Build: Split build v2 for an521 platform
Please refer to the updated Regression tests in tf-m-tests repository
in "feature-build-split-v2" branch for an example of how to use
Split build.
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Signed-off-by: Dávid Házi <david.hazi@arm.com>
Change-Id: Ie07541b95ad38e38115a1d59544707035fd4c1d6
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 51f61c0..1ec4f61 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -139,25 +139,6 @@
platform_bl2
)
- if(NS)
- add_custom_target(tfm_s_ns_bin
- SOURCES tfm_s_ns.bin
- )
- add_custom_command(OUTPUT tfm_s_ns.bin
- DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
- DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- DEPENDS tfm_s_bin tfm_ns_bin
- DEPENDS signing_layout_s
-
- COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
- --layout $<TARGET_OBJECTS:signing_layout_s>
- -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
- -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- -o tfm_s_ns.bin
- COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
- )
- endif()
-
add_custom_target(tfm_s_signed_bin
SOURCES tfm_s_signed.bin
)
@@ -211,91 +192,9 @@
platform_bl2
)
- if(NS)
- add_custom_target(tfm_ns_signed_bin
- SOURCES tfm_ns_signed.bin
- )
- add_custom_command(OUTPUT tfm_ns_signed.bin
- DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- DEPENDS tfm_ns_bin signing_layout_ns
- DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
- WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
-
- #Sign non-secure binary image with provided secret key
- COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
- -v ${MCUBOOT_IMAGE_VERSION_NS}
- --layout $<TARGET_OBJECTS:signing_layout_ns>
- -k ${MCUBOOT_KEY_NS}
- --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
- --align ${MCUBOOT_ALIGN_VAL}
- --pad
- --pad-header
- -H ${BL2_HEADER_SIZE}
- -s ${MCUBOOT_SECURITY_COUNTER_NS}
- -L ${MCUBOOT_ENC_KEY_LEN}
- -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
- $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
- $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
- $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
- $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
- ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
- COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
- )
- endif()
-
- if(NS)
- add_custom_target(tfm_s_ns_signed_bin
- SOURCES tfm_s_ns_signed.bin
- )
- if (MCUBOOT_IMAGE_NUMBER GREATER 1)
- add_custom_command(OUTPUT tfm_s_ns_signed.bin
- DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
- DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- DEPENDS signing_layout_s
-
- # Create concatenated binary image from the two independently signed
- # binary file. This only uses the local assemble.py script (not from
- # upstream mcuboot) because that script is geared towards zephyr
- # support
- COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
- --layout $<TARGET_OBJECTS:signing_layout_s>
- -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
- -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
- -o tfm_s_ns_signed.bin
- COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
- )
- else()
- add_custom_command(OUTPUT tfm_s_ns_signed.bin
- WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
- DEPENDS tfm_s_ns_bin tfm_s_ns.bin
- DEPENDS signing_layout_s
- DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
-
- COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
- -v ${MCUBOOT_IMAGE_VERSION_S}
- --layout $<TARGET_OBJECTS:signing_layout_s>
- -k ${MCUBOOT_KEY_S}
- --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
- --align ${MCUBOOT_ALIGN_VAL}
- --pad
- --pad-header
- -H ${BL2_HEADER_SIZE}
- -s ${MCUBOOT_SECURITY_COUNTER_S}
- -L ${MCUBOOT_ENC_KEY_LEN}
- $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
- $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
- $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
- $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
- ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
- ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
- COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
- )
- endif()
- endif()
-
add_custom_target(signed_images
ALL
- DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
+ DEPENDS tfm_s_signed_bin
)
+
endif()
diff --git a/cmake/install.cmake b/cmake/install.cmake
index 43f8cb1..46d3782 100644
--- a/cmake/install.cmake
+++ b/cmake/install.cmake
@@ -8,7 +8,7 @@
#-------------------------------------------------------------------------------
install(DIRECTORY ${CMAKE_BINARY_DIR}/bin/
- DESTINATION ${TFM_INSTALL_PATH}/outputs
+ DESTINATION outputs
)
set(INTERFACE_INC_DIR ${CMAKE_SOURCE_DIR}/interface/include)
@@ -17,6 +17,8 @@
