diff options
-rw-r--r-- | platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst | 17 | ||||
-rw-r--r-- | platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json | 175 | ||||
-rw-r--r-- | platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json (renamed from platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json) | 337 |
3 files changed, 185 insertions, 344 deletions
diff --git a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst index 783b2a6980..91203ea662 100644 --- a/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst +++ b/platform/ext/target/cypress/psoc64/cypress_psoc64_spec.rst @@ -9,6 +9,9 @@ Prerequisites PSoC64 must first be provisioned with SecureBoot firmware and a provisioning packet containing policy and secure keys. Please refer to the guide at https://www.cypress.com/documentation/software-and-drivers/psoc-64-secure-mcu-secure-boot-sdk-user-guide +Use the following policy file for provisioning and signing: +policy_multi_img_CM0p_CM4_debug_2M.json + Please make sure you have all required software installed as explained in the :doc:`software requirements </docs/user_guides/tfm_sw_requirement>`. @@ -284,8 +287,8 @@ Sign the images (sign.py overwrites unsigned files with signed ones): .. code-block:: bash ./platform/ext/target/cypress/psoc64/security/sign.py \ - -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \ - -d cy8cproto-064s2-sb \ + -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \ + -d cy8ckit-064b0s2-4343w \ -s <build folder>/tfm_s.hex \ -n <build folder>/tfm_ns.hex @@ -294,15 +297,15 @@ Note: each image can be signed individually, for example: .. code-block:: bash ./platform/ext/target/cypress/psoc64/security/sign.py \ - -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \ - -d cy8cproto-064s2-sb \ + -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \ + -d cy8ckit-064b0s2-4343w \ -n <build folder>/tfm_ns.hex .. code-block:: bash ./platform/ext/target/cypress/psoc64/security/sign.py \ - -p platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json \ - -d cy8cproto-064s2-sb \ + -p platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json \ + -d cy8ckit-064b0s2-4343w \ -s <build folder>/tfm_s.hex ********************** @@ -378,4 +381,4 @@ so be sure to change it if you change that file. *Copyright (c) 2017-2019, Arm Limited. All rights reserved.* -*Copyright (c) 2019, Cypress Semiconductor Corporation. All rights reserved.* +*Copyright (c) 2019-2020, Cypress Semiconductor Corporation. All rights reserved.* diff --git a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json b/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json deleted file mode 100644 index 71c539ddc6..0000000000 --- a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4.json +++ /dev/null @@ -1,175 +0,0 @@ -{ - "debug" : - { - "m0p" : { - "permission" : "enabled", - "control" : "firmware", - "key" : 5 - }, - "m4" : { - "permission" : "allowed", - "control" : "firmware", - "key" : 5 - }, - "system" : { - "permission" : "enabled", - "control" : "firmware", - "key" : 5, - "syscall": true, - "mmio": true, - "flash": true, - "workflash": true, - "sflash": true, - "sram": true - }, - "rma" : { - "permission" : "allowed", - "destroy_fuses" : [ - { - "start" : 888, - "size" : 136 - }, - { - "start" : 648, - "size" : 104 - } - ], - "destroy_flash" : [ - { - "start" : 268435456, - "size" : 851968 - }, - { - "start" : 269483520, - "size" : 16 - } - ], - "key" : 5 - } - }, - "wounding" : - { - }, - "boot_upgrade" : - { - "firmware": [ - { - "boot_auth": [ - 3 - ], - "id": 0, - "launch": 1, - "monotonic": 0, - "smif_id": 0, - "upgrade": false, - "upgrade_auth": [ - 3 - ], - "upgrade_keys": [ - { "kid": 3, "key": "./keys/MCUBOOT_CM0P_KEY.json" } - ], - "backup": false, - "resources": [ - { - "type": "FLASH_PC1_SPM", - "address": 269287424, - "size": 65536 - }, - { - "type": "SRAM_SPM_PRIV", - "address": 134348800, - "size": 65536 - } - ] - }, - { - "boot_auth": [ - 6 - ], - "boot_keys": [ - { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" } - ], - "id": 1, - "launch": 16, - "monotonic": 0, - "smif_id": 0, - "version": "0.1", - "rollback_counter": 0, - "upgrade": false, - "encrypt": false, - "encrypt_key_id": 1, - "upgrade_auth": [ - 6 - ], - "upgrade_keys": [ - { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" } - ], - "backup": false, - "resources": [ - { - "type": "BOOT", - "address": 268959744, - "size": 327680 - }, - { - "type": "UPGRADE", - "address": 268730368, - "size": 327680 - } - ] - }, - { - "boot_auth": [ - 8 - ], - "boot_keys": [ - { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" } - ], - "id": 16, - "monotonic": 0, - "smif_id": 0, - "version": "0.1", - "rollback_counter": 0, - "upgrade": false, - "upgrade_auth": [ - 8 - ], - "upgrade_keys": [ - { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" } - ], - "backup": false, - "resources": [ - { - "type": "BOOT", - "address": 268435456, - "size": 163840 - }, - { - "type": "UPGRADE", - "address": 268730368, - "size": 262144 - } - ] - } - ], - "reprogram": [ - { - "size": 917504, - "start": 268435456 - }, - { - "size": 131072, - "start": 268828672 - } - ], - "reprovision": { - "boot_loader": false, - "keys_and_policies": true - }, - "title": "upgrade_policy" - }, - "cy_bootloader": - { - "mode": "debug" - } -} diff --git a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json index d2cdadcfc0..e2515f16e6 100644 --- a/platform/ext/target/cypress/psoc64/security/policy_dual_stage_CM0p_CM4_debug_2M.json +++ b/platform/ext/target/cypress/psoc64/security/policy_multi_img_CM0p_CM4_debug_2M.json @@ -1,162 +1,175 @@ -{ - "debug" : - { - "m0p" : { - "permission" : "enabled", - "control" : "firmware", - "key" : 5 - }, - "m4" : { - "permission" : "allowed", - "control" : "firmware", - "key" : 5 - }, - "system" : { - "permission" : "enabled", - "control" : "firmware", - "key" : 5, - "syscall": true, - "mmio": true, - "flash": true, - "workflash": true, - "sflash": true, - "sram": true - }, - "rma" : { - "permission" : "allowed", - "destroy_fuses" : [ - { - "start" : 888, - "size" : 136 - }, - { - "start" : 648, - "size" : 104 - } - ], - "destroy_flash" : [ - { - "start" : 268435456, - "size" : 851968 - }, - { - "start" : 269483520, - "size" : 16 - } - ], - "key" : 5 - } - }, - "wounding" : - { - }, - "boot_upgrade" : - { - "title": "upgrade_policy", - "firmware": [ - { - "boot_auth": [ - 3 - ], - "id": 0, - "launch": 1, - "monotonic": 0, - "smif_id": 0, - "upgrade": false, - "upgrade_auth": [ - 3 - ], - "resources": [ - { - "type": "FLASH_PC1_SPM", - "address": 270336000, - "size": 65536 - }, - { - "type": "SRAM_SPM_PRIV", - "address": 135004160, - "size": 262144 - }, - { - "type": "SRAM_DAP", - "address": 135184384, - "size": 16384 - } - ] - }, - { - "boot_auth": [ - 6 - ], - "boot_keys": [ - { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" } - ], - "id": 1, - "launch": 16, - "monotonic": 0, - "smif_id": 0, - "version": "0.1", - "rollback_counter": 