aboutsummaryrefslogtreecommitdiff
path: root/platform/CMakeLists.txt
AgeCommit message (Collapse)Author
4 daysPlatform: Remove TFM_PERIPH_ACCESS_TESTShawn Shan
Test_peripheral_access is going to be deprecated, remove TFM_PERIPH_ACCESS_TEST related code in TF-M. Change-Id: I15c26ddf5afacb8d46c929448c6a4718d1e04e7d Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
14 daysSPM: Refine TF-M secure log controlDavid Hu
Refine the control logic of TF-M SPM log and SP log. - If SP log level is higher than silence or TF-M regerssion tests are enabled, enable SP raw log. - If SP raw log is enabled or SPM log level is higher than silence, enable SPM raw log. Add a config file to complete the configure settings. Change-Id: Ifc4e3c60e753bf464a12fb1037ef6a50b0470ff6 Signed-off-by: David Hu <david.hu@arm.com>
2021-08-20Build: Control single test without TEST_S/TEST_NS [TF-M repo]shejia01
To decrease the size of TF-M image so that it can work on a platform with limited resource, the build configure should allow developers to select one or more single test suites. The tf-m-test repo has added some build control flags. These flags can be controlled with "-D<FLAG>=ON" to turn on the related test suites' build. With the build control flags are added in tf-m-tests repo, the cmake build logic need to be refined. To make it easier to start single test suite without TEST_NS or TEST_S, more conditions need to be added to link tf-m-tests repo. Moreover, some test services should also depend on the new single test flags. By this patch, when TEST_S or TEST_NS is ON, all the secure or non-secure test suites will run either. When single test configuration like TEST_NS_XXX or TEST_S_XXX is ON, the single test suite will run if its dependencies are configurated. Signed-off-by: Jianliang Shen <jianliang.shen@arm.com> Change-Id: I2ca5b400ddfee2832e0eaae49da529f1c2d70c98
2021-07-26Build: Fix build error when Crypto Partition is disabledKevin Peng
This patch fixes build error when Crypto Partition is not enabled, for example for Musca-B1 with -DFORWARD_PROT_MSG=1 build option. This patch also replaces CMAKE_SOURCE_DIR with CMAKE_CURRENT_SOURCE_DIR to have shorter and more stable paths. Change-Id: I652afe9e48fc8d2391523cd7e835b4617a08515a Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-07-21Crypto: Use NV SEED as default entropy sourceSummer Qin
MBEDTLS_TEST_NULL_ENTROPY is removed from mbedtls 3.0.0. Change to use 'MBEDTLS_ENTROPY_NV_SEED' as the default entropy source if a platform doesn't generate entropy from hardware. Change-Id: If03c9dec3c6fb0d7bb98721963ac2142d43ed00d Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-06-22Test: Refactor IRQ TestingKevin Peng
This patch: - Replaces the tfm_irq_test_service_1 with the tfm_slih_test_service - Docs update: - Remove the out-of-date tfm_non-secure_interrupt_handling.rst - Remove IRQ test part in core_test_services_integration_guide.rst as core test does not participate in IRQ testing anymore. Note: The new SLIH testing does not support Library Model. Change-Id: I578d43ca7a363cdcb298226cc9ebad5f7b66fb48 Signed-off-by: Kevin Peng <kevin.peng@arm.com>
2021-06-15Build: Remove duplicated target source in platform_sXinyu Zhang
According to line 49, attest_hal.c is added twice in target platform_s. Remove this line because this file should only be added when PLATFORM_DUMMY_ATTEST_HAL is enabled. Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: Ie4df4763b9473a724eb4267f26b67147022e7639
2021-06-07Attest: Support to retrieve Initial Attestation public key in runtimeDavid Hu
Enable ATTEST_TEST_GET_PUBLIC_KEY flag in Musca-B1 and Musca-S1 with OTP enabled. Add Initial Attestation test service in manifest list. Change-Id: I8e982ee1a7c31548b4e7c74b937e17660cb0e89e Signed-off-by: David Hu <david.hu@arm.com>
