Build: Add option to enable or disable Audit Log
Adds a build option that makes it possible to enable or disable the
TF-M Audit Log partition. The option TFM_PARTITION_AUDIT_LOG can be
provided in the CMake configure command, and is enabled by default if
not supplied.
Change-Id: Ib60f22aeb62652e34a1ac43a61154288e6d989b3
Signed-off-by: Jamie Fox <jamie.fox@arm.com>
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 75a0a5e..bf41f38 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -31,6 +31,10 @@
message(FATAL_ERROR "Incomplete build configuration: TFM_LVL is undefined. ")
endif()
+if (NOT DEFINED TFM_PARTITION_AUDIT_LOG)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_AUDIT_LOG is undefined.")
+endif()
+
include(${SECURE_FW_DIR}/spm/CMakeLists.inc)
include(${SECURE_FW_DIR}/ns_callable/CMakeLists.inc)
#Involve all IPC related sources in ipc's CMakeLists.inc, and switch core between IPC and Library.
@@ -146,10 +150,12 @@
add_dependencies(${EXE_NAME} tfm_crypto)
add_dependencies(${EXE_NAME} tfm_storage)
- add_dependencies(${EXE_NAME} tfm_audit)
add_dependencies(${EXE_NAME} tfm_platform)
add_dependencies(${EXE_NAME} tfm_secure_tests)
add_dependencies(${EXE_NAME} tfm_attest)
+ if (TFM_PARTITION_AUDIT_LOG)
+ add_dependencies(${EXE_NAME} tfm_audit)
+ endif()
#Set macro definitions for the project.
embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} ${DEBUG_AUTHENTICATION} APPEND)
@@ -166,20 +172,27 @@
#FIXME Remove the explicit load and the above comment once the secure client
#test partition uses the generated veneers.
if((${COMPILER} STREQUAL "ARMCLANG") AND (NOT TFM_PSA_API))
- target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_platform $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_attest)
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_secure_tests tfm_attest tfm_crypto tfm_storage tfm_platform tfm_attest)
endif()
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_secure_tests tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_platform tfm_secure_tests tfm_attest)
endif()
else()
- target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_audit tfm_platform tfm_attest)
+ target_link_libraries(${EXE_NAME} tfm_attest tfm_crypto tfm_storage tfm_platform tfm_attest)
endif()
+ if (TFM_PARTITION_AUDIT_LOG)
+ target_link_libraries(${EXE_NAME} tfm_audit)
+ endif()
embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
+ if (TFM_PARTITION_AUDIT_LOG)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_AUDIT_LOG")
+ endif()
+
if (NOT DEFINED TFM_PARTITION_TEST_CORE)
message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
elseif (TFM_PARTITION_TEST_CORE)
@@ -278,15 +291,17 @@
#Add the secure storage library target
add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
-#Add the audit logging library target
-add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
-
#Add the platform service library target
add_subdirectory(${SECURE_FW_DIR}/services/platform)
#Add the initial attestation service library target
add_subdirectory(${SECURE_FW_DIR}/services/initial_attestation)
+#Add the audit logging library target
+if (TFM_PARTITION_AUDIT_LOG)
+ add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
+endif()
+
if (LINK_TO_BOTH_MEMORY_REGION)
#Link to primary memory region
set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
diff --git a/secure_fw/ns_callable/CMakeLists.inc b/secure_fw/ns_callable/CMakeLists.inc
index c60c996..91f803a 100644
--- a/secure_fw/ns_callable/CMakeLists.inc
+++ b/secure_fw/ns_callable/CMakeLists.inc
@@ -24,9 +24,12 @@
endif()
set (SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_veneers.c"
- "${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c"
"${CMAKE_CURRENT_LIST_DIR}/tfm_platform_veneers.c")
+if (TFM_PARTITION_AUDIT_LOG)
+ list(APPEND SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_audit_veneers.c")
+endif()
+
if (TFM_PSA_API)
list(APPEND SS_NS_CALLABLE_C_SRC "${CMAKE_CURRENT_LIST_DIR}/tfm_psa_api_veneers.c")
endif()
diff --git a/secure_fw/ns_callable/tfm_veneers.c b/secure_fw/ns_callable/tfm_veneers.c
index d1cb113..3519af6 100644
--- a/secure_fw/ns_callable/tfm_veneers.c
+++ b/secure_fw/ns_callable/tfm_veneers.c
@@ -17,12 +17,14 @@
psa_status_t tfm_sst_remove_req(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t tfm_sst_get_support_req(psa_invec *, size_t, psa_outvec *, size_t);
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
psa_status_t audit_core_retrieve_record(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_add_record(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_get_info(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_get_record_info(psa_invec *, size_t, psa_outvec *, size_t);
psa_status_t audit_core_delete_record(psa_invec *, size_t, psa_outvec *, size_t);
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
psa_status_t tfm_crypto_allocate_key(psa_invec *, size_t, psa_outvec *, size_t);
@@ -125,12 +127,14 @@
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_remove_req)
TFM_VENEER_FUNCTION(TFM_SP_STORAGE, tfm_sst_get_support_req)
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_retrieve_record)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_add_record)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_info)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_get_record_info)
TFM_VENEER_FUNCTION(TFM_SP_AUDIT_LOG, audit_core_delete_record)
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
TFM_VENEER_FUNCTION(TFM_SP_CRYPTO, tfm_crypto_allocate_key)
diff --git a/secure_fw/services/audit_logging/CMakeLists.inc b/secure_fw/services/audit_logging/CMakeLists.inc
index ef491e7..31c401f 100644
--- a/secure_fw/services/audit_logging/CMakeLists.inc
+++ b/secure_fw/services/audit_logging/CMakeLists.inc
@@ -20,32 +20,23 @@
#Get the current directory where this file is located.