0, - "upgrade": true, - "encrypt": false, - "encrypt_key_id": 1, - "upgrade_auth": [ - 6 - ], - "upgrade_keys": [ - { "kid": 6, "key": "./keys/MCUBOOT_CM0P_KEY.json" } - ], - "backup": false, - "resources": [ - { - "type": "BOOT", - "address": 268435456, - "size": 327680 - }, - { - "type": "UPGRADE", - "address": 269942784, - "size": 327680 - } - ] - }, - { - "boot_auth": [ - 8 - ], - "boot_keys": [ - { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" } - ], - "id": 16, - "monotonic": 0, - "smif_id": 0, - "version": "0.1", - "rollback_counter": 0, - "upgrade": false, - "upgrade_auth": [ - 8 - ], - "upgrade_keys": [ - { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" } - ], - "backup": false, - "resources": [ - { - "type": "BOOT", - "address": 268763136, - "size": 1179648 - } - ] - } - ] - }, - "cy_bootloader": - { - "mode": "debug" - }, - "provisioning": - { - "packet_dir": "../packet", - "chain_of_trust": [] - } -} +{
+ "debug" :
+ {
+ "m0p" : {
+ "permission" : "enabled",
+ "control" : "firmware",
+ "key" : 5
+ },
+ "m4" : {
+ "permission" : "allowed",
+ "control" : "firmware",
+ "key" : 5
+ },
+ "system" : {
+ "permission" : "enabled",
+ "control" : "firmware",
+ "key" : 5,
+ "syscall": true,
+ "mmio": true,
+ "flash": true,
+ "workflash": true,
+ "sflash": true,
+ "sram": true
+ },
+ "rma" : {
+ "permission" : "allowed",
+ "destroy_fuses" : [
+ {
+ "start" : 888,
+ "size" : 136
+ },
+ {
+ "start" : 648,
+ "size" : 104
+ }
+ ],
+ "destroy_flash" : [
+ {
+ "start" : 268435456,
+ "size" : 851968
+ },
+ {
+ "start" : 269483520,
+ "size" : 16
+ }
+ ],
+ "key" : 5
+ }
+ },
+ "wounding" :
+ {
+ },
+ "boot_upgrade" :
+ {
+ "title": "upgrade_policy",
+ "firmware": [
+ {
+ "boot_auth": [
+ 3
+ ],
+ "id": 0,
+ "launch": 1,
+ "monotonic": 0,
+ "smif_id": 0,
+ "upgrade": false,
+ "upgrade_auth": [
+ 3
+ ],
+ "resources": [
+ {
+ "type": "FLASH_PC1_SPM",
+ "address": 270336000,
+ "size": 65536
+ },
+ {
+ "type": "SRAM_SPM_PRIV",
+ "address": 135004160,
+ "size": 262144
+ },
+ {
+ "type": "SRAM_DAP",
+ "address": 135184384,
+ "size": 16384
+ }
+ ]
+ },
+ {
+ "boot_auth": [
+ 8
+ ],
+ "boot_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "id": 1,
+ "launch": 16,
+ "monotonic": 0,
+ "smif_id": 0,
+ "multi_image" : 1,
+ "upgrade": true,
+ "version": "0.1",
+ "rollback_counter": 0,
+ "encrypt": false,
+ "encrypt_key": "./keys/image-aes-128.key",
+ "encrypt_key_id": 1,
+ "encrypt_peer": "./keys/dev_pub_key.pem",
+ "upgrade_auth": [
+ 8
+ ],
+ "upgrade_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "backup": false,
+ "resources": [
+ {
+ "type": "BOOT",
+ "address": 268435456,
+ "size": 327680
+ },
+ {
+ "type": "UPGRADE",
+ "address": 269942784,
+ "size": 327680
+ }
+ ]
+ },
+ {
+ "boot_auth": [
+ 8
+ ],
+ "boot_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "id": 16,
+ "monotonic": 0,
+ "smif_id": 0,
+ "multi_image" : 2,
+ "upgrade": false,
+ "version": "0.1",
+ "rollback_counter": 0,
+ "encrypt": false,
+ "encrypt_key": "./keys/image-aes-128.key",
+ "encrypt_key_id": 1,
+ "encrypt_peer": "./keys/dev_pub_key.pem",
+ "upgrade_auth": [
+ 8
+ ],
+ "upgrade_keys": [
+ { "kid": 8, "key": "./keys/USERAPP_CM4_KEY.json" }
+ ],
+ "backup": false,
+ "resources": [
+ {
+ "type": "BOOT",
+ "address": 268763136,
+ "size": 1179648
+ },
+ {
+ "type": "UPGRADE",
+ "address": 270307840,
+ "size": 28160
+ }
+ ]
+ }
+ ]
+ },
+ "cy_bootloader":
+ {
+ "mode": "debug"
+ },
+ "provisioning":
+ {
+ "packet_dir": "../packet",
+ "chain_of_trust": []
+ }
+}
|