set(INSTALL_INTERFACE_INC_DIR ${TFM_INSTALL_PATH}/interface/include)
set(INSTALL_INTERFACE_SRC_DIR ${TFM_INSTALL_PATH}/interface/src)
set(INSTALL_INTERFACE_LIB_DIR ${TFM_INSTALL_PATH}/interface/lib)
+set(INSTALL_PLATFORM_NS_DIR ${TFM_INSTALL_PATH}/platform)
+set(INSTALL_CMAKE_DIR ${TFM_INSTALL_PATH}/cmake)
# export veneer lib
if (CONFIG_TFM_USE_TRUSTZONE)
@@ -170,25 +172,33 @@
if(BL2)
install(DIRECTORY bl2/ext/mcuboot/scripts
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR})
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}
+ PATTERN "scripts/*.py"
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ PATTERN "scripts/wrapper/*.py"
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ)
+
+ install(DIRECTORY ${MCUBOOT_PATH}/scripts/imgtool
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/scripts)
if (MCUBOOT_ENC_IMAGES)
install(FILES ${MCUBOOT_KEY_ENC}
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
endif()
- if (PLATFORM_DEFAULT_IMAGE_SIGNING)
- install(FILES $<TARGET_OBJECTS:signing_layout_s>
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_S}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- if(MCUBOOT_IMAGE_NUMBER GREATER 1)
- install(FILES $<TARGET_OBJECTS:signing_layout_ns>
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_NS}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- endif()
+ # unconditionally install all necessary files for optional signing
+ install(FILES $<TARGET_OBJECTS:signing_layout_s>
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
+
+ if(MCUBOOT_IMAGE_NUMBER GREATER 1)
+ install(FILES $<TARGET_OBJECTS:signing_layout_ns>
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
endif()
+
+ install(FILES ${MCUBOOT_KEY_NS} ${MCUBOOT_KEY_S}
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
endif()
if(TFM_PARTITION_FIRMWARE_UPDATE)
@@ -196,9 +206,74 @@
DESTINATION ${INSTALL_INTERFACE_SRC_DIR})
endif()
-###################### Install for NS regression tests #########################
+###################### Install NS platform sources #############################
-include(${CMAKE_SOURCE_DIR}/lib/ext/tf-m-tests/install.cmake)
+install(CODE "MESSAGE(\"----- Installing platform NS -----\")")
+
+install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${PLATFORM_DIR}/ext/common/armclang/tfm_common_ns.sct
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${PLATFORM_DIR}/ext/common/iar/tfm_common_ns.icf
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY ${PLATFORM_DIR}/ext/cmsis
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${CMAKE_SOURCE_DIR}/cmake/spe-CMakeLists.cmake
+ DESTINATION ${TFM_INSTALL_PATH}
+ RENAME CMakeLists.txt)
+
+install(FILES ${PLATFORM_DIR}/ns/toolchain_ns_GNUARM.cmake
+ DESTINATION ${INSTALL_CMAKE_DIR})
+
+# copy all files from active platform directory
+install(DIRECTORY ${TARGET_PLATFORM_PATH}/ns/
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR} OPTIONAL)
+
+# Export platform abilities
+install(FILES ${TARGET_PLATFORM_PATH}/config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR} OPTIONAL)
+
+install(FILES
+ ${CMAKE_SOURCE_DIR}/lib/fih/inc/fih.h
+ ${PLATFORM_DIR}/include/tfm_plat_ns.h
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include)
+
+if (TARGET psa_crypto_config)
+# FIXIT: This is a temporal patch to reduce the change scope and simplify review.
+# In the future we shall decouple this target from tfm_config becuase
+# "psa_crypto_config" target exists not in all configurations.
+# Functionally "psa_crypto_config" provides only include path for Crypto accelerator.
+install(TARGETS tfm_config psa_crypto_config psa_interface
+ DESTINATION ${TFM_INSTALL_PATH}
+ EXPORT tfm-config
+ )
+else()
+ install(TARGETS tfm_config psa_interface
+ DESTINATION ${TFM_INSTALL_PATH}
+ EXPORT tfm-config
+ )
+endif()
+
+target_include_directories(psa_interface
+ INTERFACE
+ $<INSTALL_INTERFACE:interface/include>
+ )
+
+install(EXPORT tfm-config
+ FILE spe_export.cmake
+ DESTINATION ${INSTALL_CMAKE_DIR})
+
+configure_file(${CMAKE_SOURCE_DIR}/config/spe_config.cmake.in
+ ${INSTALL_CMAKE_DIR}/spe_config.cmake @ONLY)
##################### Platform-specific installation ###########################
include(${TARGET_PLATFORM_PATH}/install.cmake OPTIONAL)
+
+###################### Install for NS regression tests #########################
+
+include(${CMAKE_SOURCE_DIR}/lib/ext/tf-m-tests/install.cmake OPTIONAL)
+
diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake
new file mode 100644
index 0000000..1d92591
--- /dev/null
+++ b/cmake/spe-CMakeLists.cmake
@@ -0,0 +1,129 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+cmake_minimum_required(VERSION 3.15)
+
+# This CMake script is prepard by TF-M for building the non-secure side
+# application and not used in secure build a tree being for export only.
