commit 1e863233251f3d32c57f6313aed4daa6dc6cfd1f
author David Hu <david.hu@arm.com> Fri May 01 20:16:07 2020 +0800
committer David Hu <david.hu@arm.com> Mon May 11 16:05:29 2020 +0800
tree 78124ee6497db5acadf3f495300a8a72b05fe513
parent ddc1064960088add2d6083180ef7fe9200aabd4b

Crypto: Link persistent key to ITS

When mbed-crypto is the only caller of ITS service, builds with
GNUARM fail since mbed-crypto persistent key cannot link to ITS
service.

Add an explicity link to ITS in TF-M Crypto target to fix the
GNUARM build issue.
Also switch the order of Crypto and ITS service in linking. Add a
note to recommend to add explicity link dependency for complex
dependency cases.

Change-Id: I5f0b2cd0af9812f66ab0374b9a1a719ebe675a4e
Signed-off-by: David Hu <david.hu@arm.com>

secure_fw/services/crypto/CMakeLists.inc

diff --git a/secure_fw/services/crypto/CMakeLists.inc b/secure_fw/services/crypto/CMakeLists.inc
index 7fb6a85..c6bb1f8 100644
--- a/secure_fw/services/crypto/CMakeLists.inc
+++ b/secure_fw/services/crypto/CMakeLists.inc
@@ -77,12 +77,18 @@
   else()
     message("- CRYPTO_CONC_OPER_NUM: " ${CRYPTO_CONC_OPER_NUM})
   endif()
+
   if (NOT DEFINED CRYPTO_KEY_MODULE_DISABLED)
     message("- KEY module enabled")
     set(CRYPTO_KEY_MODULE_DISABLED 0)
   else()
     message("- CRYPTO_KEY_MODULE_DISABLED: " ${CRYPTO_KEY_MODULE_DISABLED})
   endif()
+  if (NOT CRYPTO_KEY_MODULE_DISABLED AND
+      NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
+    message(FATAL_ERROR "Internal trusted storage should be enabled for persistent key storage")
+  endif()
+
   if (NOT DEFINED CRYPTO_AEAD_MODULE_DISABLED)
     message("- AEAD module enabled")
     set(CRYPTO_AEAD_MODULE_DISABLED 0)