2021-06-04Boot & FWU: Add support of reverting mechanism in DIRECT_XIP modeSherry Zhang
After updating the version of MCUBoot, revert mechanism in DIRECT_XIP mode is supported in MCUBoot. This commit adds the support of it in build system and updates the mcuboot based FWU shim layer implementation accordingly. Change-Id: I017d02e4161daee56f54ed3ed09f98ebb9a776e0 Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
2021-06-02Attest: Remove initial attestation get public key API functionDavid Hu
It is overkill to implement a dedicated secure function for NS to fetch initial attestation public key just for test purpose. Besides, this function to get public key can be confusing as it is not defined in PSA Initial Attestation API spec. Remove get public key secure function from NS and S sides to simplify TF-M initial attestation implementation and interface. Change-Id: I8d0967698e3d2f2c684194caa9a6234585026a71 Signed-off-by: David Hu <david.hu@arm.com>
2021-03-19Platform: Adjust HAL API to fit for FI hardeningTamas Ban
The FI hardening code requires to have a special return type of the protected functions: fih_int. Modify critical HAL and memory isolation APIs to use this return type when TFM_FIH_PROFILE is enabled. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Co-authorized-by: David Hu <david.hu@arm.com> Change-Id: I592bf3b365354f04f37eff5fad20bdefaa5b8978
2021-03-12TZ: Add configuration switch for PXNSummer Qin
PXN is a feature for armv8.1. Make it as an optional feature. Default value is 'OFF'. Set 'TFM_PXN_ENABLE' to 'ON' when use it. Change-Id: I3c7a15908dc37a9617894b2a0a53c7fcb1f35e2c Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-02-24SPM: Change log level from variable to string in CmakeShawn Shan
- TFM_SPM_LOG_LEVEL_SILENCE is a special string, not a variable in Cmake, change it to string type. - Exclude TFM_SVC_OUTPUT_UNPRIV_STRING in silence log level. Change-Id: Idf7ab9955e8568e47d3cdc5ab86ec783945ed086 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-01-26SPM: Obtain memory info by memory symbolsSummer Qin
- Global symbols are also part of HAL interfaces. - This is the first example of using defined symbols to get memory info. Change-Id: Id7fbaac4a90b95dfa4e6303e62e90fe5cdcdce53 Signed-off-by: Summer Qin <summer.qin@arm.com>
2021-01-22Build: Improve NS mailbox config flag settingDavid Hu
Support a flag TFM_MULTI_CORE_NS_OS to control NS integration. When integrating TF-M with NS OS on dual-cpu platforms, select TFM_MULTI_CORE_NS_OS in NS build to enable NS OS support in NS mailbox. When integrating TF-M with NS bare metal environment, disable TFM_MULTI_CORE_NS_OS and NS mailbox relies on looping and requires no support from NS OS. TFM_MULTI_CORE_MULTI_CLIENT_CALL is removed. NS mailbox build can get rid of the dependency on the configuration of TFM_MULTI_CORE_MULTI_CLIENT_CALL in S mailbox build. NUM_MAILBOX_QUEUE_SLOT directly indicates whether platform and SPE supports multiple NS PSA Client calls. Change-Id: I937b2afdb88cccc22a20617d2ab36bcc1b939b05 Signed-off-by: David Hu <david.hu@arm.com>
2021-01-15Build: Exclude log source files in silence log levelShawn Shan
Exclude the log source files from build system when log level is equal to SILENCE. Change-Id: I92171327a8a4993896b188a3fcaa06da740ea42a Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2021-01-06Build: Put CONFIG_TFM_ENABLE_MEMORY_PROTECT flag to platformMingyang Sun
The flag "CONFIG_TFM_ENABLE_MEMORY_PROTECT" is a platform-scope option, move it to platform_s target. Remove the isolation setup in library SPM code and reuse the one of SPM HAL, since they are doing the same things. Change-Id: I5766ddecc525ee2eda3f2e5989b31dd5c41fde6b Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>