+# This file is renamed to spe/CMakeList.txt during installation phase
+
+include(spe_config)
+include(spe_export)
+
+set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
+target_link_libraries(tfm_config INTERFACE psa_interface)
+
+add_library(tfm_api_ns)
+
+file(GLOB spe_sources "interface/src/*.c")
+
+target_sources(tfm_api_ns
+ PRIVATE
+ ${spe_sources}
+ # NS specific implementation of NS interface dispatcher
+ $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c>
+)
+
+target_include_directories(tfm_api_ns
+ PUBLIC
+ interface/include
+)
+
+add_subdirectory(platform)
+
+target_link_libraries(tfm_api_ns
+ PUBLIC
+ platform_ns
+ tfm_config
+ $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
+)
+
+target_add_scatter_file()
+
+add_custom_target(tfm_ns_binaries
+ DEPENDS tfm_ns
+ COMMAND ${CMAKE_OBJCOPY} -O binary $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ COMMAND ${CMAKE_OBJCOPY} -O elf32-littlearm $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.elf
+ COMMAND ${CMAKE_OBJCOPY} -O ihex $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.hex
+)
+
+if (MCUBOOT_IMAGE_NUMBER GREATER 1)
+
+ add_custom_target(tfm_app_binaries
+ DEPENDS tfm_ns_binaries
+ DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
+
+ #Sign non-secure binary image with provided secret key
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
+ --version ${MCUBOOT_IMAGE_VERSION_NS}
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
+ --key ${MCUBOOT_KEY_NS}
+ --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
+ --align ${MCUBOOT_ALIGN_VAL}
+ --pad
+ --pad-header
+ -H ${BL2_HEADER_SIZE}
+ -s ${MCUBOOT_SECURITY_COUNTER_NS}
+ -L ${MCUBOOT_ENC_KEY_LEN}
+ -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
+ ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
+ $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
+ ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin
+
+ # Create concatenated binary image from the two independently signed
+ # binary file. This only uses the local assemble.py script (not from
+ # upstream mcuboot) because that script is geared towards zephyr
+ # support
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
+ --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s_signed.bin
+ --non_secure ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin
+ --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
+ # merge bootloader and application into Hex image for upload
+ COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/outputs/bl2.bin -Binary -offset 0xA000000
+ ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000
+ -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel
+ )
+else()
+
+ add_custom_target(tfm_app_binaries
+ DEPENDS tfm_ns_binaries
+ DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
+
+ # concatenate S + NS binaries into tfm_s_ns.bin
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
+ --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s.bin
+ --non_secure ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ --output ${CMAKE_BINARY_DIR}/tfm_s_ns.bin
+
+ # sign the combined tfm_s_ns.bin file
+ COMMAND ${Python3_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
+ --version ${MCUBOOT_IMAGE_VERSION_S}
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
+ --key ${MCUBOOT_KEY_S}
+ --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
+ --align ${MCUBOOT_ALIGN_VAL}
+ --pad
+ --pad-header
+ -H ${BL2_HEADER_SIZE}
+ -s ${MCUBOOT_SECURITY_COUNTER_S}
+ -L ${MCUBOOT_ENC_KEY_LEN}
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
+ $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
+ ${CMAKE_BINARY_DIR}/tfm_s_ns.bin
+ ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
+ )
+endif()
+
diff --git a/config/config_base.cmake b/config/config_base.cmake
old mode 100755
new mode 100644
index 110e9e0..e74d9ff
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -46,7 +46,6 @@
set(BL1 OFF CACHE BOOL "Whether to build BL1")
set(BL2 ON CACHE BOOL "Whether to build BL2")
-set(NS ON CACHE BOOL "Whether to build NS app")
set(NS_EVALUATION_APP_PATH "" CACHE PATH "Path to TFM NS Evaluation Application")
set(TEST_S OFF CACHE BOOL "Whether to build S regression tests")
@@ -149,7 +148,14 @@
set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH "" CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
-################################################################################
+########################## MCUBoot signing #####################################
+
+if (CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS)
+ set(MCUBOOT_MEASURED_BOOT ON)
+else()
+ set(MCUBOOT_MEASURED_BOOT OFF)
+endif()
+
################################################################################
# Specifying the accepted values for certain configuration options to facilitate
diff --git a/config/post_config.cmake b/config/post_config.cmake
index 66a9d9c..05e9e40 100644
--- a/config/post_config.cmake
+++ b/config/post_config.cmake
@@ -58,5 +58,5 @@
target_include_directories(tfm_config
INTERFACE
- ${CMAKE_CURRENT_LIST_DIR}
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_LIST_DIR}>
)
diff --git a/config/spe_config.cmake.in b/config/spe_config.cmake.in
new file mode 100644
index 0000000..945d7b9
--- /dev/null
+++ b/config/spe_config.cmake.in
@@ -0,0 +1,63 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# This CMake script template contains the set of options settled on secure side
+# build but necessary for building the non-secure side too.
