diff options
Diffstat (limited to 'secure_fw/partitions/crypto/CMakeLists.txt')
-rw-r--r-- | secure_fw/partitions/crypto/CMakeLists.txt | 183 |
1 files changed, 112 insertions, 71 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt index a99b685905..032a404ae0 100644 --- a/secure_fw/partitions/crypto/CMakeLists.txt +++ b/secure_fw/partitions/crypto/CMakeLists.txt @@ -1,5 +1,5 @@ #------------------------------------------------------------------------------- -# Copyright (c) 2020-2021, Arm Limited. All rights reserved. +# Copyright (c) 2020-2023, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -9,11 +9,14 @@ if (NOT TFM_PARTITION_CRYPTO) return() endif() -cmake_minimum_required(VERSION 3.15) -cmake_policy(SET CMP0079 NEW) +find_package(Python3) + +cmake_minimum_required(VERSION 3.21) add_library(tfm_psa_rot_partition_crypto STATIC) +add_dependencies(tfm_psa_rot_partition_crypto manifest_tool) + target_sources(tfm_psa_rot_partition_crypto PRIVATE crypto_init.c @@ -21,98 +24,75 @@ target_sources(tfm_psa_rot_partition_crypto crypto_cipher.c crypto_hash.c crypto_mac.c - crypto_key.c crypto_aead.c crypto_asymmetric.c crypto_key_derivation.c + crypto_key_management.c + crypto_rng.c + crypto_library.c + $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:psa_driver_api/tfm_builtin_key_loader.c> ) # The generated sources target_sources(tfm_psa_rot_partition_crypto PRIVATE - $<$<BOOL:${TFM_PSA_API}>: - ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c> + ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c +) +target_sources(tfm_partitions + INTERFACE + ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c ) +# Set include directory target_include_directories(tfm_psa_rot_partition_crypto PRIVATE $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}> ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto ) +target_include_directories(tfm_partitions + INTERFACE + ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto +) # Linking to external interfaces target_link_libraries(tfm_psa_rot_partition_crypto PRIVATE - tfm_secure_api platform_s crypto_service_mbedcrypto - psa_interface + tfm_config tfm_sprt ) target_compile_definitions(tfm_psa_rot_partition_crypto PUBLIC - $<$<BOOL:${CRYPTO_KEY_MODULE_DISABLED}>:TFM_CRYPTO_KEY_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_AEAD_MODULE_DISABLED}>:TFM_CRYPTO_AEAD_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_MAC_MODULE_DISABLED}>:TFM_CRYPTO_MAC_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_CIPHER_MODULE_DISABLED}>:TFM_CRYPTO_CIPHER_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_HASH_MODULE_DISABLED}>:TFM_CRYPTO_HASH_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_GENERATOR_MODULE_DISABLED}>:TFM_CRYPTO_GENERATOR_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_ASYMMETRIC_MODULE_DISABLED}>:TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED> - $<$<BOOL:${CRYPTO_KEY_DERIVATION_MODULE_DISABLED}>:TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED> + MBEDTLS_PSA_CRYPTO_DRIVERS + $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY> PRIVATE - $<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}> - $<$<BOOL:${CRYPTO_CONC_OPER_NUM}>:TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM}> - $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${CRYPTO_IOVEC_BUFFER_SIZE}>>:TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE}> -) - -################ Display the configuration being applied ####################### - -message(STATUS "---------- Display crypto configuration - start --------------") - -message(STATUS "CRYPTO_KEY_MODULE_DISABLED is set to ${CRYPTO_KEY_MODULE_DISABLED}") -message(STATUS "CRYPTO_AEAD_MODULE_DISABLED is set to ${CRYPTO_AEAD_MODULE_DISABLED}") -message(STATUS "CRYPTO_MAC_MODULE_DISABLED is set to ${CRYPTO_MAC_MODULE_DISABLED}") -message(STATUS "CRYPTO_CIPHER_MODULE_DISABLED is set to ${CRYPTO_CIPHER_MODULE_DISABLED}") -message(STATUS "CRYPTO_HASH_MODULE_DISABLED is set to ${CRYPTO_HASH_MODULE_DISABLED}") -message(STATUS "CRYPTO_GENERATOR_MODULE_DISABLED is set to ${CRYPTO_GENERATOR_MODULE_DISABLED}") -message(STATUS "CRYPTO_ASYMMETRIC_MODULE_DISABLED is set to ${CRYPTO_ASYMMETRIC_MODULE_DISABLED}") -message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}") -message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}") -if (${TFM_PSA_API}) - message(STATUS "CRYPTO_IOVEC_BUFFER_SIZE is set to ${CRYPTO_IOVEC_BUFFER_SIZE}") -endif() -message(STATUS "---------- Display crypto configuration - stop ---------------") - -############################ Secure API ######################################## - -target_sources(tfm_sprt - PRIVATE - ${CMAKE_CURRENT_SOURCE_DIR}/tfm_crypto_secure_api.c + $<$<STREQUAL:${CRYPTO_HW_ACCELERATOR_TYPE},cc312>:CRYPTO_HW_ACCELERATOR_CC312> + MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER ) -# The veneers give warnings about not being properly declared so they get hidden -# to not overshadow _real_ warnings. -set_source_files_properties(tfm_crypto_secure_api.c - PROPERTIES - COMPILE_FLAGS -Wno-implicit-function-declaration -) +############################ Partition Defs #################################### -# Pick up configuration definitions -target_link_libraries(tfm_secure_api +target_link_libraries(tfm_partitions INTERFACE tfm_psa_rot_partition_crypto ) -############################ Partition Defs #################################### +target_compile_definitions(tfm_config + INTERFACE + TFM_PARTITION_CRYPTO +) -target_link_libraries(tfm_partitions +target_link_libraries(tfm_config INTERFACE - tfm_psa_rot_partition_crypto + psa_crypto_config ) -target_compile_definitions(tfm_partition_defs +############################### PSA CRYPTO CONFIG ############################## +add_library(psa_crypto_config INTERFACE) +target_compile_definitions(psa_crypto_config INTERFACE - TFM_PARTITION_CRYPTO + MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" ) ############################### MBEDCRYPTO ##################################### @@ -125,9 +105,18 @@ target_compile_definitions(crypto_service_mbedcrypto_config $<$<BOOL:${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}>:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> PSA_CRYPTO_SECURE # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077 - $<$<OR:$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7> + $<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7> + $<$<BOOL:${PLATFORM_DEFAULT_NV_SEED}>:PLATFORM_DEFAULT_NV_SEED> + $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS> + MBEDTLS_PSA_CRYPTO_DRIVERS + $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER> +) + +target_link_libraries(crypto_service_mbedcrypto_config + INTERFACE + tfm_config + psa_crypto_config ) -cmake_policy(SET CMP0079 NEW) set(CMAKE_POLICY_DEFAULT_CMP0077 NEW) set(CMAKE_POLICY_DEFAULT_CMP0048 NEW) @@ -137,12 +126,29 @@ set(MBEDTLS_FATAL_WARNINGS OFF) set(ENABLE_DOCS OFF) set(INSTALL_MBEDTLS_HEADERS OFF) set(LIB_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto/install) +set(GEN_FILES OFF) -set(lib_target crypto_service_mbedcrypto_libs) -set(mbedcrypto_target crypto_service_mbedcrypto) -set(mbedtls_target crypto_service_mbedtls) -set(mbedx509_target crypto_service_mbedx509) +# Set the prefix to be used by mbedTLS targets set(MBEDTLS_TARGET_PREFIX crypto_service_) +# CMake should be aware of the config files being used +# FixMe: comment these until the config files are cleaned up