aboutsummaryrefslogtreecommitdiff
path: root/bl2/CMakeLists.txt
AgeCommit message (Collapse)Author
2024-03-05Build: Clean up unnecessary cmake_policy()David Hu
Clean up unnecessary cmake_policy() after mini CMake version bumps. Change-Id: I62415adad591ab9e8e2248c6124e0d2c1c595d93 Signed-off-by: David Hu <david.hu@arm.com>
2024-03-05Build: Bump CMake mini version to 3.21David Hu
CMake 3.15 is a bit out-of-date. Bump mini version to 3.21 to take advantage of newer version. Change-Id: I1162aebbfb50507925d6aa86546dcfc41b7aa4de Signed-off-by: David Hu <david.hu@arm.com>
2023-09-28BL2: Enable ECDSA signature verificationRoland Mikhel
Add the option to use ECDSA signature verification with PSA Crypto for MCUboot by setting the MCUBOOT_SIGNATURE_TYPE to EC-P256 / EC-P384 and enabling MCUBOOT_USE_PSA_CRYPTO in the CMake configuration. Updating the MCUBOOT_VERSION to have: - ECDSA signature verification using the PSA Crypto API, - ECDSA-P384 support. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: Ida24010ca043081743712c75c3a8fe616f61c127
2023-09-25Build: move signature key len into signature typeRoland Mikhel
The current approach in MCUBoot assumes the signature type and the key len are separate values, but this only applies to RSA. For other signature types (such as ECDSA) the key len is not applicable. This change merges the key length and the signature type for RSA thus removing the need for extra conditions in the build configuration when the signature is specified in a different way. Signed-off-by: Roland Mikhel <roland.mikhel@arm.com> Change-Id: I5e2bba814695ec0d366b202b9c40fd7daa9484ac
2023-09-21BL2: Add command line option to enable MCUBOOT_USE_PSA_CRYPTOAntonio de Angelis
Add the option to enable MCUBOOT_USE_PSA_CRYPTO by passing it through Cmake configuration step using the -DMCUBOOT_USE_PSA_CRYPTO=ON. Amend Kconfig menu as well. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I8445b7bb94c52e61a7d02730995f4723be9ac78a
2023-08-29Build: Add stub functions of system callschesun01
GNU Arm compiler version greater equal than *11.3.Rel1* has a linker issue that required system calls are missing, such as _read and _write. Add stub functions of required system calls to solve this issue. Signed-off-by: Chendi Sun <chendi.sun@arm.com> Change-Id: I1384a405174097639e4c7bb71f19d01a66318a2d
2023-08-18Build: Refine the measured boot build optionsJamie Fox
Move measured boot build options into the common platform CMakeLists, as these options are part of the common boot HAL, available to any platform. Unlink the measured boot options from TFM_PARTITION_MEASURED_BOOT to make it possible to configure the boot options separately from the runtime config. There are three configs for the bootloader: - CONFIG_TFM_BOOT_STORE_MEASUREMENTS = OFF No measured boot. - CONFIG_TFM_BOOT_STORE_MEASUREMENTS = ON - CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS = OFF Boot measurements stored in unencoded format defined by TF-M boot HAL. Boot measurements available from BL1 and BL2. - CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS = ON Boot measurements stored in MCUboot CBOR-encoded format. Boot measurements only available from MCUboot BL2. Use TFM_MEASURED_BOOT_API as the C definition for unencoded TF-M measurements, to correspond to MCUBOOT_MEASURED_BOOT for MCUboot measurements. Remove BL1 measured boot and not TFM_PARTITION_MEASURED_BOOT invalid config, as other partitions could process the BL1 shared data in future. Remove TFM_PARTITION_MEASURED_BOOT option from CS1000, since it does not build the measured boot partition, the option was only added to avoid invalid config. Signed-off-by: Jamie Fox <jamie.fox@arm.com> Change-Id: I7f2901b970233a9861d0883a845e90e3e64ceb6e
2023-02-13Build: Support FPU with ARMCLANG.chesun01
Support FPU with ARMCLANG on AN521 and AN552. Signed-off-by: Chendi Sun <chendi.sun@arm.com> Change-Id: Id167c0c6bef0987199476edf1b0451057f8441be
2022-07-29Boot: Save the boot measurements of BL2David Vincze