+
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE @TFM_PARTITION_INTERNAL_TRUSTED_STORAGE@ CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_CRYPTO @TFM_PARTITION_CRYPTO@ CACHE BOOL "Enable Crypto partition")
+set(TFM_PARTITION_INITIAL_ATTESTATION @TFM_PARTITION_INITIAL_ATTESTATION@ CACHE BOOL "Enable Initial Attestation partition")
+set(TFM_PARTITION_PROTECTED_STORAGE @TFM_PARTITION_PROTECTED_STORAGE@ CACHE BOOL "Enable Protected Storage partition")
+set(TFM_PARTITION_PLATFORM @TFM_PARTITION_PLATFORM@ CACHE BOOL "Enable Platform partition")
+set(TFM_PARTITION_FIRMWARE_UPDATE @TFM_PARTITION_FIRMWARE_UPDATE@ CACHE BOOL "Enable firmware update partition")
+
+# The options necessary for signing the final image
+set(BL2 @BL2@)
+set(BL2_HEADER_SIZE @BL2_HEADER_SIZE@)
+set(BL2_TRAILER_SIZE @BL2_TRAILER_SIZE@)
+set(MCUBOOT_IMAGE_NUMBER @MCUBOOT_IMAGE_NUMBER@)
+set(MCUBOOT_CONFIRM_IMAGE @MCUBOOT_CONFIRM_IMAGE@)
+set(MCUBOOT_ENC_IMAGES @MCUBOOT_ENC_IMAGES@)
+set(MCUBOOT_ENC_KEY_LEN @MCUBOOT_ENC_KEY_LEN@)
+set(MCUBOOT_MEASURED_BOOT @MCUBOOT_MEASURED_BOOT@)
+set(MCUBOOT_ALIGN_VAL @MCUBOOT_ALIGN_VAL@)
+set(MCUBOOT_UPGRADE_STRATEGY @MCUBOOT_UPGRADE_STRATEGY@)
+set(MCUBOOT_S_IMAGE_MIN_VER @MCUBOOT_S_IMAGE_MIN_VER@)
+
+set(MCUBOOT_MEASURED_BOOT @MCUBOOT_MEASURED_BOOT@)
+set(MCUBOOT_HW_KEY @MCUBOOT_HW_KEY@)
+
+set(MCUBOOT_SECURITY_COUNTER_S @MCUBOOT_SECURITY_COUNTER_S@)
+set(MCUBOOT_IMAGE_VERSION_S @MCUBOOT_IMAGE_VERSION_S@)
+set(MCUBOOT_KEY_S ${CONFIG_SPE_PATH}/image_signing/keys/root-RSA-3072.pem)
+
+set(MCUBOOT_SECURITY_COUNTER_NS @MCUBOOT_SECURITY_COUNTER_NS@)
+set(MCUBOOT_IMAGE_VERSION_NS @MCUBOOT_IMAGE_VERSION_NS@)
+set(MCUBOOT_KEY_NS ${CONFIG_SPE_PATH}/image_signing/keys/root-RSA-3072_1.pem)
+
+# The common options describing a platfomr configuration
+
+set(TFM_PLATFORM @TFM_PLATFORM@ CACHE STRING "Platform to build TF-M for. Must be either a relative path from [TF-M]/platform/ext/target, or an absolute path.")
