Age | Commit message (Collapse) | Author |
|
Clean up unnecessary cmake_policy() after mini CMake version bumps.
Change-Id: I62415adad591ab9e8e2248c6124e0d2c1c595d93
Signed-off-by: David Hu <david.hu@arm.com>
|
|
CMake 3.15 is a bit out-of-date.
Bump mini version to 3.21 to take advantage of newer version.
Change-Id: I1162aebbfb50507925d6aa86546dcfc41b7aa4de
Signed-off-by: David Hu <david.hu@arm.com>
|
|
Add the option to use ECDSA signature verification
with PSA Crypto for MCUboot by setting the
MCUBOOT_SIGNATURE_TYPE to EC-P256 / EC-P384 and enabling
MCUBOOT_USE_PSA_CRYPTO in the CMake configuration.
Updating the MCUBOOT_VERSION to have:
- ECDSA signature verification using the PSA Crypto API,
- ECDSA-P384 support.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ida24010ca043081743712c75c3a8fe616f61c127
|
|
The current approach in MCUBoot assumes the signature type and the
key len are separate values, but this only applies to RSA. For
other signature types (such as ECDSA) the key len is not applicable.
This change merges the key length and the signature type for RSA
thus removing the need for extra conditions in the build
configuration when the signature is specified in a different way.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I5e2bba814695ec0d366b202b9c40fd7daa9484ac
|
|
Add the option to enable MCUBOOT_USE_PSA_CRYPTO by passing it
through Cmake configuration step using the -DMCUBOOT_USE_PSA_CRYPTO=ON.
Amend Kconfig menu as well.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I8445b7bb94c52e61a7d02730995f4723be9ac78a
|
|
GNU Arm compiler version greater equal than *11.3.Rel1*
has a linker issue that required system calls are missing,
such as _read and _write. Add stub functions of required
system calls to solve this issue.
Signed-off-by: Chendi Sun <chendi.sun@arm.com>
Change-Id: I1384a405174097639e4c7bb71f19d01a66318a2d
|
|
Move measured boot build options into the common platform CMakeLists,
as these options are part of the common boot HAL, available to any
platform.
Unlink the measured boot options from TFM_PARTITION_MEASURED_BOOT to
make it possible to configure the boot options separately from the
runtime config. There are three configs for the bootloader:
- CONFIG_TFM_BOOT_STORE_MEASUREMENTS = OFF
No measured boot.
- CONFIG_TFM_BOOT_STORE_MEASUREMENTS = ON
- CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS = OFF
Boot measurements stored in unencoded format defined by TF-M
boot HAL. Boot measurements available from BL1 and BL2.
- CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS = ON
Boot measurements stored in MCUboot CBOR-encoded format. Boot
measurements only available from MCUboot BL2.
Use TFM_MEASURED_BOOT_API as the C definition for unencoded TF-M
measurements, to correspond to MCUBOOT_MEASURED_BOOT for MCUboot
measurements.
Remove BL1 measured boot and not TFM_PARTITION_MEASURED_BOOT invalid
config, as other partitions could process the BL1 shared data in future.
Remove TFM_PARTITION_MEASURED_BOOT option from CS1000, since it does not
build the measured boot partition, the option was only added to avoid
invalid config.
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
Change-Id: I7f2901b970233a9861d0883a845e90e3e64ceb6e
|
|
Support FPU with ARMCLANG on AN521 and AN552.
Signed-off-by: Chendi Sun <chendi.sun@arm.com>
Change-Id: Id167c0c6bef0987199476edf1b0451057f8441be
|
|
These measurements are not encoded; they are shared with the measured
boot secure partition in a raw format. When these measurements are used,
sharing the CBOR encoded measurements from the TLV area is unnecessary.
Change-Id: I61d0598123d2be964439d320b8bc7c53b00ec58e
Signed-off-by: David Vincze <david.vincze@arm.com>
|
|
XXX_ALT is not needed when CC312 use PSA driver.
Use PSA driver for CC3XX driver to avoid fallback to software
implementation which will save 7.85KB in ROM size.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I7f4b7497f8e6513718423d3b69d37b5f0fd9a1b0
|
|
Every release of MbedTLS comes with pre-generated files with no need to
re-generate them for a simple use. Althouhg GEN_FIELS shall be OFF in
the released version some logic causes it to be ON at least on Windows build
and require Perl in the system despite being not used so better set
GEN_FILES=OFF explicitly.