These measurements are not encoded; they are shared with the measured boot secure partition in a raw format. When these measurements are used, sharing the CBOR encoded measurements from the TLV area is unnecessary. Change-Id: I61d0598123d2be964439d320b8bc7c53b00ec58e Signed-off-by: David Vincze <david.vincze@arm.com>
2022-07-15CC312: XXX_ALT is not needed when use PSA driverSummer Qin
XXX_ALT is not needed when CC312 use PSA driver. Use PSA driver for CC3XX driver to avoid fallback to software implementation which will save 7.85KB in ROM size. Signed-off-by: Summer Qin <summer.qin@arm.com> Change-Id: I7f4b7497f8e6513718423d3b69d37b5f0fd9a1b0
2022-06-21Build: Disable GEN_FILES explicitly for mbedTLSAnton Komlev
Every release of MbedTLS comes with pre-generated files with no need to re-generate them for a simple use. Althouhg GEN_FIELS shall be OFF in the released version some logic causes it to be ON at least on Windows build and require Perl in the system despite being not used so better set GEN_FILES=OFF explicitly. Signed-off-by: Anton Komlev <anton.komlev@arm.com> Change-Id: I510817d37c6b1e7a340c391df82c4820463e55f6
2022-03-21Build: Refactor code-sharing primitivesRaef Coles
Makes the interface more aligned with modern cmake, and generally streamlines the experience. Change-Id: Iad289c7e6be1af1e7ae80d3792698a31b2d9368e Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-01-18Merge remote-tracking branch 'origin/master' into feature-cc-psa-crypto-driversAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ie015bdce9095c6b3f743bbebae3b35666a7506ee
2022-01-17BL2: Add BL2 test codeRaef Coles
Change-Id: I96f781b5de80e4a20121c596b1790259e98173f3 Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-01-07Merge remote-tracking branch 'origin/master' into feature-cc-psa-crypto-driversAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I13aa534658bd3ab422b8d8f1d09696fb00d78349
2021-11-26platform: add secure debug public key to the otpSatish Kumar
The commit adds secure debug public key hash to the OTP layout. The commit provides the implementation of reading and writing the key from cc312 based OTP backend. Change-Id: Ic130aa9a301c79d49d61ae3b2e7162772de17893 Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
2021-11-23Build: Create a dedicated target for the interface of CC-312 stackAntonio de Angelis
This patch introduces a dedicated target for the interface APIs to help modularize the CC-312 stack build process. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ia2074e8b5e544f7ef82767af520bbf9698edf27d
2021-11-23Merge branch '1.5.x' into feature-cc-psa-crypto-driversAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I6c9e3ec17e791bee5b3970deac2d555449e208ad
2021-11-16Build: Clean up mbedcrypto related CMakeLists.txtAntonio de Angelis
Simplify dependencies and use consistent style for mbedTLS related targets both in BL2 and TF-M Crypto. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I45b53a3ec18f34670560f20c2151a8c5e8d6f7c6
2021-11-16SPM: Add FPU support for gnu arm embedded toolchainFeder Liang
1. Enable FP support in SPE by CONFIG_TFM_SPE_FP (0:software, 1:hybird, 2:hardware) for IPC model. It doesn't support LIBRARY model. 2. Enable lazy stacking from SPE by CONFIG_TFM_LAZY_STACKING_SPE (OFF, ON). 3. Separate qcbor, t_cose for SPE and NSPE. Note: NSPE is not allowed to use FPU at current stage when FPU is enabled for SPE. Change-Id: I856fdcccbbc403c5ec3689d95df4d082f106ff47 Signed-off-by: Feder Liang <Feder.Liang@arm.com>
2021-11-15Build: Propagate correct flags to crypto related librariesAntonio de Angelis
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ib53e977d40e17b3f7cc80b64139f6347a33cd785
2021-11-01Build: Exclude mbedTLS targets from allAntonio de Angelis
This patch makes sure that mbedTLS specific targets are not added by default to the all target. This allows to avoid installing them by default as they are not needed/used and allow to build them only when pulled in as a dependency from other targets. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ic1d8f8efdf8a706a2e1d6361fb1c9815e8da711f