set(AUDIT_LOGGING_DIR ${CMAKE_CURRENT_LIST_DIR})
-#Check input variables
-if (NOT DEFINED ENABLE_AUDIT_LOGGING)
- message(FATAL_ERROR "Incomplete build configuration: ENABLE_AUDIT_LOGGING is undefined. ")
+if (NOT DEFINED TFM_ROOT_DIR)
+ message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
endif()
-if (ENABLE_AUDIT_LOGGING)
- if (NOT DEFINED TFM_ROOT_DIR)
- message(FATAL_ERROR "Please set TFM_ROOT_DIR before including this file.")
- endif()
+set (AUDIT_LOGGING_C_SRC
+ "${AUDIT_LOGGING_DIR}/tfm_audit_secure_api.c"
+ "${AUDIT_LOGGING_DIR}/audit_core.c"
+ "${AUDIT_LOGGING_DIR}/audit_wrappers.c"
+)
- set (AUDIT_LOGGING_C_SRC
- "${AUDIT_LOGGING_DIR}/tfm_audit_secure_api.c"
- "${AUDIT_LOGGING_DIR}/audit_core.c"
- "${AUDIT_LOGGING_DIR}/audit_wrappers.c"
- )
+#Append all our source files to global lists.
+list(APPEND ALL_SRC_C ${AUDIT_LOGGING_C_SRC})
+unset(AUDIT_LOGGING_C_SRC)
- #Append all our source files to global lists.
- list(APPEND ALL_SRC_C ${AUDIT_LOGGING_C_SRC})
- unset(AUDIT_LOGGING_C_SRC)
-
- #Setting include directories
- embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
- embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
-else()
- message(FATAL_ERROR "Build system currently doesn't support selectively disabling of a service.")
-endif()
+#Setting include directories
+embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/interface/include ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE)
+embedded_include_directories(PATH ${TFM_ROOT_DIR}/platform/ext/common ABSOLUTE)
diff --git a/secure_fw/services/audit_logging/CMakeLists.txt b/secure_fw/services/audit_logging/CMakeLists.txt
index e7bfa82..d67c854 100644
--- a/secure_fw/services/audit_logging/CMakeLists.txt
+++ b/secure_fw/services/audit_logging/CMakeLists.txt
@@ -23,7 +23,6 @@
get_filename_component(TFM_ROOT_DIR "${AUDIT_LOGGING_DIR}/../../.." ABSOLUTE)
###Get the definition of what files we need to build
-set (ENABLE_AUDIT_LOGGING ON)
include(CMakeLists.inc)
if (NOT DEFINED TFM_LVL)
diff --git a/secure_fw/services/tfm_partition_defs.inc b/secure_fw/services/tfm_partition_defs.inc
index ab0cb28..e7b20e6 100644
--- a/secure_fw/services/tfm_partition_defs.inc
+++ b/secure_fw/services/tfm_partition_defs.inc
@@ -12,7 +12,9 @@
#define TFM_SP_STORAGE_ID (TFM_SP_BASE + 0)
+#ifdef TFM_PARTITION_AUDIT_LOG
#define TFM_SP_AUDIT_LOG_ID (TFM_SP_BASE + 1)
+#endif /* TFM_PARTITION_AUDIT_LOG */
#define TFM_SP_CRYPTO_ID (TFM_SP_BASE + 2)
diff --git a/secure_fw/services/tfm_partition_list.inc b/secure_fw/services/tfm_partition_list.inc
index f5edad6..f78052a 100644
--- a/secure_fw/services/tfm_partition_list.inc
+++ b/secure_fw/services/tfm_partition_list.inc
@@ -16,6 +16,7 @@
, "PSA-ROT", 0x00000100, NORMAL);
PARTITION_ADD_INIT_FUNC(TFM_SP_STORAGE, tfm_sst_req_mngr_init);
+#ifdef TFM_PARTITION_AUDIT_LOG
/******** TFM_SP_AUDIT_LOG ********/
PARTITION_DECLARE(TFM_SP_AUDIT_LOG, 0
, "PSA-ROT", 0x00000101, NORMAL);
@@ -23,6 +24,7 @@
#ifdef AUDIT_UART_REDIRECTION
PARTITION_ADD_PERIPHERAL(TFM_SP_AUDIT_LOG, TFM_PERIPHERAL_UART1);
#endif /* AUDIT_UART_REDIRECTION */
+#endif /* TFM_PARTITION_AUDIT_LOG */
/******** TFM_SP_CRYPTO ********/
PARTITION_DECLARE(TFM_SP_CRYPTO, 0