Crypto: Link persistent key to ITS
When mbed-crypto is the only caller of ITS service, builds with
GNUARM fail since mbed-crypto persistent key cannot link to ITS
service.
Add an explicity link to ITS in TF-M Crypto target to fix the
GNUARM build issue.
Also switch the order of Crypto and ITS service in linking. Add a
note to recommend to add explicity link dependency for complex
dependency cases.
Change-Id: I5f0b2cd0af9812f66ab0374b9a1a719ebe675a4e
Signed-off-by: David Hu <david.hu@arm.com>
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index ede7016..cd4273d 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -230,6 +230,10 @@
# If the a library has some symbols that are defined in the library which is linked before it,
# it will not cause the linker to search again.
# So please put a library before what it relies on.
+ # If the link dependency is complicated or it is difficult to sort out link
+ # dependency by only adjusting the order, it is recommended to explicitly
+ # add the dependency in the dedicated CMake file of corresponding module, to
+ # simplify the ordering and avoid any potential linking issue.
if (CORE_TEST OR TFM_PARTITION_TEST_SECURE_SERVICES)
target_link_libraries(${EXE_NAME} tfm_secure_tests)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
@@ -245,16 +249,16 @@
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_SECURE_STORAGE")
endif()
- if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
- target_link_libraries(${EXE_NAME} tfm_internal_trusted_storage)
- embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_INTERNAL_TRUSTED_STORAGE")
- endif()
-
if (TFM_PARTITION_CRYPTO)
target_link_libraries(${EXE_NAME} tfm_crypto)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_CRYPTO")
endif()
+ if (TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ target_link_libraries(${EXE_NAME} tfm_internal_trusted_storage)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_INTERNAL_TRUSTED_STORAGE")
+ endif()
+
if (TFM_PARTITION_AUDIT_LOG)
target_link_libraries(${EXE_NAME} tfm_audit)
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_AUDIT_LOG")
diff --git a/secure_fw/services/crypto/CMakeLists.inc b/secure_fw/services/crypto/CMakeLists.inc
index 7fb6a85..c6bb1f8 100644
--- a/secure_fw/services/crypto/CMakeLists.inc
+++ b/secure_fw/services/crypto/CMakeLists.inc
@@ -77,12 +77,18 @@
else()
message("- CRYPTO_CONC_OPER_NUM: " ${CRYPTO_CONC_OPER_NUM})
endif()
+
if (NOT DEFINED CRYPTO_KEY_MODULE_DISABLED)
message("- KEY module enabled")
set(CRYPTO_KEY_MODULE_DISABLED 0)
else()
message("- CRYPTO_KEY_MODULE_DISABLED: " ${CRYPTO_KEY_MODULE_DISABLED})
endif()
+ if (NOT CRYPTO_KEY_MODULE_DISABLED AND
+ NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+ message(FATAL_ERROR "Internal trusted storage should be enabled for persistent key storage")
+ endif()
+
if (NOT DEFINED CRYPTO_AEAD_MODULE_DISABLED)
message("- AEAD module enabled")
set(CRYPTO_AEAD_MODULE_DISABLED 0)
diff --git a/secure_fw/services/crypto/CMakeLists.txt b/secure_fw/services/crypto/CMakeLists.txt
index 8e54cc8..89044fd 100644
--- a/secure_fw/services/crypto/CMakeLists.txt
+++ b/secure_fw/services/crypto/CMakeLists.txt
@@ -130,6 +130,11 @@
endif()
endif()
+#Persistent key requires ITS service
+if (NOT CRYPTO_KEY_MODULE_DISABLED)
+ target_link_libraries(tfm_crypto PRIVATE tfm_internal_trusted_storage)
+endif()
+
#Set common compiler and linker flags
config_setting_shared_compiler_flags(tfm_crypto)
config_setting_shared_linker_flags(tfm_crypto)