to be self-contained +#set(MBEDTLS_PSA_CRYPTO_CONFIG_FILE "${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}") +#set(MBEDTLS_CONFIG_FILE "${TFM_MBEDCRYPTO_CONFIG_PATH}") + +# Check if the p256m driver is enabled in the config file, as that will require a +# dedicated target to be linked in. Note that 0 means SUCCESS here, 1 means FAILURE +set(MBEDTLS_P256M_NOT_FOUND 1) +execute_process(COMMAND + ${Python3_EXECUTABLE} + ${MBEDCRYPTO_PATH}/scripts/config.py -f "${TFM_MBEDCRYPTO_CONFIG_PATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED + RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND) + +if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0) + message(STATUS "[Crypto service] Using P256M software driver in PSA Crypto backend") + set(MBEDTLS_P256M_ENABLED true) +else() + set(MBEDTLS_P256M_ENABLED false) +endif() # Mbedcrypto is quite a large lib, and it uses too much memory for it to be # reasonable to build it in debug info. As a compromise, if `debug` build type @@ -150,35 +156,70 @@ set(MBEDTLS_TARGET_PREFIX crypto_service_) # symbols whild optimizing space. set(SAVED_BUILD_TYPE ${CMAKE_BUILD_TYPE}) set(CMAKE_BUILD_TYPE ${MBEDCRYPTO_BUILD_TYPE}) -add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto) +add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto EXCLUDE_FROM_ALL) set(CMAKE_BUILD_TYPE ${SAVED_BUILD_TYPE} CACHE STRING "Build type: [Debug, Release, RelWithDebInfo, MinSizeRel]" FORCE) -if(NOT TARGET crypto_service_mbedcrypto) - message(FATAL_ERROR "Target crypto_service_mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ? +if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto) + message(FATAL_ERROR "[Crypto service] Target ${MBEDTLS_TARGET_PREFIX}mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ? Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`") endif() -target_include_directories(crypto_service_mbedcrypto +target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto PUBLIC ${CMAKE_CURRENT_SOURCE_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api ) -target_sources(crypto_service_mbedcrypto +# Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking +set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3) + +target_sources(${MBEDTLS_TARGET_PREFIX}mbedcrypto PRIVATE $<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_mbedcrypto_alt.c> ) -target_compile_options(crypto_service_mbedcrypto +target_compile_options(${MBEDTLS_TARGET_PREFIX}mbedcrypto PRIVATE + $<$<C_COMPILER_ID:GNU>:-Wno-unused-const-variable> $<$<C_COMPILER_ID:GNU>:-Wno-unused-parameter> + $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-const-variable> $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-parameter> ) -target_link_libraries(crypto_service_mbedcrypto +target_compile_definitions(${MBEDTLS_TARGET_PREFIX}mbedcrypto + PRIVATE + MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER +) + +if(MBEDTLS_P256M_ENABLED) + # FixMe: The p256m CmakeLists.txt in version 3.5.0 has an issue with target + # names and for this reason we need to force those defines at this stage + target_compile_definitions(${MBEDTLS_TARGET_PREFIX}p256m + PRIVATE + MBEDTLS_PSA_P256M_DRIVER_ENABLED + MBEDTLS_PSA_CRYPTO_SPM + ) + + # The crypto_spe.h to be passed to p256m is here + target_include_directories(${MBEDTLS_TARGET_PREFIX}p256m + PRIVATE + . + ) + + # FPU flags for p256m + target_compile_options(${MBEDTLS_TARGET_PREFIX}p256m + PRIVATE + ${COMPILER_CP_FLAG} + ) +endif() + +target_link_libraries(${MBEDTLS_TARGET_PREFIX}mbedcrypto PRIVATE psa_interface - tfm_secure_api platform_s + $<$<BOOL:${MBEDTLS_P256M_ENABLED}>:${MBEDTLS_TARGET_PREFIX}p256m> PUBLIC crypto_service_mbedcrypto_config + INTERFACE + platform_common_interface ) |