+set(CONFIG_TFM_USE_TRUSTZONE @CONFIG_TFM_USE_TRUSTZONE@ CACHE BOOL "Use TrustZone")
+set(CONFIG_TFM_SPM_BACKEND @CONFIG_TFM_SPM_BACKEND@ CACHE STRING "The SPM backend")
+set(TFM_MULTI_CORE_TOPOLOGY @TFM_MULTI_CORE_TOPOLOGY@ CACHE BOOL "Platform has multi core")
+set(TFM_PARTITION_NS_AGENT_MAILBOX @TFM_PARTITION_NS_AGENT_MAILBOX@ CACHE BOOL "Enable the Mailbox agents")
+set(PLATFORM_DEFAULT_CRYPTO_KEYS @PLATFORM_DEFAULT_CRYPTO_KEYS@ CACHE BOOL "Use the default crypto keys")
+set(PSA_FRAMEWORK_HAS_MM_IOVEC @PSA_FRAMEWORK_HAS_MM_IOVEC@ CACHE BOOL "Enable the MM-IOVEC feature")
+set(TFM_ISOLATION_LEVEL @TFM_ISOLATION_LEVEL@ CACHE STRING "The TFM isolation level")
+
+#set(TFM_MULTI_CORE_NS_OS @TFM_MULTI_CORE_NS_OS@)
+#set(TFM_MULTI_CORE_NS_OS_MAILBOX_THREAD @TFM_MULTI_CORE_NS_OS_MAILBOX_THREAD@)
+
+# Testing related options.
+
+set(TEST_PSA_API @TEST_PSA_API@ CACHE STRING "Which (if any) of the PSA API tests should be compiled")
+
+# Other common options
+
+set(TFM_VERSION @TFM_VERSION@)
+set(TFM_NS_MANAGE_NSID @TFM_NS_MANAGE_NSID@)
diff --git a/interface/CMakeLists.txt b/interface/CMakeLists.txt
index f3434e2..2c431c6 100644
--- a/interface/CMakeLists.txt
+++ b/interface/CMakeLists.txt
@@ -28,9 +28,9 @@
target_include_directories(psa_interface
INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}/include
- ${CMAKE_BINARY_DIR}/generated/interface/include
- $<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:${CMAKE_CURRENT_SOURCE_DIR}/include/multi_core>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+ $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/generated/interface/include>
+ $<BUILD_INTERFACE:$<$<BOOL:${TFM_MULTI_CORE_TOPOLOGY}>:${CMAKE_CURRENT_SOURCE_DIR}/include/multi_core>>
)
target_link_libraries(psa_interface
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
old mode 100755
new mode 100644
index 6110a3a..017ed88
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -30,7 +30,7 @@
add_library(platform_crypto_keys STATIC)
endif()
-set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR})
+set(PLATFORM_DIR ${CMAKE_CURRENT_LIST_DIR} CACHE PATH "Path to platform directory")
add_subdirectory(ext/target/${TFM_PLATFORM} target)
diff --git a/platform/ext/accelerator/cc312/CMakeLists.txt b/platform/ext/accelerator/cc312/CMakeLists.txt
index a83c8b5..7ce28ba 100644
--- a/platform/ext/accelerator/cc312/CMakeLists.txt
+++ b/platform/ext/accelerator/cc312/CMakeLists.txt
@@ -219,7 +219,7 @@
target_include_directories(psa_crypto_config
INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
)
target_compile_options(crypto_service_cc312
diff --git a/platform/ext/target/arm/mps2/an521/CMakeLists.txt b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
index b404341..cbb6b50 100644
--- a/platform/ext/target/arm/mps2/an521/CMakeLists.txt
+++ b/platform/ext/target/arm/mps2/an521/CMakeLists.txt
@@ -39,33 +39,6 @@
$<$<AND:$<VERSION_EQUAL:${TFM_ISOLATION_LEVEL},3>,$<C_COMPILER_ID:IAR>>:${CMAKE_BINARY_DIR}/generated/platform/ext/common/iar/tfm_isolation_l3.icf>
)
-if(NS)
- target_sources(tfm_ns
- PRIVATE
- ${CMAKE_CURRENT_SOURCE_DIR}/cmsis_core/startup_an521.c
- )
- target_add_scatter_file(tfm_ns
- $<$<C_COMPILER_ID:ARMClang>:${PLATFORM_DIR}/ext/common/armclang/tfm_common_ns.sct>
- $<$<C_COMPILER_ID:GNU>:${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld>
- $<$<C_COMPILER_ID:IAR>:${PLATFORM_DIR}/ext/common/iar/tfm_common_ns.icf>
- )
- target_link_libraries(CMSIS_5_tfm_ns
- INTERFACE
- $<$<AND:$<C_COMPILER_ID:GNU>,$<OR:$<BOOL:${CONFIG_TFM_ENABLE_FP}>,$<BOOL:${CONFIG_TFM_ENABLE_MVE_FP}>>>:CMSIS_5_RTX_V8MMFN>
- $<$<AND:$<C_COMPILER_ID:GNU>,$<NOT:$<OR:$<BOOL:${CONFIG_TFM_ENABLE_FP}>,$<BOOL:${CONFIG_TFM_ENABLE_MVE_FP}>>>>:CMSIS_5_RTX_V8MMN>
- $<$<C_COMPILER_ID:ARMClang>:CMSIS_5_RTX_V8MMN>
- $<$<C_COMPILER_ID:IAR>:CMSIS_5_RTX_V8MMN>
- )
- target_compile_options(tfm_ns
- PUBLIC
- ${COMPILER_CP_FLAG}
- )
- target_link_options(tfm_ns
- PUBLIC
- ${LINKER_CP_OPTION}
- )
-endif()
-
if(BL2)
target_sources(bl2
PRIVATE
@@ -177,6 +150,7 @@
.