2020-12-28Build: Skip building platform_ns when NS app is not selectedDavid Hu
Set EXCLUDE_FROM_ALL property in platform_ns target to skip building platform_ns target when NS app is disabled. Change-Id: I2e9c5122ec3253d510806d5cdf3d18ee3e4b1985 Signed-off-by: David Hu <david.hu@arm.com>
2020-12-28Build: Move psa_ns_api build to NS sideDavid Hu
Move NS interface source code build to NS side. NS interface build should be executed during NS build. Change-Id: I7ac3bbf1a9e975d8a9e2f4fb5cd6f367ff94cc9d Signed-off-by: David Hu <david.hu@arm.com>
2020-12-17Platform: Place global variables in shared code to dedicated sectionTamas Ban
The code sharing between bootloader and runtime firmware requires to share the global variables as well. Because the RAM area is reused by SPE when bootloader has finished its job, therefore it must be ensured that global variables are placed by the linker to the same place during both linking operation (MCUboot and SPE). This location is a dedicated section which has a fixed place at the beginning of the RAM and hence not colliding with other sections. If code sharing is disabled then this special section is not created. Change-Id: I4b6c181f924c1ab8c1733b99806e824526fb820b Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-12-15Build: Support out-of-tree platformsØyvind Rønningstad
Allows -DTFM_PLATFORM to be set to paths outside the TFM tree. e.g. cmake ... -DTFM_PLATFORM=../../../../tfm_platforms/my_platform Note: TFM_PLATFORM currently only accepts paths relative from platform/ext/target Change-Id: I99d194fdee43ffa29da67b22eb79ef5e450c1559 Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-12-10Platform: Add support to forward PSA msg in Musca-B1Mark Horvath
PSA RoT messages can be forwarded from the SSE-200 subsystem to the Secure Enclave in Musca-B1. Change-Id: Iab2c525cf41eae34585fb16a4b9bab941e6c7587 Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com> Signed-off-by: Mark Horvath <mark.horvath@arm.com>
2020-12-10Platform: Make UART stdout implementation replaceableGabor Abonyi
Change-Id: Ibc808027c8f4623ac2f3ae2c35f87d2f413837be Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
2020-12-01Build: Check MCUboot strategy configurationDavid Vincze
Validate the value of the MCUBOOT_UPGRADE_STRATEGY variable and set the accepted values for its cache entry. It helps to avoid misconfiguration which can remain hidden. Remove unused UPGRADE_STRATEGY string variable and unnecessary check. Change-Id: I6b8529dafe51cbaf2b26a5ac56a710c9687812ae Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-11-04Revert "Boot: Remove IAK from BL2"David Hu
This reverts commit d717c34b91f655d90f67a96c24b98d5f989b8261. Reason for revert: It breaks BL2 build on Musca-B1 with OTP enabled Change-Id: I305a65a6a0cea6a66a8919466783470bc3b58905 Signed-off-by: David Hu <david.hu@arm.com>
2020-11-03Boot: Remove IAK from BL2Mark Horvath
The initial attestation key is not needed for BL2 so it is removed. Change-Id: I41de034610861979252aa3a1d3541a456d324b8b Signed-off-by: Mark Horvath <mark.horvath@arm.com>
2020-11-03Build: Refactor toolchain filesRaef Coles
Change from a CMAKE toolchain file to a TFM toolchain file, avoiding some abuses of the CMAKE_TOOLCHAIN_FILE that were used as a workaround for compiler setup. Also add the CROSS_COMPILE variable. Bump cmake required version to 3.15. Change-Id: I0948033045e2d2f34beffa807925fc7375098335 Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-11-03Build: Add SPM log support for platformsShawn Shan