2021-11-01Build: Exclude mbedTLS targets from allAntonio de Angelis
This patch makes sure that mbedTLS specific targets are not added by default to the all target. This allows to avoid installing them by default as they are not needed/used and allow to build them only when pulled in as a dependency from other targets. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ic1d8f8efdf8a706a2e1d6361fb1c9815e8da711f
2021-10-27Build: Add support for using target arch onlyGabor Abonyi
Add the ability to specify only target architecture without setting target CPU. This commit adds support for GCC and ARMCLANG only. For Armclang, set architecture is now checked against available arch targets instead of processors. Modifiers (nodsp, nofp, nomve) is now propagated to CMAKE_C_FLAGS in -march. Use TFM_SYSTEM_ARCHITECTURE in CMakeListst.txt instead of previous CMAKE_SYSTEM_ARCHITECTURE, which is not a CMAKE variable, to reduce possible confusion with CMAKE_SYSTEM_ARCH which is a CMAKE variable for Armclang. Change-Id: If86e7ee82172374fb729f3e51ddfc411b7dd651e Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
2021-10-21Build: Fixes on target names and dependenciesAntonio de Angelis
Do not set mbedTLS target names explictly but just use the MBEDTLS_TARGET_PREFIX variable. Also, enforce depedency in BL2 between platform (boot_hal) and the bl2_crypto_hw target which is missed currently. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I9300d2eca775f0027889937822aff271537c6b29
2021-10-07Platform: Add provisioning api and implementationRaef Coles
Provision data and secrets to OTP memory, where they can later be retrieved. Used for all data that should be changed on a per-device / per-implementation basis. Add a cmake option to replace with platform-specific implementation. Update provisioning documentation. Change-Id: I0f2e85e93c12bd47b9f68490672d0fc0695e1612 Signed-off-by: Raef Coles <raef.coles@arm.com>
2021-08-04Build: Make possible to overwrite BL2 sourcesMark Horvath
This commit introduces two cmake flags to let a platform overwrite BL2 related implementations created by the TF-M project. - Setting DEFAULT_MCUBOOT_FLASH_MAP to OFF makes possible for a platform to create custom flash map. - Setting DEFAULT_MCUBOOT_SECURITY_COUNTER to OFF makes possible for a platform to use custom security counter mapping. Change-Id: Ib1955e63e78dd5a5a7dff67a49dab1d5d1a06fc1 Signed-off-by: Mark Horvath <mark.horvath@arm.com> Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
2021-07-20Boot: Integrate MCUboot based on mbedtls-3.0.0Sherry Zhang
Change-Id: Ia4150d99c8a4c0f73e94030864bb6baf7e75ef49 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-05-17mcuboot: make mbedcrypto config file configurableIoannis Glaropoulos
Change the mbedtls config file path for mcuboot to being configurable by the user. For that we introduce a new CMake variable, called MCUBOOT_MBEDCRYPTO_CONFIG_PATH. Change-Id: I14701b8301f039f0eb081919a2589bcca7936e8f Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
2021-03-19Boot: Move Mbed TLS configuration file for MCUbootRobert Rostohar
Move the configuration template to a standalone 'config' directory. Enables support for CMSIS-Packs. Avoids that the configuration template from the pack is in the include search path together with other include files from the same 'include' directory. Configuration file is copied to the project and its directory is added to the include search path. Signed-off-by: Robert Rostohar <Robert.Rostohar@arm.com> Change-Id: I39afeafdcbf26e83a73c711cf1ae86e5e2667b1d
2021-03-19FWU: Add Firmware Update partitionSherry Zhang
Firmware Update(FWU) partition provides the functionality of updating firmware images. This patch implemented the partition in Library mode. Change-Id: I736477549b055c64cd8106ad57c3ad7b1b2007ee Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-03-12BL2: Validate target access address in flash_map.cSherry Zhang