${PLATFORM_DIR}/..
native_drivers
+ native_drivers/timer_cmsdk
)
endif()
diff --git a/platform/ext/target/arm/mps2/an521/config.cmake b/platform/ext/target/arm/mps2/an521/config.cmake
index 399b55f..cf01611 100644
--- a/platform/ext/target/arm/mps2/an521/config.cmake
+++ b/platform/ext/target/arm/mps2/an521/config.cmake
@@ -23,7 +23,13 @@
set(BL2_TRAILER_SIZE 0x10400 CACHE STRING "Trailer size")
endif()
+# Paramters for PSA API tests
+
+set(PSA_API_TEST_TARGET an521 CACHE STRING "PSA_API_TARGET name")
+set(PSA_API_TEST_CPU_ARCH armv8m_ml CACHE STRING "NSPE CPU_ARCH for PSA tests")
+
# Platform-specific configurations
+
set(CONFIG_TFM_USE_TRUSTZONE ON)
set(TFM_MULTI_CORE_TOPOLOGY OFF)
diff --git a/platform/ext/target/arm/mps2/an521/install.cmake b/platform/ext/target/arm/mps2/an521/install.cmake
new file mode 100644
index 0000000..85a15a3
--- /dev/null
+++ b/platform/ext/target/arm/mps2/an521/install.cmake
@@ -0,0 +1,46 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+install(FILES ${PLATFORM_DIR}/ext/common/uart_stdout.c
+ ${TARGET_PLATFORM_PATH}/native_drivers/arm_uart_drv.c
+ ${TARGET_PLATFORM_PATH}/native_drivers/timer_cmsdk/timer_cmsdk.c
+ ${TARGET_PLATFORM_PATH}/cmsis_drivers/Driver_USART.c
+ ${TARGET_PLATFORM_PATH}/retarget/platform_retarget_dev.c
+ ${TARGET_PLATFORM_PATH}/cmsis_core/an521_ns_init.c
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY ${TARGET_PLATFORM_PATH}/cmsis_core
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY ${TARGET_PLATFORM_PATH}/retarget
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY ${PLATFORM_DIR}/ext/common
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include)
+
+install(DIRECTORY ${PLATFORM_DIR}/ext/driver
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include)
+
+install(FILES ${TARGET_PLATFORM_PATH}/partition/region_defs.h
+ ${TARGET_PLATFORM_PATH}/partition/flash_layout.h
+ ${TARGET_PLATFORM_PATH}/native_drivers/arm_uart_drv.h
+ ${TARGET_PLATFORM_PATH}/native_drivers/timer_cmsdk/timer_cmsdk.h
+ ${TARGET_PLATFORM_PATH}/native_drivers/mpc_sie200_drv.h
+ ${TARGET_PLATFORM_PATH}/native_drivers/ppc_sse200_drv.h
+ ${TARGET_PLATFORM_PATH}/retarget/platform_retarget.h
+ ${TARGET_PLATFORM_PATH}/retarget/platform_retarget_pins.h
+ ${TARGET_PLATFORM_PATH}/target_cfg.h
+ ${TARGET_PLATFORM_PATH}/device_cfg.h
+ ${TARGET_PLATFORM_PATH}/tfm_peripherals_def.h
+ ${TARGET_PLATFORM_PATH}/cmsis_driver_config.h
+ ${TARGET_PLATFORM_PATH}/RTE_Device.h
+ ${PLATFORM_DIR}/ext/common/uart_stdout.h
+ ${PLATFORM_DIR}/ext/driver/Driver_USART.h
+ ${PLATFORM_DIR}/ext/driver/Driver_Common.h
+ ${PLATFORM_DIR}/include/tfm_plat_defs.h
+ ${CMAKE_SOURCE_DIR}/lib/fih/inc/fih.h
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include)
diff --git a/platform/ext/target/arm/mps2/an521/ns/CMakeLists.txt b/platform/ext/target/arm/mps2/an521/ns/CMakeLists.txt
new file mode 100644
index 0000000..3714a5b
--- /dev/null
+++ b/platform/ext/target/arm/mps2/an521/ns/CMakeLists.txt
@@ -0,0 +1,46 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# This file is exported to NS side during CMake installation phase and renamed
+# to CMakeLists.txt. It instructs how to build a platform on non-secture side.
