TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 7dc0ebff3faf2faa0379bf044393cb471bd9e5a6 / . / cmake / spe-CMakeLists.cmake
blob: 1915a9c4d0b2cbd8356574818c06779a70308fde [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7cmake_minimum_required(VERSION 3.15)
8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
16set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
17target_link_libraries(tfm_config INTERFACE psa_interface)
18
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]19# In actual NS integration, NS side build should include the source files
20# exported by TF-M build.
21set(INTERFACE_SRC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/src)
22set(INTERFACE_INC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/include)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]23
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]24add_library(tfm_api_ns STATIC)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]25
26target_sources(tfm_api_ns
David Hu0a07b632023-10-16 15:25:20 +0800[diff] [blame]27 PUBLIC
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]28 $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${INTERFACE_SRC_DIR}/tfm_platform_api.c>
29 $<$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_ps_api.c>
30 $<$<BOOL:${TFM_PARTITION_INTERNAL_TRUSTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_its_api.c>
31 $<$<BOOL:${TFM_PARTITION_CRYPTO}>:${INTERFACE_SRC_DIR}/tfm_crypto_api.c>
32 $<$<BOOL:${TFM_PARTITION_INITIAL_ATTESTATION}>:${INTERFACE_SRC_DIR}/tfm_attest_api.c>
33 $<$<BOOL:${TFM_PARTITION_FIRMWARE_UPDATE}>:${INTERFACE_SRC_DIR}/tfm_fwu_api.c>
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]34)
35
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]36target_sources(tfm_api_ns
37 PRIVATE
38 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_ns_api.c>
39 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_psa_ns_api.c>
David Hu149b6a62023-11-03 16:18:37 +0800[diff] [blame]40 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${INTERFACE_SRC_DIR}/tfm_tz_psa_ns_api.c>
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]41)
42
43# Include interface headers exported by TF-M
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]44target_include_directories(tfm_api_ns
45 PUBLIC
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]46 ${INTERFACE_INC_DIR}
47 ${INTERFACE_INC_DIR}/crypto_keys
48 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_INC_DIR}/multi_core>
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]49)
50
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]51add_library(platform_region_defs INTERFACE)
52
53target_compile_definitions(platform_region_defs
54 INTERFACE
55 $<$<BOOL:${BL1}>:BL1>
56 $<$<BOOL:${BL2}>:BL2>
57 BL2_HEADER_SIZE=${BL2_HEADER_SIZE}
58 BL2_TRAILER_SIZE=${BL2_TRAILER_SIZE}
59 BL1_HEADER_SIZE=${BL1_HEADER_SIZE}
60 BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE}
61 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
62 $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_${TEST_PSA_API}>
63 $<$<OR:$<CONFIG:Debug>,$<CONFIG:relwithdebinfo>>:ENABLE_HEAP>
64)
65
66target_link_libraries(platform_region_defs
67 INTERFACE
68 tfm_config
69)
70
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]71add_subdirectory(platform)
72
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]73target_sources(platform_ns
74 PRIVATE
75 $<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/common/uart_stdout.c>
76)
77
Anton Komlev8dc9eb22023-09-15 15:53:03 +0100[diff] [blame]78target_compile_definitions(platform_ns
79 PUBLIC
Kevin Peng7dc0ebf2023-11-14 14:31:31 +0800[diff] [blame^]80 DOMAIN_NS=1
Anton Komlev8dc9eb22023-09-15 15:53:03 +0100[diff] [blame]81 $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
82 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},hard>:CONFIG_TFM_FLOAT_ABI=2>
83 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},soft>:CONFIG_TFM_FLOAT_ABI=0>
84 $<$<BOOL:${CONFIG_TFM_ENABLE_CP10CP11}>:CONFIG_TFM_ENABLE_CP10CP11>
85)
86
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]87target_link_libraries(tfm_api_ns
88 PUBLIC
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]89 platform_region_defs
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]90 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]91 platform_ns
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]92)
93
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]94if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]95
David Hua5fefdc2023-11-03 13:24:41 +0800[diff] [blame]96 find_package(Python3)
97
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]98 add_custom_target(tfm_s_ns_signed_bin
99 ALL
100 SOURCES tfm_s_ns_signed.bin
101 )
102
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]103 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]104
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]105 add_custom_target(tfm_ns_signed_bin
106 SOURCES tfm_ns_signed.bin
107 )
108 add_custom_command(OUTPUT tfm_ns_signed.bin
109 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]110 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]111 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]112 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]113
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]114 #Sign non-secure binary image with provided secret key
115 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
116 --version ${MCUBOOT_IMAGE_VERSION_NS}
117 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]118 --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_ns_signing_private_key.pem
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]119 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
120 --align ${MCUBOOT_ALIGN_VAL}
121 --pad
122 --pad-header
123 -H ${BL2_HEADER_SIZE}
124 -s ${MCUBOOT_SECURITY_COUNTER_NS}
125 -L ${MCUBOOT_ENC_KEY_LEN}
126 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]127 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
128 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]129 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]130 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]131 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]132 tfm_ns_signed.bin
133 COMMAND ${CMAKE_COMMAND} -E copy tfm_ns_signed.bin ${CMAKE_BINARY_DIR}/bin
134 )
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]135
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]136 # Create concatenated binary image from the two independently signed
137 # binary file. This only uses the local assemble.py script (not from
138 # upstream mcuboot) because that script is geared towards zephyr
139 # support
140 add_custom_command(OUTPUT tfm_s_ns_signed.bin
141 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
142 DEPENDS tfm_ns_signed_bin tfm_ns_signed.bin
143 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]144 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]145
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]146 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
147 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
148 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]149 --non_secure tfm_ns_signed.bin
150 --output tfm_s_ns_signed.bin
151 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin ${CMAKE_BINARY_DIR}
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]152 )
153 else()
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]154 add_custom_target(tfm_s_ns_bin
155 SOURCES tfm_s_ns.bin
156 )
157 add_custom_command(OUTPUT tfm_s_ns.bin
158 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
159 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]160 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
161 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]162
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]163 # concatenate S + NS binaries into tfm_s_ns.bin
164 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]165 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]166 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]167 --non_secure $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
168 --output tfm_s_ns.bin
169 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin ${CMAKE_BINARY_DIR}/bin
170 )
171
172 add_custom_command(OUTPUT tfm_s_ns_signed.bin
173 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]174 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]175 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]176 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]177
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]178 # sign the combined tfm_s_ns.bin file
179 COMMAND ${Python3_EXECUTABLE}
180 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
181 --version ${MCUBOOT_IMAGE_VERSION_S}
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]182 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]183 --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_s_signing_private_key.pem
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]184 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
185 --align ${MCUBOOT_ALIGN_VAL}
186 --pad
187 --pad-header
188 -H ${BL2_HEADER_SIZE}
189 -s ${MCUBOOT_SECURITY_COUNTER_S}
190 -L ${MCUBOOT_ENC_KEY_LEN}
191 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
192 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]193 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]194 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]195 tfm_s_ns.bin
196 tfm_s_ns_signed.bin
197 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin ${CMAKE_BINARY_DIR}
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]198 )
199 endif()
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]200endif()