Build: Use BL2 keys for NS signing from api_ns
Instead of using them from the TF-M source tree
Change-Id: Ie9cbc11c3868794058a318d21867334cbcd0b1f5
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/cmake/install.cmake b/cmake/install.cmake
index fbb9783..8066af6 100644
--- a/cmake/install.cmake
+++ b/cmake/install.cmake
@@ -176,28 +176,27 @@
if (MCUBOOT_ENC_IMAGES)
install(FILES ${MCUBOOT_KEY_ENC}
+ RENAME image_enc_key.pem
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
endif()
- if (PLATFORM_DEFAULT_IMAGE_SIGNING)
- install(FILES $<TARGET_OBJECTS:signing_layout_s>
+ install(FILES $<TARGET_OBJECTS:signing_layout_s>
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_S}
+ install(FILES ${MCUBOOT_KEY_S}
+ RENAME image_s_signing_private_key.pem
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- install(FILES $<TARGET_FILE_DIR:bl2>/image_s_signing_public_key.pem
+ install(FILES $<TARGET_FILE_DIR:bl2>/image_s_signing_public_key.pem
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- if(MCUBOOT_IMAGE_NUMBER GREATER 1)
- install(FILES $<TARGET_OBJECTS:signing_layout_ns>
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_NS}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- install(FILES $<TARGET_FILE_DIR:bl2>/image_ns_signing_public_key.pem
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- endif()
- endif()
- install(FILES ${MCUBOOT_KEY_NS} ${MCUBOOT_KEY_S}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
+ if(MCUBOOT_IMAGE_NUMBER GREATER 1)
+ install(FILES $<TARGET_OBJECTS:signing_layout_ns>
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
+ install(FILES ${MCUBOOT_KEY_NS}
+ RENAME image_ns_signing_private_key.pem
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys/)
+ install(FILES $<TARGET_FILE_DIR:bl2>/image_ns_signing_public_key.pem
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
+ endif()
endif()
if(TFM_PARTITION_FIRMWARE_UPDATE)
diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake
index 75e2e11..fa6d4e0 100644
--- a/cmake/spe-CMakeLists.cmake
+++ b/cmake/spe-CMakeLists.cmake
@@ -114,7 +114,7 @@
COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
--version ${MCUBOOT_IMAGE_VERSION_NS}
--layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
- --key ${MCUBOOT_KEY_NS}
+ --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_ns_signing_private_key.pem
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
--align ${MCUBOOT_ALIGN_VAL}
--pad
@@ -123,11 +123,11 @@
-s ${MCUBOOT_SECURITY_COUNTER_NS}
-L ${MCUBOOT_ENC_KEY_LEN}
-d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
- $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
$<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
$<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
- $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
$<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
+ $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
tfm_ns_signed.bin
COMMAND ${CMAKE_COMMAND} -E copy tfm_ns_signed.bin ${CMAKE_BINARY_DIR}/bin
)
@@ -179,7 +179,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
--version ${MCUBOOT_IMAGE_VERSION_S}
--layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
- --key ${MCUBOOT_KEY_S}
+ --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_s_signing_private_key.pem
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
--align ${MCUBOOT_ALIGN_VAL}
--pad
@@ -189,7 +189,7 @@
-L ${MCUBOOT_ENC_KEY_LEN}
$<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
$<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
- $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
$<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
tfm_s_ns.bin
tfm_s_ns_signed.bin