+# The structure and sources list are fully platform specific.
+
+add_library(platform_ns)
+
+target_sources(platform_ns
+ PRIVATE
+ arm_uart_drv.c
+ timer_cmsdk.c
+ uart_stdout.c
+ Driver_USART.c
+ cmsis_core/startup_an521.c
+ cmsis_core/system_core_init.c
+ retarget/platform_retarget_dev.c
+)
+
+target_include_directories(platform_ns
+ PRIVATE
+ retarget
+ PUBLIC
+ include
+ cmsis
+ cmsis_core
+)
+
+target_compile_definitions(platform_ns
+ PUBLIC
+ $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
+)
+
+if(${BL2})
+ target_compile_definitions(platform_ns
+ PUBLIC
+ BL2=${BL2}
+ BL2_HEADER_SIZE=${BL2_HEADER_SIZE}
+ BL2_TRAILER_SIZE=${BL2_TRAILER_SIZE}
+ )
+endif()
diff --git a/platform/ext/target/arm/mps2/an521/ns/toolchain_ext.cmake b/platform/ext/target/arm/mps2/an521/ns/toolchain_ext.cmake
new file mode 100644
index 0000000..079814a
--- /dev/null
+++ b/platform/ext/target/arm/mps2/an521/ns/toolchain_ext.cmake
@@ -0,0 +1,32 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# In the new split build this file defines a platform specific parameters
+# like mcpu core, arch etc and to be included by NS toolchain file.
+# A platform owner is free to configure toolchain here for building NS side.
+
+set(CMAKE_SYSTEM_PROCESSOR cortex-m33)
+
+if (${CMAKE_C_COMPILER_ID} STREQUAL GNU)
+
+ add_compile_options(-mcpu=cortex-m33+nodsp)
+ add_link_options(-mcpu=cortex-m33+nodsp)
+
+elseif (${CMAKE_C_COMPILER_ID} STREQUAL ARMClang)
+
+ add_compile_options(-mcpu=cortex-m33+nodsp)
+ add_link_options(--cpu=cortex-m33+nodsp)
+
+elseif (${CMAKE_C_COMPILER_ID} STREQUAL IAR)
+
+ add_compile_options(--cpu cortex-m33)
+ add_link_options(--cpu=cortex-m33+nodsp)
+
+endif()
+
+set(CONFIG_TFM_FP_ARCH "fpv5-d16")
+set(CONFIG_TFM_FP_ARCH_ASM "FPv5_D16")
diff --git a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
index 3b742d5..2646f1d 100644
--- a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.c
@@ -26,7 +26,7 @@
#include "platform_retarget_dev.h"
#include "platform_retarget.h"
#include "system_core_init.h"
-#include "platform/include/tfm_plat_defs.h"
+#include "tfm_plat_defs.h"
/* ARM UART driver structures */
#ifdef ARM_UART0_S
diff --git a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h
index 772a5af..e699787 100644
--- a/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h
+++ b/platform/ext/target/arm/mps2/an521/retarget/platform_retarget_dev.h
@@ -32,7 +32,7 @@
#include "mpc_sie200_drv.h"
#include "ppc_sse200_drv.h"
#include "arm_uart_drv.h"
-#include "timer_cmsdk/timer_cmsdk.h"
+#include "timer_cmsdk.h"
/* ======= Defines peripheral configuration structures ======= */
/* ARM UART driver structures */
diff --git a/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt b/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
index a96ad5e..12921c7 100644
--- a/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/b_u585i_iot02a/accelerator/CMakeLists.txt
@@ -95,7 +95,7 @@
target_include_directories(psa_crypto_config
INTERFACE
- ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+ $<BUILD_INTERFACE:${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/>
)
target_compile_definitions(crypto_service_crypto_hw
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
index 5be0659..b179f7d 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/nucleo_l552ze_q/accelerator/CMakeLists.txt
@@ -81,7 +81,7 @@
target_include_directories(psa_crypto_config
INTERFACE
- ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+ $<BUILD_INTERFACE:${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/>
)
target_compile_definitions(crypto_service_crypto_hw
diff --git a/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt b/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
index f9d573e..50330f2 100644
--- a/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
