TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 8bb9851e01e72a7cba87251b1944f7cf7b180dc7 / . / cmake / spe-CMakeLists.cmake
blob: cb0d36e98cbe21160682996d865d50ae99595ec5 [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]2# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
David Hu1249f0d2023-12-04 22:57:56 +0800[diff] [blame]7cmake_minimum_required(VERSION 3.21)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame^]16set_target_properties(tfm_config psa_interface psa_crypto_config PROPERTIES IMPORTED_GLOBAL True)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]17target_link_libraries(tfm_config INTERFACE psa_interface)
18
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]19# In actual NS integration, NS side build should include the source files
20# exported by TF-M build.
21set(INTERFACE_SRC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/src)
22set(INTERFACE_INC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/include)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]23
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]24add_library(tfm_api_ns STATIC)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]25
26target_sources(tfm_api_ns
David Hu0a07b632023-10-16 15:25:20 +0800[diff] [blame]27 PUBLIC
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]28 $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${INTERFACE_SRC_DIR}/tfm_platform_api.c>
29 $<$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_ps_api.c>
30 $<$<BOOL:${TFM_PARTITION_INTERNAL_TRUSTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_its_api.c>
31 $<$<BOOL:${TFM_PARTITION_CRYPTO}>:${INTERFACE_SRC_DIR}/tfm_crypto_api.c>
32 $<$<BOOL:${TFM_PARTITION_INITIAL_ATTESTATION}>:${INTERFACE_SRC_DIR}/tfm_attest_api.c>
33 $<$<BOOL:${TFM_PARTITION_FIRMWARE_UPDATE}>:${INTERFACE_SRC_DIR}/tfm_fwu_api.c>
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]34)
35
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]36# Include interface headers exported by TF-M
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]37target_include_directories(tfm_api_ns
38 PUBLIC
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]39 ${INTERFACE_INC_DIR}
40 ${INTERFACE_INC_DIR}/crypto_keys
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]41)
42
Jamie Foxc0489cc2023-11-28 17:55:36 +0000[diff] [blame]43if (CONFIG_TFM_USE_TRUSTZONE)
44 add_library(tfm_api_ns_tz INTERFACE)
45
46 target_sources(tfm_api_ns_tz
47 INTERFACE
48 ${INTERFACE_SRC_DIR}/tfm_tz_psa_ns_api.c
49 )
50
51 target_link_libraries(tfm_api_ns_tz
52 INTERFACE
53 ${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o
54 )
55endif()
56
57if (TFM_PARTITION_NS_AGENT_MAILBOX)
58 add_library(tfm_api_ns_mailbox INTERFACE)
59
60 target_sources(tfm_api_ns_mailbox
61 INTERFACE
62 ${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_ns_api.c
63 ${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_psa_ns_api.c
64 )
65
66 target_include_directories(tfm_api_ns_mailbox
67 INTERFACE
68 ${INTERFACE_INC_DIR}/multi_core
69 )
70endif()
71
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame^]72if (TFM_PARTITION_CRYPTO)
73 target_link_libraries(tfm_api_ns
74 PUBLIC
75 psa_crypto_config
76 )
77endif()
78
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]79add_library(platform_region_defs INTERFACE)
80
81target_compile_definitions(platform_region_defs
82 INTERFACE
83 $<$<BOOL:${BL1}>:BL1>
84 $<$<BOOL:${BL2}>:BL2>
85 BL2_HEADER_SIZE=${BL2_HEADER_SIZE}
86 BL2_TRAILER_SIZE=${BL2_TRAILER_SIZE}
87 BL1_HEADER_SIZE=${BL1_HEADER_SIZE}
88 BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE}
89 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
90 $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_${TEST_PSA_API}>
91 $<$<OR:$<CONFIG:Debug>,$<CONFIG:relwithdebinfo>>:ENABLE_HEAP>
92)
93
94target_link_libraries(platform_region_defs
95 INTERFACE
96 tfm_config
97)
98
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]99add_subdirectory(platform)
100
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]101target_sources(platform_ns
102 PRIVATE
103 $<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/common/uart_stdout.c>
104)
105
Anton Komlev8dc9eb22023-09-15 15:53:03 +0100[diff] [blame]106target_compile_definitions(platform_ns
107 PUBLIC
Kevin Peng7dc0ebf2023-11-14 14:31:31 +0800[diff] [blame]108 DOMAIN_NS=1
Anton Komlev8dc9eb22023-09-15 15:53:03 +0100[diff] [blame]109 $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
110 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},hard>:CONFIG_TFM_FLOAT_ABI=2>
111 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},soft>:CONFIG_TFM_FLOAT_ABI=0>
112 $<$<BOOL:${CONFIG_TFM_ENABLE_CP10CP11}>:CONFIG_TFM_ENABLE_CP10CP11>
113)
114
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]115target_link_libraries(tfm_api_ns
116 PUBLIC
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]117 platform_region_defs
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]118 platform_ns
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]119)
120
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]121if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]122
David Hua5fefdc2023-11-03 13:24:41 +0800[diff] [blame]123 find_package(Python3)
124
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]125 add_custom_target(tfm_s_ns_signed_bin
126 ALL
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]127 SOURCES ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]128 )
129
