aboutsummaryrefslogtreecommitdiff
path: root/secure_fw/partitions/crypto/CMakeLists.txt
diff options
context:
space:
mode:
Diffstat (limited to 'secure_fw/partitions/crypto/CMakeLists.txt')
-rw-r--r--secure_fw/partitions/crypto/CMakeLists.txt183
1 files changed, 112 insertions, 71 deletions
diff --git a/secure_fw/partitions/crypto/CMakeLists.txt b/secure_fw/partitions/crypto/CMakeLists.txt
index a99b685905..032a404ae0 100644
--- a/secure_fw/partitions/crypto/CMakeLists.txt
+++ b/secure_fw/partitions/crypto/CMakeLists.txt
@@ -1,5 +1,5 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@@ -9,11 +9,14 @@ if (NOT TFM_PARTITION_CRYPTO)
return()
endif()
-cmake_minimum_required(VERSION 3.15)
-cmake_policy(SET CMP0079 NEW)
+find_package(Python3)
+
+cmake_minimum_required(VERSION 3.21)
add_library(tfm_psa_rot_partition_crypto STATIC)
+add_dependencies(tfm_psa_rot_partition_crypto manifest_tool)
+
target_sources(tfm_psa_rot_partition_crypto
PRIVATE
crypto_init.c
@@ -21,98 +24,75 @@ target_sources(tfm_psa_rot_partition_crypto
crypto_cipher.c
crypto_hash.c
crypto_mac.c
- crypto_key.c
crypto_aead.c
crypto_asymmetric.c
crypto_key_derivation.c
+ crypto_key_management.c
+ crypto_rng.c
+ crypto_library.c
+ $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:psa_driver_api/tfm_builtin_key_loader.c>
)
# The generated sources
target_sources(tfm_psa_rot_partition_crypto
PRIVATE
- $<$<BOOL:${TFM_PSA_API}>:
- ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c>
+ ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c
+)
+target_sources(tfm_partitions
+ INTERFACE
+ ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c
)
+# Set include directory
target_include_directories(tfm_psa_rot_partition_crypto
PRIVATE
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto
)
+target_include_directories(tfm_partitions
+ INTERFACE
+ ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto
+)
# Linking to external interfaces
target_link_libraries(tfm_psa_rot_partition_crypto
PRIVATE
- tfm_secure_api
platform_s
crypto_service_mbedcrypto
- psa_interface
+ tfm_config
tfm_sprt
)
target_compile_definitions(tfm_psa_rot_partition_crypto
PUBLIC
- $<$<BOOL:${CRYPTO_KEY_MODULE_DISABLED}>:TFM_CRYPTO_KEY_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_AEAD_MODULE_DISABLED}>:TFM_CRYPTO_AEAD_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_MAC_MODULE_DISABLED}>:TFM_CRYPTO_MAC_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_CIPHER_MODULE_DISABLED}>:TFM_CRYPTO_CIPHER_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_HASH_MODULE_DISABLED}>:TFM_CRYPTO_HASH_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_GENERATOR_MODULE_DISABLED}>:TFM_CRYPTO_GENERATOR_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_ASYMMETRIC_MODULE_DISABLED}>:TFM_CRYPTO_ASYMMETRIC_MODULE_DISABLED>
- $<$<BOOL:${CRYPTO_KEY_DERIVATION_MODULE_DISABLED}>:TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED>
+ MBEDTLS_PSA_CRYPTO_DRIVERS
+ $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY>
PRIVATE
- $<$<BOOL:${CRYPTO_ENGINE_BUF_SIZE}>:TFM_CRYPTO_ENGINE_BUF_SIZE=${CRYPTO_ENGINE_BUF_SIZE}>
- $<$<BOOL:${CRYPTO_CONC_OPER_NUM}>:TFM_CRYPTO_CONC_OPER_NUM=${CRYPTO_CONC_OPER_NUM}>
- $<$<AND:$<BOOL:${TFM_PSA_API}>,$<BOOL:${CRYPTO_IOVEC_BUFFER_SIZE}>>:TFM_CRYPTO_IOVEC_BUFFER_SIZE=${CRYPTO_IOVEC_BUFFER_SIZE}>
-)
-
-################ Display the configuration being applied #######################
-
-message(STATUS "---------- Display crypto configuration - start --------------")
-
-message(STATUS "CRYPTO_KEY_MODULE_DISABLED is set to ${CRYPTO_KEY_MODULE_DISABLED}")
-message(STATUS "CRYPTO_AEAD_MODULE_DISABLED is set to ${CRYPTO_AEAD_MODULE_DISABLED}")
-message(STATUS "CRYPTO_MAC_MODULE_DISABLED is set to ${CRYPTO_MAC_MODULE_DISABLED}")
