Build: Split build v2 for an521 platform
Please refer to the updated Regression tests in tf-m-tests repository
in "feature-build-split-v2" branch for an example of how to use
Split build.
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Signed-off-by: Dávid Házi <david.hazi@arm.com>
Change-Id: Ie07541b95ad38e38115a1d59544707035fd4c1d6
diff --git a/cmake/install.cmake b/cmake/install.cmake
index 43f8cb1..46d3782 100644
--- a/cmake/install.cmake
+++ b/cmake/install.cmake
@@ -8,7 +8,7 @@
#-------------------------------------------------------------------------------
install(DIRECTORY ${CMAKE_BINARY_DIR}/bin/
- DESTINATION ${TFM_INSTALL_PATH}/outputs
+ DESTINATION outputs
)
set(INTERFACE_INC_DIR ${CMAKE_SOURCE_DIR}/interface/include)
@@ -17,6 +17,8 @@
set(INSTALL_INTERFACE_INC_DIR ${TFM_INSTALL_PATH}/interface/include)
set(INSTALL_INTERFACE_SRC_DIR ${TFM_INSTALL_PATH}/interface/src)
set(INSTALL_INTERFACE_LIB_DIR ${TFM_INSTALL_PATH}/interface/lib)
+set(INSTALL_PLATFORM_NS_DIR ${TFM_INSTALL_PATH}/platform)
+set(INSTALL_CMAKE_DIR ${TFM_INSTALL_PATH}/cmake)
# export veneer lib
if (CONFIG_TFM_USE_TRUSTZONE)
@@ -170,25 +172,33 @@
if(BL2)
install(DIRECTORY bl2/ext/mcuboot/scripts
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR})
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}
+ PATTERN "scripts/*.py"
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ PATTERN "scripts/wrapper/*.py"
+ PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ)
+
+ install(DIRECTORY ${MCUBOOT_PATH}/scripts/imgtool
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/scripts)
if (MCUBOOT_ENC_IMAGES)
install(FILES ${MCUBOOT_KEY_ENC}
DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
endif()
- if (PLATFORM_DEFAULT_IMAGE_SIGNING)
- install(FILES $<TARGET_OBJECTS:signing_layout_s>
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_S}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- if(MCUBOOT_IMAGE_NUMBER GREATER 1)
- install(FILES $<TARGET_OBJECTS:signing_layout_ns>
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
- install(FILES ${MCUBOOT_KEY_NS}
- DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
- endif()
+ # unconditionally install all necessary files for optional signing
+ install(FILES $<TARGET_OBJECTS:signing_layout_s>
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
+
+ if(MCUBOOT_IMAGE_NUMBER GREATER 1)
+ install(FILES $<TARGET_OBJECTS:signing_layout_ns>
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/layout_files)
endif()
+
+ install(FILES ${MCUBOOT_KEY_NS} ${MCUBOOT_KEY_S}
+ DESTINATION ${INSTALL_IMAGE_SIGNING_DIR}/keys)
endif()
if(TFM_PARTITION_FIRMWARE_UPDATE)
@@ -196,9 +206,74 @@
DESTINATION ${INSTALL_INTERFACE_SRC_DIR})
endif()
-###################### Install for NS regression tests #########################
+###################### Install NS platform sources #############################
-include(${CMAKE_SOURCE_DIR}/lib/ext/tf-m-tests/install.cmake)
+install(CODE "MESSAGE(\"----- Installing platform NS -----\")")
+
+install(FILES ${PLATFORM_DIR}/ext/common/gcc/tfm_common_ns.ld
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${PLATFORM_DIR}/ext/common/armclang/tfm_common_ns.sct
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${PLATFORM_DIR}/ext/common/iar/tfm_common_ns.icf
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(DIRECTORY ${PLATFORM_DIR}/ext/cmsis
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR})
+
+install(FILES ${CMAKE_SOURCE_DIR}/cmake/spe-CMakeLists.cmake
+ DESTINATION ${TFM_INSTALL_PATH}
+ RENAME CMakeLists.txt)
+
+install(FILES ${PLATFORM_DIR}/ns/toolchain_ns_GNUARM.cmake
+ DESTINATION ${INSTALL_CMAKE_DIR})
+
+# copy all files from active platform directory
+install(DIRECTORY ${TARGET_PLATFORM_PATH}/ns/
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR} OPTIONAL)
+
+# Export platform abilities
+install(FILES ${TARGET_PLATFORM_PATH}/config.cmake
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR} OPTIONAL)
+
+install(FILES
+ ${CMAKE_SOURCE_DIR}/lib/fih/inc/fih.h
+ ${PLATFORM_DIR}/include/tfm_plat_ns.h
+ DESTINATION ${INSTALL_PLATFORM_NS_DIR}/include)
+
+if (TARGET psa_crypto_config)
+# FIXIT: This is a temporal patch to reduce the change scope and simplify review.
+# In the future we shall decouple this target from tfm_config becuase
+# "psa_crypto_config" target exists not in all configurations.