As SPM log functions have implemented, add SPM log support for all the platforms. Set default TFM_SPM_LOG_LEVEL equal to TFM_SPM_LOG_LEVEL_INFO. Change-Id: I4111a9ac3840497a70302bbddb19605f8feafe08 Signed-off-by: Shawn Shan <Shawn.Shan@arm.com>
2020-10-27Platform: Rework dummy crypto_key and tfm_rotpk to fix unresolved atMichel Jaouen
tfm_s link with ARMCLANG In case of build with PLATFORM_DUMMY_CRYPTO_KEYS, crypto_key is include in bl2 to provide tfm_plat_get_rotpk_hash used by bl2 only. When compiling secure without tfm_rotpk, device_rotpk is unresolved With ARMCLANG even if tfm_plat_get_rotpk_hash is not used by secure. Change-Id: Ifb5e51a2dff327bba2233d34302efdaf006cec6d Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2020-10-21Build: Renable dual-cpu multiple PSA client call featureDavid Hu
The flag to control multiple PSA client call feature doesn't take effect on dual-cpu platforms in the new build system. Re-configure it to enable this feature enabled on dual-cpu platforms. Change-Id: I3df464c29bec603678b2f05675be141e77dd7fb2 Signed-off-by: David Hu <david.hu@arm.com>
2020-10-20Build: Remove platform_bl2 in secure library linkMichel Jaouen
lib platform_bl2 is for linking bl2 only. tfm_s links with lib platform_s Change-Id: I5f76db8bb74945dd6f463a3febaf45d04a3e84f8 Signed-off-by: Michel Jaouen <michel.jaouen@st.com> Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-19Platform: Add TEST_PSA_API config to compile defSoby Mathew
This patch adds the value of TEST_PSA_API config to the compile definitions. This enables the platform to configure appropriately for the tests. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: If50b09eba78e273c04f8450a2177cbacfb324162
2020-10-13Build: Improve configuration of IRQ testsRaef Coles
Also PERIPH_ACCCESS tests. Update docs. Change-Id: I61274f9a067a2de7d45ffebedb81dd06d999600d Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-07Build: Improve handling of CMSIS RTX libRaef Coles
Also add necessary platform files for the core testsuite Change-Id: Ibfa4ba5f8c0beeca1f333f5be87c8ce8a0910ec9 Signed-off-by: Raef Coles <raef.coles@arm.com>
2020-10-05Boot: Harden critical path against fault attacksTamas Ban
Add fault attack mitigation measures to code which is vital for the correct validation of images. Change-Id: Iea12a6eac9c3f516ed8c96a6df44b7a4086dd7f5 Signed-off-by: Raef Coles <raef.coles@arm.com> Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-10-02Build: Fix CC312 init skip issue on Musca-B1/S1Tamas Ban
Accidentally the initialization of CC312 crypto accelerator was skipped on Musca boards. Therefore at execution the CPU stuck in an infinite loop. Signed-off-by: Tamas Ban <tamas.ban@arm.com> Change-Id: I29e8c8b1ace300a7d44efb1dcd1ffe86e1becb21
2020-09-24Build: Convert musca_a target to modern cmakeBalint Matyi
Add cmake files to musca_a target directory. Alter scatter files to remove preprocessor shebang. Alter header files where include paths have changed. WARNING: This change will not build in isolation, it requires _all_ other cmake changes to successfully build. It is split out only for ease of understanding. Signed-off-by: Raef Coles <raef.coles@arm.com> Signed-off-by: Balint Matyi <Balint.Matyi@arm.com> Change-Id: Icde58c51a248d680a8a00a9516f15f86906a0e57
2020-09-24Build: Convert platform dir to modern cmakeRaef Coles
Rewrite cmake files inside the platform directory. Removed generated files as they are now generated into the build tree. Move Mbed Crypto config files to lib/ext/mbedcrypto. Alter header includes where include paths have changed. WARNING: This change will not build in isolation, it requires _all_ other cmake changes to successfully build. It is split out only for clarity of changes. Change-Id: I54c6ec5e0256032450260a1b0ac9702bc8ca3700 Signed-off-by: Raef Coles <raef.coles@arm.com>