-message(STATUS "CRYPTO_CIPHER_MODULE_DISABLED is set to ${CRYPTO_CIPHER_MODULE_DISABLED}")
-message(STATUS "CRYPTO_HASH_MODULE_DISABLED is set to ${CRYPTO_HASH_MODULE_DISABLED}")
-message(STATUS "CRYPTO_GENERATOR_MODULE_DISABLED is set to ${CRYPTO_GENERATOR_MODULE_DISABLED}")
-message(STATUS "CRYPTO_ASYMMETRIC_MODULE_DISABLED is set to ${CRYPTO_ASYMMETRIC_MODULE_DISABLED}")
-message(STATUS "CRYPTO_ENGINE_BUF_SIZE is set to ${CRYPTO_ENGINE_BUF_SIZE}")
-message(STATUS "CRYPTO_CONC_OPER_NUM is set to ${CRYPTO_CONC_OPER_NUM}")
-if (${TFM_PSA_API})
- message(STATUS "CRYPTO_IOVEC_BUFFER_SIZE is set to ${CRYPTO_IOVEC_BUFFER_SIZE}")
-endif()
-message(STATUS "---------- Display crypto configuration - stop ---------------")
-
-############################ Secure API ########################################
-
-target_sources(tfm_sprt
- PRIVATE
- ${CMAKE_CURRENT_SOURCE_DIR}/tfm_crypto_secure_api.c
+ $<$<STREQUAL:${CRYPTO_HW_ACCELERATOR_TYPE},cc312>:CRYPTO_HW_ACCELERATOR_CC312>
+ MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
)
-# The veneers give warnings about not being properly declared so they get hidden
-# to not overshadow _real_ warnings.
-set_source_files_properties(tfm_crypto_secure_api.c
- PROPERTIES
- COMPILE_FLAGS -Wno-implicit-function-declaration
-)
+############################ Partition Defs ####################################
-# Pick up configuration definitions
-target_link_libraries(tfm_secure_api
+target_link_libraries(tfm_partitions
INTERFACE
tfm_psa_rot_partition_crypto
)
-############################ Partition Defs ####################################
+target_compile_definitions(tfm_config
+ INTERFACE
+ TFM_PARTITION_CRYPTO
+)
-target_link_libraries(tfm_partitions
+target_link_libraries(tfm_config
INTERFACE
- tfm_psa_rot_partition_crypto
+ psa_crypto_config
)
-target_compile_definitions(tfm_partition_defs
+############################### PSA CRYPTO CONFIG ##############################
+add_library(psa_crypto_config INTERFACE)
+target_compile_definitions(psa_crypto_config
INTERFACE
- TFM_PARTITION_CRYPTO
+ MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}"
)
############################### MBEDCRYPTO #####################################
@@ -125,9 +105,18 @@ target_compile_definitions(crypto_service_mbedcrypto_config
$<$<BOOL:${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}>:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}">
PSA_CRYPTO_SECURE
# Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
- $<$<OR:$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${CMAKE_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
+ $<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
+ $<$<BOOL:${PLATFORM_DEFAULT_NV_SEED}>:PLATFORM_DEFAULT_NV_SEED>
+ $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
+ MBEDTLS_PSA_CRYPTO_DRIVERS
+ $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER>
+)
+
+target_link_libraries(crypto_service_mbedcrypto_config
+ INTERFACE
+ tfm_config
+ psa_crypto_config
)
-cmake_policy(SET CMP0079 NEW)
set(CMAKE_POLICY_DEFAULT_CMP0077 NEW)
set(CMAKE_POLICY_DEFAULT_CMP0048 NEW)
@@ -137,12 +126,29 @@ set(MBEDTLS_FATAL_WARNINGS OFF)
set(ENABLE_DOCS OFF)
set(INSTALL_MBEDTLS_HEADERS OFF)
set(LIB_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto/install)
+set(GEN_FILES OFF)
-set(lib_target crypto_service_mbedcrypto_libs)
-set(mbedcrypto_target crypto_service_mbedcrypto)
-set(mbedtls_target crypto_service_mbedtls)
-set(mbedx509_target crypto_service_mbedx509)
+# Set the prefix to be used by mbedTLS targets
set(MBEDTLS_TARGET_PREFIX crypto_service_)
+# CMake should be aware of the config files being used
+# FixMe: comment these until the config files are cleaned up to be self-contained