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I510817d37c6b1e7a340c391df82c4820463e55f6
|
|
Makes the interface more aligned with modern cmake, and generally
streamlines the experience.
Change-Id: Iad289c7e6be1af1e7ae80d3792698a31b2d9368e
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ie015bdce9095c6b3f743bbebae3b35666a7506ee
|
|
Change-Id: I96f781b5de80e4a20121c596b1790259e98173f3
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I13aa534658bd3ab422b8d8f1d09696fb00d78349
|
|
The commit adds secure debug public key hash to the OTP
layout. The commit provides the implementation of reading
and writing the key from cc312 based OTP backend.
Change-Id: Ic130aa9a301c79d49d61ae3b2e7162772de17893
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
|
|
This patch introduces a dedicated target for the interface
APIs to help modularize the CC-312 stack build process.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ia2074e8b5e544f7ef82767af520bbf9698edf27d
|
|
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I6c9e3ec17e791bee5b3970deac2d555449e208ad
|
|
Simplify dependencies and use consistent style for mbedTLS
related targets both in BL2 and TF-M Crypto.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I45b53a3ec18f34670560f20c2151a8c5e8d6f7c6
|
|
1. Enable FP support in SPE by CONFIG_TFM_SPE_FP (0:software, 1:hybird,
2:hardware) for IPC model.
It doesn't support LIBRARY model.
2. Enable lazy stacking from SPE by CONFIG_TFM_LAZY_STACKING_SPE (OFF,
ON).
3. Separate qcbor, t_cose for SPE and NSPE.
Note:
NSPE is not allowed to use FPU at current stage when FPU is enabled
for SPE.
Change-Id: I856fdcccbbc403c5ec3689d95df4d082f106ff47
Signed-off-by: Feder Liang <Feder.Liang@arm.com>
|
|
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ib53e977d40e17b3f7cc80b64139f6347a33cd785
|
|
This patch makes sure that mbedTLS specific targets
are not added by default to the all target. This
allows to avoid installing them by default as they
are not needed/used and allow to build them only
when pulled in as a dependency from other targets.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ic1d8f8efdf8a706a2e1d6361fb1c9815e8da711f
|
|
This patch makes sure that mbedTLS specific targets
are not added by default to the all target. This
allows to avoid installing them by default as they
are not needed/used and allow to build them only
when pulled in as a dependency from other targets.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: Ic1d8f8efdf8a706a2e1d6361fb1c9815e8da711f
|
|
Add the ability to specify only target architecture without setting
target CPU. This commit adds support for GCC and ARMCLANG only.
For Armclang, set architecture is now checked against available arch
targets instead of processors. Modifiers (nodsp, nofp, nomve) is now
propagated to CMAKE_C_FLAGS in -march.
Use TFM_SYSTEM_ARCHITECTURE in CMakeListst.txt instead of previous
CMAKE_SYSTEM_ARCHITECTURE, which is not a CMAKE variable, to reduce
possible confusion with CMAKE_SYSTEM_ARCH which is a CMAKE variable
for Armclang.
Change-Id: If86e7ee82172374fb729f3e51ddfc411b7dd651e
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
|
|
Do not set mbedTLS target names explictly but just
use the MBEDTLS_TARGET_PREFIX variable. Also, enforce
depedency in BL2 between platform (boot_hal) and the
bl2_crypto_hw target which is missed currently.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Change-Id: I9300d2eca775f0027889937822aff271537c6b29
|
|
Provision data and secrets to OTP memory, where they can later be
retrieved. Used for all data that should be changed on a per-device /
per-implementation basis. Add a cmake option to replace with
platform-specific implementation. Update provisioning documentation.
Change-Id: I0f2e85e93c12bd47b9f68490672d0fc0695e1612
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
This commit introduces two cmake flags to let a platform overwrite BL2
related implementations created by the TF-M project.
- Setting DEFAULT_MCUBOOT_FLASH_MAP to OFF makes possible for a
platform to create custom flash map.
- Setting DEFAULT_MCUBOOT_SECURITY_COUNTER to OFF makes possible for a
platform to use custom security counter mapping.
