CMake: link TF-M for both memory partition
This patch introduces the MCUBOOT_NO_SWAP compiler switch:
- Default value is False to preserve swapping functionality to be
default
- When disabling it then TF-M is built in one instance:
- tfm_sign.bin: linked to run in XIP mode from slot 0 memory
partition
- When enabling it then TF-M is built in two instances:
- tfm_sign_0.bin: linked to run in XIP mode from slot 0 memory
partition
- tfm_sign_1.bin: linked to run in XIP mode from slot 1 memory
partition
Change-Id: I2757601295c80a42aba351a6d89c17f78dad3a0f
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Co-Authored-By: Mate Toth-Pal <mate.toth-pal@arm.com>
Co-Authored-By: Gyorgy Szing <Gyorgy.Szing@arm.com>
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index aea79d7..f451e49 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -18,15 +18,15 @@
project(tfm_s LANGUAGES ASM C)
embedded_project_fixup()
-set (SECURE_FW_DIR "${CMAKE_CURRENT_LIST_DIR}")
-set (TFM_ROOT_DIR "${SECURE_FW_DIR}/..")
-set (TEST_DIR "${TFM_ROOT_DIR}/test")
-set (INTERFACE_DIR "${TFM_ROOT_DIR}/interface")
+set(SECURE_FW_DIR "${CMAKE_CURRENT_LIST_DIR}")
+set(TFM_ROOT_DIR "${SECURE_FW_DIR}/..")
+set(TEST_DIR "${TFM_ROOT_DIR}/test")
+set(INTERFACE_DIR "${TFM_ROOT_DIR}/interface")
if(CORE_TEST)
- set (TFM_LVL 3)
+ set(TFM_LVL 3)
else()
- set (TFM_LVL 1)
+ set(TFM_LVL 1)
endif()
include(${SECURE_FW_DIR}/spm/CMakeLists.inc)
@@ -56,102 +56,195 @@
endif()
embedded_set_target_linker_file(TARGET ${PROJECT_NAME} PATH "${S_SCATTER_FILE_NAME}")
-if(NOT DEFINED PLATFORM_LINK_INCLUDES)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
-endif()
-embedded_set_target_link_includes(TARGET ${PROJECT_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
-
embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+#Create an object library to avoid compiling all source files twice, when two executables
+#with different memory map need to be linked(BL2 non-swapping)
+set(PROJECT_OBJ_LIB ${PROJECT_NAME}_obj_lib)
+add_library(${PROJECT_OBJ_LIB} OBJECT ${ALL_SRC_C} ${ALL_SRC_C_S} ${ALL_SRC_ASM_S})
-#Specify what we build
-add_executable(${PROJECT_NAME} ${ALL_SRC_C} ${ALL_SRC_C_S} ${ALL_SRC_ASM_S})
+#Set common compiler flags
+config_setting_shared_compiler_flags(${PROJECT_OBJ_LIB})
+
+if (CORE_TEST)
+ embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES TFM_CORE_DEBUG TFM_PARTITION_TEST_CORE APPEND)
+endif()
+
+#Set include directories
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+
+# For the non-swapping BL2 configuration two executables need to be built.
+# One can be executed from flash partition slot_0 and other from slot_1.
+# Only the linking phase is different. This function captures common settings
+# and eliminates copy-paste.
+function(set_up_secure_fw_build)
+ set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
+ set( _ONE_VALUE_ARGS S_TARGET VENEER_NAME POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
+ set( _MULTI_VALUE_ARGS LINK_DEFINES) #List arguments (e.g. LANGUAGES C ASM CXX)
+ cmake_parse_arguments(_MY_PARAMS "${_OPTIONS_ARGS}" "${_ONE_VALUE_ARGS}" "${_MULTI_VALUE_ARGS}" ${ARGN})
+
+ if (NOT DEFINED _MY_PARAMS_S_TARGET)
+ message(FATAL_ERROR "set_up_secure_fw_build(): mandatory parameter 'S_TARGET' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_VENEER_NAME)
+ message(FATAL_ERROR "set_up_secure_fw_build(): mandatory parameter 'VENEER_NAME' missing.")