+#set(MBEDTLS_PSA_CRYPTO_CONFIG_FILE "${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}")
+#set(MBEDTLS_CONFIG_FILE "${TFM_MBEDCRYPTO_CONFIG_PATH}")
+
+# Check if the p256m driver is enabled in the config file, as that will require a
+# dedicated target to be linked in. Note that 0 means SUCCESS here, 1 means FAILURE
+set(MBEDTLS_P256M_NOT_FOUND 1)
+execute_process(COMMAND
+ ${Python3_EXECUTABLE}
+ ${MBEDCRYPTO_PATH}/scripts/config.py -f "${TFM_MBEDCRYPTO_CONFIG_PATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED
+ RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND)
+
+if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0)
+ message(STATUS "[Crypto service] Using P256M software driver in PSA Crypto backend")
+ set(MBEDTLS_P256M_ENABLED true)
+else()
+ set(MBEDTLS_P256M_ENABLED false)
+endif()
# Mbedcrypto is quite a large lib, and it uses too much memory for it to be
# reasonable to build it in debug info. As a compromise, if `debug` build type
@@ -150,35 +156,70 @@ set(MBEDTLS_TARGET_PREFIX crypto_service_)
# symbols whild optimizing space.
set(SAVED_BUILD_TYPE ${CMAKE_BUILD_TYPE})
set(CMAKE_BUILD_TYPE ${MBEDCRYPTO_BUILD_TYPE})
-add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto)
+add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto EXCLUDE_FROM_ALL)
set(CMAKE_BUILD_TYPE ${SAVED_BUILD_TYPE} CACHE STRING "Build type: [Debug, Release, RelWithDebInfo, MinSizeRel]" FORCE)
-if(NOT TARGET crypto_service_mbedcrypto)
- message(FATAL_ERROR "Target crypto_service_mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ?
+if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto)
+ message(FATAL_ERROR "[Crypto service] Target ${MBEDTLS_TARGET_PREFIX}mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ?
Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`")
endif()
-target_include_directories(crypto_service_mbedcrypto
+target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto
PUBLIC
${CMAKE_CURRENT_SOURCE_DIR}
+ ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api
)
-target_sources(crypto_service_mbedcrypto
+# Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking
+set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3)
+
+target_sources(${MBEDTLS_TARGET_PREFIX}mbedcrypto
PRIVATE
$<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_mbedcrypto_alt.c>
)
-target_compile_options(crypto_service_mbedcrypto
+target_compile_options(${MBEDTLS_TARGET_PREFIX}mbedcrypto
PRIVATE
+ $<$<C_COMPILER_ID:GNU>:-Wno-unused-const-variable>
$<$<C_COMPILER_ID:GNU>:-Wno-unused-parameter>
+ $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-const-variable>
$<$<C_COMPILER_ID:ARMClang>:-Wno-unused-parameter>
)
-target_link_libraries(crypto_service_mbedcrypto
+target_compile_definitions(${MBEDTLS_TARGET_PREFIX}mbedcrypto
+ PRIVATE
+ MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+)
+
+if(MBEDTLS_P256M_ENABLED)
+ # FixMe: The p256m CmakeLists.txt in version 3.5.0 has an issue with target
+ # names and for this reason we need to force those defines at this stage
+ target_compile_definitions(${MBEDTLS_TARGET_PREFIX}p256m
+ PRIVATE
+ MBEDTLS_PSA_P256M_DRIVER_ENABLED
+ MBEDTLS_PSA_CRYPTO_SPM
+ )
+
+ # The crypto_spe.h to be passed to p256m is here
+ target_include_directories(${MBEDTLS_TARGET_PREFIX}p256m
+ PRIVATE
+ .
+ )
+
+ # FPU flags for p256m
+ target_compile_options(${MBEDTLS_TARGET_PREFIX}p256m
+ PRIVATE
+ ${COMPILER_CP_FLAG}
+ )
+endif()
+
+target_link_libraries(${MBEDTLS_TARGET_PREFIX}mbedcrypto
PRIVATE
psa_interface
- tfm_secure_api
platform_s
+ $<$<BOOL:${MBEDTLS_P256M_ENABLED}>:${MBEDTLS_TARGET_PREFIX}p256m>
PUBLIC
crypto_service_mbedcrypto_config
+ INTERFACE
+ platform_common_interface
)