Change-Id: Ib1955e63e78dd5a5a7dff67a49dab1d5d1a06fc1
Signed-off-by: Mark Horvath <mark.horvath@arm.com>
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
|
|
Change-Id: Ia4150d99c8a4c0f73e94030864bb6baf7e75ef49
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Change the mbedtls config file path for mcuboot to
being configurable by the user. For that we introduce
a new CMake variable, called MCUBOOT_MBEDCRYPTO_CONFIG_PATH.
Change-Id: I14701b8301f039f0eb081919a2589bcca7936e8f
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
|
|
Move the configuration template to a standalone 'config' directory.
Enables support for CMSIS-Packs.
Avoids that the configuration template from the pack is in the include search
path together with other include files from the same 'include' directory.
Configuration file is copied to the project and its directory is added
to the include search path.
Signed-off-by: Robert Rostohar <Robert.Rostohar@arm.com>
Change-Id: I39afeafdcbf26e83a73c711cf1ae86e5e2667b1d
|
|
Firmware Update(FWU) partition provides the functionality
of updating firmware images. This patch implemented the
partition in Library mode.
Change-Id: I736477549b055c64cd8106ad57c3ad7b1b2007ee
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
Before accessing the target access address in flash_area_xxx
operation in flash_map.c, check whether the address is within
the size of the area.
Change-Id: I8a9a5f72b6a0a54b8f100d342c6868d7a8817733
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
|
|
To allow easier integration of changes to bootutil structure. Also,
bump MCUboot version to one where the bootutil cmake is present.
Change-Id: I97547480267f69711494b53aee500a4925eb43b7
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Adds a patch file that, when applied to mbedtls, will remove the
'static' keyword from some function pointers related to memory
allocation. This allows more functions to be shared between MCUboot
and the secure firmware.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Change-Id: Ibc6cbb3ab18fccc92a5b8608b9f1ef54c1136d2f
|
|
Add CMake functions to allow sharing regions of code between
independently linked binaries.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I6a6132d6c1558b242d8da1dedab14f93a852f81a
|
|
Change from a CMAKE toolchain file to a TFM toolchain file, avoiding
some abuses of the CMAKE_TOOLCHAIN_FILE that were used as a workaround
for compiler setup. Also add the CROSS_COMPILE variable. Bump cmake
required version to 3.15.
Change-Id: I0948033045e2d2f34beffa807925fc7375098335
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Add build options for compatibility with patches being upstreamed to
mbedtls. Update header paths in CC312 lib. This keeps compatibility with
current patches.
Change-Id: I09791019ff6825ec74af95e84a2b27e42dfd20f8
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Fixed regex issue in toolchain_IARARM.cmake, causing Windows build errors
Moved --map option from toolchain file to CMakeLists.txt files, like
for ARMClang and GNUARM
Removed dead code from toolchain_IARARM.cmake
Renamed IAR RTX libraries in CMakeLists.txt
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Change-Id: I01805f59a5be0ca4cd2bf47f20dd4a8852c1ea54
|
|
Remove the generic MCUboot source files from TF-M in order to
rely only on upstream MCUboot project as a secure second stage
bootloader. At this point all the features from the internal
fork are already upstreamed to the original project so from
feature point of view the switch is seamless. From now on
any new development is going to be directly upstreamed to the
original project.
Some platform and project specific files and scripts are still
kept in the bl2/ext/mcuboot folder to make possible the integration
with TF-M project.
Signed-off-by: Balint Matyi <Balint.Matyi@arm.com>
Signed-off-by: Tamas Ban <Tamas.Ban@arm.com>
Change-Id: I261c11383202d02eecff06c21d5c51d6ec8f27ea
|
|
Several minor bugfixes:
* Add error messages for unsupported generators / compilers
* Remove unsupported warning disablement option on IAR
* Fix typo in error message
Change-Id: I492872d5af5e507d52e2f9f1fbb28f39359349ee
Signed-off-by: Raef Coles <raef.coles@arm.com>
|
|
Alters cmake files inside the bl2 directory. Moves some bl2 files to
mirror the directory structure of upstream MCUboot. Renames some of the
key files to allow easier programmatic selection. Alters some headers
where the include paths have changed.
WARNING: This change will not build in isolation, it requires _all_
other cmake changes to successfully build. It is split out only for
clarity of changes.
Change-Id: I8fe822d982d5e1635fb3176135e33bc3acf9163a
Signed-off-by: Raef Coles <raef.coles@arm.com>
|