+ endif()
+
+ set(EXE_NAME ${_MY_PARAMS_S_TARGET}${_MY_PARAMS_POSTFIX})
+ set(VENEER_NAME ${_MY_PARAMS_VENEER_NAME}${_MY_PARAMS_POSTFIX}.o)
+
+ #Create linker target: add object library to executable
+ add_executable(${EXE_NAME} $<TARGET_OBJECTS:${PROJECT_OBJ_LIB}>)
+
+ #Set common linker flags
+ config_setting_shared_linker_flags(${EXE_NAME})
+
+ #Indicates to secure target(s) already created
+ set(TARGET_TFM_S_EXISTED True PARENT_SCOPE)
+
+ #Set individual linker flags per linker target/executable
+ foreach(flag ${_MY_PARAMS_LINK_DEFINES})
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "${flag}")
+ endforeach(flag)
+
+ embedded_set_target_linker_file(TARGET ${EXE_NAME} PATH "${S_SCATTER_FILE_NAME}")
+
+ add_dependencies(${EXE_NAME} tfm_storage)
+ add_dependencies(${EXE_NAME} tfm_audit)
+ add_dependencies(${EXE_NAME} tfm_secure_tests)
+
+ #Set macro definitions for the project.
+ embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} DAUTH_CHIP_DEFAULT APPEND)
+
+ if (REGRESSION OR CORE_TEST)
+ #The test service veneers may not be referenced in the secure binary so the
+ #veneer objects are explicitly loaded from the secure tests library.
+ if(${COMPILER} STREQUAL "ARMCLANG")
+ target_link_libraries(${EXE_NAME} tfm_storage tfm_audit $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_secure_tests)
+ elseif(${COMPILER} STREQUAL "GNUARM")
+ target_link_libraries(${EXE_NAME} -Wl,--whole-archive tfm_secure_tests -Wl,--no-whole-archive tfm_storage tfm_audit)
+ else()
+ message(FATAL_ERROR "unknown compiler" )
+ endif()
+ else()
+ target_link_libraries(${EXE_NAME} tfm_storage tfm_audit)
+ endif()
+
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
+
+ if (NOT DEFINED TFM_PARTITION_TEST_CORE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
+ elseif (TFM_PARTITION_TEST_CORE)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SST)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
+ elseif (TFM_PARTITION_TEST_SST)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
+ elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+ endif()
+
+ if (NOT DEFINED BL2)
+ message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
+ elseif (BL2)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "BL2")
+ endif()
+
+ if(CORE_TEST)
+ set(SECURE_AXF_DIR_PREFIX "${CMAKE_BINARY_DIR}/unit_test/")
+ set_target_properties(${EXE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${SECURE_AXF_DIR_PREFIX})
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+ endif()
+
+ if(NOT DEFINED PLATFORM_LINK_INCLUDES)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
+ endif()
+ embedded_set_target_link_includes(TARGET ${EXE_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
+
+ #Generate binary file from executable
+ compiler_generate_binary_output(${EXE_NAME})
+
+ #Configure where we put the CMSE veneers generated by the compiler.
+ if (DEFINED S_VENEER_FILE_LOCATION)
+ set(S_VENEER_FILE "${S_VENEER_FILE_LOCATION}/${VENEER_NAME}")
+ else()
+ set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/${VENEER_NAME}")
+ endif()
+ compiler_set_cmse_output(${EXE_NAME} "${S_VENEER_FILE}")
+
+ #Configure what file shall be installed.
+ #Set install location. Keep original value to avoid overriding command line settings.
+ if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for secure_fw." FORCE)
+ endif()
+
+ install(DIRECTORY ${TFM_ROOT_DIR}/interface/include/
+ DESTINATION tfm/inc)
+
+ install(DIRECTORY ${TFM_ROOT_DIR}/interface/src/
+ DESTINATION tfm/src)
+
+ install(FILES ${S_VENEER_FILE} DESTINATION tfm/veneers)
+
+ #Collect executables to common location: build/install/outputs/
+ if (DEFINED SECURE_AXF_DIR_PREFIX)
+ set(MY_BINARY_DIR ${SECURE_AXF_DIR_PREFIX})
+ else()
+ set(MY_BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR})
+ endif()
+
+ install(FILES ${MY_BINARY_DIR}/${EXE_NAME}.axf
+ ${MY_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/${TARGET_PLATFORM}/)
+
+ install(FILES ${MY_BINARY_DIR}/${EXE_NAME}.axf
+ ${MY_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/fvp/)
+endfunction()
#Adds the test directory
add_subdirectory(${TFM_ROOT_DIR}/test ${CMAKE_BINARY_DIR}/test)
#Add the secure storage library target
add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
+
#Add the audit logging library target
add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
-add_dependencies(${PROJECT_NAME} tfm_storage)
-add_dependencies(${PROJECT_NAME} tfm_audit)
-add_dependencies(${PROJECT_NAME} tfm_secure_tests)
+if (LINK_TO_BOTH_MEMORY_REGION)
+ #Link to primary memory region
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ VENEER_NAME s_veneers
+ POSTFIX "_0")
-#Set macro definitions for the project.