Before accessing the target access address in flash_area_xxx operation in flash_map.c, check whether the address is within the size of the area. Change-Id: I8a9a5f72b6a0a54b8f100d342c6868d7a8817733 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2020-12-17Build: Use upstream bootutil cmakeRaef Coles
To allow easier integration of changes to bootutil structure. Also, bump MCUboot version to one where the bootutil cmake is present. Change-Id: I97547480267f69711494b53aee500a4925eb43b7 Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-12-17Build: Add mbedtls patch to help code sharingTamas Ban
Adds a patch file that, when applied to mbedtls, will remove the 'static' keyword from some function pointers related to memory allocation. This allows more functions to be shared between MCUboot and the secure firmware. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: Ibc6cbb3ab18fccc92a5b8608b9f1ef54c1136d2f
2020-12-17Build: Enable code sharing between bootloader and SPETamas Ban
Add CMake functions to allow sharing regions of code between independently linked binaries. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: I6a6132d6c1558b242d8da1dedab14f93a852f81a
2020-11-03Build: Refactor toolchain filesRaef Coles
Change from a CMAKE toolchain file to a TFM toolchain file, avoiding some abuses of the CMAKE_TOOLCHAIN_FILE that were used as a workaround for compiler setup. Also add the CROSS_COMPILE variable. Bump cmake required version to 3.15. Change-Id: I0948033045e2d2f34beffa807925fc7375098335 Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-30Build: add compat for mbedtls patch upstreamingRaef Coles
Add build options for compatibility with patches being upstreamed to mbedtls. Update header paths in CC312 lib. This keeps compatibility with current patches. Change-Id: I09791019ff6825ec74af95e84a2b27e42dfd20f8 Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-29Build: Update IAR cmake files, fix Windows build errorsTTornblom
Fixed regex issue in toolchain_IARARM.cmake, causing Windows build errors Moved --map option from toolchain file to CMakeLists.txt files, like for ARMClang and GNUARM Removed dead code from toolchain_IARARM.cmake Renamed IAR RTX libraries in CMakeLists.txt Signed-off-by: TTornblom <thomas.tornblom@iar.com> Change-Id: I01805f59a5be0ca4cd2bf47f20dd4a8852c1ea54
2020-09-30Boot: Remove forked MCUboot from TF-MBalint Matyi
Remove the generic MCUboot source files from TF-M in order to rely only on upstream MCUboot project as a secure second stage bootloader. At this point all the features from the internal fork are already upstreamed to the original project so from feature point of view the switch is seamless. From now on any new development is going to be directly upstreamed to the original project. Some platform and project specific files and scripts are still kept in the bl2/ext/mcuboot folder to make possible the integration with TF-M project. Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Signed-off-by: Tamas Ban <Tamas.Ban@arm.com> Change-Id: I261c11383202d02eecff06c21d5c51d6ec8f27ea
2020-09-25Build: Fix minor issues with new buildsystemRaef Coles
Several minor bugfixes: * Add error messages for unsupported generators / compilers * Remove unsupported warning disablement option on IAR * Fix typo in error message Change-Id: I492872d5af5e507d52e2f9f1fbb28f39359349ee Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-09-24Build: Convert bl2 dir to modern cmakeRaef Coles
Alters cmake files inside the bl2 directory. Moves some bl2 files to mirror the directory structure of upstream MCUboot. Renames some of the key files to allow easier programmatic selection. Alters some headers where the include paths have changed. WARNING: This change will not build in isolation, it requires _all_ other cmake changes to successfully build. It is split out only for clarity of changes. Change-Id: I8fe822d982d5e1635fb3176135e33bc3acf9163a Signed-off-by: Raef Coles <raef.coles@arm.com>