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]130 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]131
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]132 add_custom_target(tfm_ns_signed_bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]133 SOURCES ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]134 )
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]135 add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]136 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]137 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]138 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]139 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]140
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]141 #Sign non-secure binary image with provided secret key
142 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
143 --version ${MCUBOOT_IMAGE_VERSION_NS}
144 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]145 --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_ns_signing_private_key.pem
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]146 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
147 --align ${MCUBOOT_ALIGN_VAL}
148 --pad
149 --pad-header
150 -H ${BL2_HEADER_SIZE}
151 -s ${MCUBOOT_SECURITY_COUNTER_NS}
152 -L ${MCUBOOT_ENC_KEY_LEN}
153 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]154 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
155 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]156 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]157 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]158 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]159 ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]160 )
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]161
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]162 # Create concatenated binary image from the two independently signed
163 # binary file. This only uses the local assemble.py script (not from
164 # upstream mcuboot) because that script is geared towards zephyr
165 # support
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]166 add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]167 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]168 DEPENDS tfm_ns_signed_bin ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]169 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]170 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]171
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]172 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
173 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
174 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]175 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
176 --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]177 )
178 else()
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]179 add_custom_target(tfm_s_ns_bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]180 SOURCES ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]181 )
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]182 add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]183 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
184 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]185 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
186 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]187
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]188 # concatenate S + NS binaries into tfm_s_ns.bin
189 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]190 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]191 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]192 --non_secure $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]193 --output ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]194 )
195
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]196 add_custom_command(OUTPUT ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
197 DEPENDS tfm_s_ns_bin ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]198 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]199 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]200 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]201
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]202 # sign the combined tfm_s_ns.bin file
203 COMMAND ${Python3_EXECUTABLE}
204 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
205 --version ${MCUBOOT_IMAGE_VERSION_S}
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]206 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]207 --key ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_s_signing_private_key.pem
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]208 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
209 --align ${MCUBOOT_ALIGN_VAL}
210 --pad
211 --pad-header
212 -H ${BL2_HEADER_SIZE}
213 -s ${MCUBOOT_SECURITY_COUNTER_S}
214 -L ${MCUBOOT_ENC_KEY_LEN}
215 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
216 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
Raef Coles1d68b872023-11-06 16:33:34 +0000[diff] [blame]217 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/image_signing/keys/image_enc_key.pem>
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]218 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Dávid Házi1a72fd42024-03-06 18:33:45 +0100[diff] [blame]219 ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
220 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]221 )
222 endif()
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]223endif()