-embedded_set_target_compile_defines(TARGET ${PROJECT_NAME} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} DAUTH_CHIP_DEFAULT APPEND)
-
-if (REGRESSION OR CORE_TEST)
- #The test service veneers may not be referenced in the secure binary so the
- #veneer objects are explicitly loaded from the secure tests library.
- if(${COMPILER} STREQUAL "ARMCLANG")
- target_link_libraries(${PROJECT_NAME} tfm_storage tfm_audit $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_secure_tests)
- elseif(${COMPILER} STREQUAL "GNUARM")
- target_link_libraries(${PROJECT_NAME} -Wl,--whole-archive tfm_secure_tests -Wl,--no-whole-archive tfm_storage tfm_audit)
- else()
- message(FATAL_ERROR "unknown compiler" )
- endif()
+ #Link to secondary memory region(add extra linker flag)
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ LINK_DEFINES "LINK_TO_SECONDARY_PARTITION"
+ VENEER_NAME s_veneers
+ POSTFIX "_1")
else()
- target_link_libraries(${PROJECT_NAME} tfm_storage tfm_audit)
+ #Link to primary memory region only
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ VENEER_NAME s_veneers)
endif()
-embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
-
-if (NOT DEFINED TFM_PARTITION_TEST_CORE)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
-elseif (TFM_PARTITION_TEST_CORE)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+#Finally let CMake system apply changes after the whole project is defined.
+if (TARGET ${PROJECT_NAME})
+ embedded_project_end(${PROJECT_NAME})
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_SST)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
-elseif (TFM_PARTITION_TEST_SST)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+if (TARGET ${PROJECT_NAME}_0)
+ embedded_project_end(${PROJECT_NAME}_0)
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
-elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+if (TARGET ${PROJECT_NAME}_1)
+ embedded_project_end(${PROJECT_NAME}_1)
endif()
-if (NOT DEFINED BL2)
- message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
-elseif (BL2)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "BL2")
-endif()
-
-if(CORE_TEST)
- embedded_set_target_compile_defines(TARGET ${PROJECT_NAME} LANGUAGE C DEFINES TFM_CORE_DEBUG TFM_PARTITION_TEST_CORE APPEND)
- set(SECURE_AXF_DIR_PREFIX "${CMAKE_BINARY_DIR}/unit_test/")
- set_target_properties(${PROJECT_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${SECURE_AXF_DIR_PREFIX})
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
-endif()
-
-#Generate binary file from axf
-compiler_generate_binary_output(${PROJECT_NAME})
-
-#Configure where we put the CMSE veneers generated by the compiler.
-if (NOT DEFINED S_VENEER_FILE)
- set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/s_veneers.o")
-endif()
-compiler_set_cmse_output(${PROJECT_NAME} "${S_VENEER_FILE}")
-
-#Configure what file shall be installed.
-#Set install location. Keep original value to avoid overriding command line
-#settings.
-if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
- SET(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for secure_fw." FORCE)
-endif()
-
-install(DIRECTORY ${TFM_ROOT_DIR}/interface/include/
- DESTINATION tfm/inc)
-
-install(DIRECTORY ${TFM_ROOT_DIR}/interface/src/
- DESTINATION tfm/src)
-
-install(FILES ${S_VENEER_FILE}
- DESTINATION tfm/veneers)
-
-#Finally let cmake system apply changes after the whole project is defined.
-embedded_project_end(${PROJECT_NAME})
+embedded_project_end(${PROJECT_OBJ_LIB})