default.cmake @@ -46,41 +46,6 @@ set(TFM_PXN_ENABLE OFF CACHE BOOL "Use Privile set(TFM_EXCEPTION_INFO_DUMP OFF CACHE BOOL "On fatal errors in the secure firmware, capture info about the exception. Print the info if the SPM log level is sufficient.") -########################## BL2 ################################################# - -set(DEFAULT_MCUBOOT_SECURITY_COUNTERS ON CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project") -set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project") - -set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately") -set(MCUBOOT_EXECUTION_SLOT 1 CACHE STRING "Slot from which to execute the image, used for XIP mode") -set(MCUBOOT_LOG_LEVEL "INFO" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]") -set(MCUBOOT_HW_KEY ON CACHE BOOL "Whether to embed the entire public key in the image metadata instead of the hash only") -set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Upgrade strategy for images") -set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode") -set(MCUBOOT_MEASURED_BOOT ON CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token") -set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters") -set(MCUBOOT_ENC_IMAGES OFF CACHE BOOL "Enable encrypted image upgrade support") -set(MCUBOOT_ENCRYPT_RSA OFF CACHE BOOL "Use RSA for encrypted image upgrade support") -set(MCUBOOT_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]") - -# Note - If either SIGNATURE_TYPE or KEY_LEN are changed, the entries for KEY_S -# and KEY_NS will either have to be updated manually or removed from the cache. -# `cmake .. -UMCUBOOT_KEY_S -UMCUBOOT_KEY_NS`. Once removed from the cache it -# will be set to default again. -set(MCUBOOT_SIGNATURE_TYPE "RSA" CACHE STRING "Algorithm to use for signature validation") -set(MCUBOOT_SIGNATURE_KEY_LEN 3072 CACHE STRING "Key length to use for signature validation") -set(MCUBOOT_KEY_S "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}.pem" CACHE FILEPATH "Path to key with which to sign secure binary") -set(MCUBOOT_KEY_NS "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}_1.pem" CACHE FILEPATH "Path to key with which to sign non-secure binary") - -set(MCUBOOT_IMAGE_VERSION_S ${TFM_VERSION} CACHE STRING "Version number of S image") -set(MCUBOOT_IMAGE_VERSION_NS 0.0.0 CACHE STRING "Version number of NS image") -set(MCUBOOT_SECURITY_COUNTER_S "auto" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S") -set(MCUBOOT_SECURITY_COUNTER_NS "auto" CACHE STRING "Security counter for NS image. auto sets it to IMAGE_VERSION_NS") -set(MCUBOOT_S_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of secure image required by the non-secure image for upgrade to this non-secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect") -set(MCUBOOT_NS_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of non-secure image required by the secure image for upgrade to this secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect") - -set(MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h" CACHE FILEPATH "Mbedtls config file to use with MCUboot") - ############################ Platform ########################################## set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Whether to build for a dual-cpu architecture") @@ -170,10 +135,6 @@ set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version # Specifying the accepted values for certain configuration options to facilitate # their later validation. -########################## BL2 ################################################# - -set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWAP;DIRECT_XIP;RAM_LOAD") - ########################## FIH ################################################# set_property(CACHE TFM_FIH_PROFILE PROPERTY STRINGS "OFF;LOW;MEDIUM;HIGH") diff --git a/config/set_config.cmake b/config/set_config.cmake index 63a7bc76ac..9cb3cff465 100644 --- a/config/set_config.cmake +++ b/config/set_config.cmake @@ -50,6 +50,11 @@ endif() # Load defaults, setting options not already set include(config/config_default.cmake) +# Load MCUboot specific default.cmake +if (BL2) + include(${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/mcuboot_default_config.cmake) +endif() + # Fetch tf-m-tests repo during config, if NS or regression test is required. # Therefore tf-m-tests configs can be set with TF-M configs since their configs # are coupled. |