+++ b/platform/ext/target/stm/stm32l562e_dk/accelerator/CMakeLists.txt
@@ -95,7 +95,7 @@
target_include_directories(psa_crypto_config
INTERFACE
- ${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/
+ $<BUILD_INTERFACE:${PLATFORM_DIR}/ext/target/${TFM_PLATFORM}/accelerator/>
)
target_compile_definitions(crypto_service_crypto_hw
diff --git a/platform/ns/toolchain_ns_GNUARM.cmake b/platform/ns/toolchain_ns_GNUARM.cmake
new file mode 100644
index 0000000..6b76386
--- /dev/null
+++ b/platform/ns/toolchain_ns_GNUARM.cmake
@@ -0,0 +1,85 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+set(CMAKE_SYSTEM_NAME Generic)
+
+set(CMAKE_C_COMPILER_FORCED TRUE)
+set(CMAKE_CXX_COMPILER_FORCED TRUE)
+
+find_program(CMAKE_C_COMPILER ${CROSS_COMPILE}-gcc)
+find_program(CMAKE_CXX_COMPILER ${CROSS_COMPILE}-g++)
+
+if(CMAKE_C_COMPILER STREQUAL "CMAKE_C_COMPILER-NOTFOUND")
+ message(FATAL_ERROR "Could not find compiler: '${CROSS_COMPILE}-gcc'")
+endif()
+
+if(CMAKE_CXX_COMPILER STREQUAL "CMAKE_CXX_COMPILER-NOTFOUND")
+ message(FATAL_ERROR "Could not find compiler: '${CROSS_COMPILE}-g++'")
+endif()
+
+set(CMAKE_ASM_COMPILER ${CMAKE_C_COMPILER})
+
+# Set compiler ID explicitly as it's not detected at this moment
+set(CMAKE_C_COMPILER_ID GNU)
+# A platfomr sprecific MCPU and architecture flags for 2 toolchains
+include(${CONFIG_SPE_PATH}/platform/toolchain_ext.cmake)
+
+add_compile_options(
+ -specs=nano.specs
+ -Wall
+ -Wno-format
+ -Wno-return-type
+ -Wno-unused-but-set-variable
+ -c
+ -fdata-sections
+ -ffunction-sections
+ -fno-builtin
+ -fshort-enums
+ -funsigned-char
+ -mthumb
+ -nostdlib
+)
+
+add_link_options(
+ --entry=Reset_Handler
+ -specs=nano.specs
+ LINKER:-check-sections
+ LINKER:-fatal-warnings
+ LINKER:--gc-sections
+ LINKER:--no-wchar-size-warning
+ LINKER:--print-memory-usage
+ LINKER:-Map=tfm_ns.map
+ -T $<TARGET_OBJECTS:tfm_ns_scatter>
+)
+
+EXECUTE_PROCESS( COMMAND ${CMAKE_C_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION )
+if (GCC_VERSION VERSION_LESS 7.3.1)
+ message(FATAL_ERROR "Please use newer GNU Arm compiler version starting from 7.3.1.")
+endif()
+
+macro(target_add_scatter_file)
+
+ add_library(tfm_ns_scatter OBJECT
+ platform/tfm_common_ns.ld
+ )
+
+ set_source_files_properties(platform/tfm_common_ns.ld PROPERTIES
+ LANGUAGE C
+ KEEP_EXTENSION True)
+
+ target_compile_options(tfm_ns_scatter
+ PRIVATE
+ -E
+ -P
+ -xc
+ )
+
+ target_link_libraries(tfm_ns_scatter platform_ns)
+
+ add_dependencies(tfm_ns tfm_ns_scatter)
+
+endmacro()
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index d058937..634bc5f 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -18,15 +18,15 @@
target_include_directories(tfm_config
INTERFACE
- ${CMAKE_CURRENT_SOURCE_DIR}/include
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/crypto
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/firmware_update
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/initial_attestation
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/internal_trusted_storage
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/platform
- ${CMAKE_CURRENT_SOURCE_DIR}/partitions/protected_storage
- ${CMAKE_CURRENT_SOURCE_DIR}/spm/include
- ${CMAKE_BINARY_DIR}/generated/interface/include
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/crypto>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/firmware_update>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/initial_attestation>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/internal_trusted_storage>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/platform>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/partitions/protected_storage>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/spm/include>
+ $<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/generated/interface/include>
)
target_compile_definitions(tfm_config