+# Functionally "psa_crypto_config" provides only include path for Crypto accelerator.
+install(TARGETS tfm_config psa_crypto_config psa_interface
+ DESTINATION ${TFM_INSTALL_PATH}
+ EXPORT tfm-config
+ )
+else()
+ install(TARGETS tfm_config psa_interface
+ DESTINATION ${TFM_INSTALL_PATH}
+ EXPORT tfm-config
+ )
+endif()
+
+target_include_directories(psa_interface
+ INTERFACE
+ $<INSTALL_INTERFACE:interface/include>
+ )
+
+install(EXPORT tfm-config
+ FILE spe_export.cmake
+ DESTINATION ${INSTALL_CMAKE_DIR})
+
+configure_file(${CMAKE_SOURCE_DIR}/config/spe_config.cmake.in
+ ${INSTALL_CMAKE_DIR}/spe_config.cmake @ONLY)
##################### Platform-specific installation ###########################
include(${TARGET_PLATFORM_PATH}/install.cmake OPTIONAL)
+
+###################### Install for NS regression tests #########################
+
+include(${CMAKE_SOURCE_DIR}/lib/ext/tf-m-tests/install.cmake OPTIONAL)
+
diff --git a/cmake/spe-CMakeLists.cmake b/cmake/spe-CMakeLists.cmake
new file mode 100644
index 0000000..1d92591
--- /dev/null
+++ b/cmake/spe-CMakeLists.cmake
@@ -0,0 +1,129 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+cmake_minimum_required(VERSION 3.15)
+
+# This CMake script is prepard by TF-M for building the non-secure side
+# application and not used in secure build a tree being for export only.
+# This file is renamed to spe/CMakeList.txt during installation phase
+
+include(spe_config)
+include(spe_export)
+
+set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
+target_link_libraries(tfm_config INTERFACE psa_interface)
+
+add_library(tfm_api_ns)
+
+file(GLOB spe_sources "interface/src/*.c")
+
+target_sources(tfm_api_ns
+ PRIVATE
+ ${spe_sources}
+ # NS specific implementation of NS interface dispatcher
+ $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c>
+)
+
+target_include_directories(tfm_api_ns
+ PUBLIC
+ interface/include
+)
+
+add_subdirectory(platform)
+
+target_link_libraries(tfm_api_ns
+ PUBLIC
+ platform_ns
+ tfm_config
+ $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
+)
+
+target_add_scatter_file()
+
+add_custom_target(tfm_ns_binaries
+ DEPENDS tfm_ns
+ COMMAND ${CMAKE_OBJCOPY} -O binary $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ COMMAND ${CMAKE_OBJCOPY} -O elf32-littlearm $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.elf
+ COMMAND ${CMAKE_OBJCOPY} -O ihex $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.hex
+)
+
+if (MCUBOOT_IMAGE_NUMBER GREATER 1)
+
+ add_custom_target(tfm_app_binaries
+ DEPENDS tfm_ns_binaries
+ DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
+
+ #Sign non-secure binary image with provided secret key
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
+ --version ${MCUBOOT_IMAGE_VERSION_NS}
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
+ --key ${MCUBOOT_KEY_NS}
+ --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
+ --align ${MCUBOOT_ALIGN_VAL}
+ --pad
+ --pad-header
+ -H ${BL2_HEADER_SIZE}
+ -s ${MCUBOOT_SECURITY_COUNTER_NS}
+ -L ${MCUBOOT_ENC_KEY_LEN}
+ -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
+ ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
+ $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
+ ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin
+
+ # Create concatenated binary image from the two independently signed
+ # binary file. This only uses the local assemble.py script (not from
+ # upstream mcuboot) because that script is geared towards zephyr
+ # support
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
+ --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s_signed.bin
+ --non_secure ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin
+ --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
+ # merge bootloader and application into Hex image for upload
+ COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/outputs/bl2.bin -Binary -offset 0xA000000
+ ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000
+ -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel
+ )
+else()
+
+ add_custom_target(tfm_app_binaries
+ DEPENDS tfm_ns_binaries
+ DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
+
+ # concatenate S + NS binaries into tfm_s_ns.bin
+ COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
+ --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s.bin
+ --non_secure ${CMAKE_BINARY_DIR}/tfm_ns.bin
+ --output ${CMAKE_BINARY_DIR}/tfm_s_ns.bin
+
+ # sign the combined tfm_s_ns.bin file
+ COMMAND ${Python3_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
+ --version ${MCUBOOT_IMAGE_VERSION_S}
+ --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
+ --key ${MCUBOOT_KEY_S}
+ --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
+ --align ${MCUBOOT_ALIGN_VAL}
+ --pad
+ --pad-header
+ -H ${BL2_HEADER_SIZE}
+ -s ${MCUBOOT_SECURITY_COUNTER_S}
+ -L ${MCUBOOT_ENC_KEY_LEN}
+ $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
+ $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
+ $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
+ $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
+ ${CMAKE_BINARY_DIR}/tfm_s_ns.bin
+ ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
+ )
+endif()
+