TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / f11f0067542ef3bced789d61a73e9e540bd24023 / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: 4548515697ab5dd34f7c636868181806ab68223d [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]2# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]15add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
16
17target_include_directories(bootutil
18 PUBLIC
19 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]20 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]21)
22
23target_link_libraries(bootutil
24 PUBLIC
25 mcuboot_config
26 platform_bl2
27 bl2_mbedcrypto
28)
29
30target_include_directories(mcuboot_config
31 INTERFACE
32 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
33)
34
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]35target_include_directories(bl2
36 PUBLIC
37 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]38)
39
40target_sources(bl2
41 PRIVATE
42 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
43 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
44 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
45 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]46)
47
48target_link_libraries(bl2
49 PUBLIC
50 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]51)
52
53set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
54list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
55
56configure_file(include/mcuboot_config/mcuboot_config.h.in
57 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
58 @ONLY)
59
60############################### IMAGE SIGNING ##################################
61
62find_package(Python3)
63
64set(FLASH_AREA_NUM 0)
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]65set(IMAGE_TYPE "S_IMAGE")
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]66if (MCUBOOT_IMAGE_NUMBER GREATER 1)
67 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
68 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]69else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]70 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
71 # used in this mode the signing_layout_s target's source file is renamed.
72 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
73 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]74endif()
75
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]76target_compile_options(signing_layout_s
77 PRIVATE
78 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
79 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
80 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
81)
82target_compile_definitions(signing_layout_s
83 PRIVATE
84 $<$<BOOL:${BL2}>:BL2>
85 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]86 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]87)
88target_link_libraries(signing_layout_s
89 PRIVATE
90 platform_bl2
91)
92
93if(NS)
94 add_custom_target(tfm_s_ns_bin
95 SOURCES tfm_s_ns.bin
96 )
97 add_custom_command(OUTPUT tfm_s_ns.bin
98 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
99 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
100 DEPENDS tfm_s_bin tfm_ns_bin
101 DEPENDS signing_layout_s
102
103 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
104 --layout $<TARGET_OBJECTS:signing_layout_s>
105 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
106 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
107 -o tfm_s_ns.bin
108 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
109 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]110endif()
111
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]112add_custom_target(tfm_s_signed_bin
113 SOURCES tfm_s_signed.bin
114)
115add_custom_command(OUTPUT tfm_s_signed.bin
116 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
117 DEPENDS tfm_s_bin signing_layout_s
118 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]119
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]120 #Sign secure binary image with provided secret key
121 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
122 -v ${MCUBOOT_IMAGE_VERSION_S}
123 --layout $<TARGET_OBJECTS:signing_layout_s>
124 -k ${MCUBOOT_KEY_S}
125 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
126 --align 1
127 --pad
128 --pad-header
129 -H 0x400
130 -s ${MCUBOOT_SECURITY_COUNTER_S}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]131 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]132 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
133 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
134 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
135 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
136 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
137)
138
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]139set(FLASH_AREA_NUM 1)
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]140set(IMAGE_TYPE "NS_IMAGE")
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]141configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
142
143add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
144target_compile_options(signing_layout_ns
145 PRIVATE
146 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
147 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
148 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
149)
150target_compile_definitions(signing_layout_ns
151 PRIVATE
152 $<$<BOOL:${BL2}>:BL2>
153 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]154 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]155)
156target_link_libraries(signing_layout_ns
157 PRIVATE
158 platform_bl2
159)
160
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]161if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]162 add_custom_target(tfm_ns_signed_bin
163 SOURCES tfm_ns_signed.bin
164 )
165 add_custom_command(OUTPUT tfm_ns_signed.bin
166 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
167 DEPENDS tfm_ns_bin signing_layout_ns
168 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
169
170 #Sign non-secure binary image with provided secret key
171 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
172 -v ${MCUBOOT_IMAGE_VERSION_NS}
173 --layout $<TARGET_OBJECTS:signing_layout_ns>
174 -k ${MCUBOOT_KEY_NS}
175 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
176 --align 1
177 --pad
178 --pad-header
179 -H 0x400
180 -s ${MCUBOOT_SECURITY_COUNTER_NS}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]181 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]182 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
183 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
184 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
185 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
186 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
187 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]188endif()
189
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]190if(NS)
191 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]192 SOURCES tfm_s_ns_signed.bin
193 )
194 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
195 add_custom_command(OUTPUT tfm_s_ns_signed.bin
196 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
197 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
198 DEPENDS signing_layout_s
199
200 # Create concatenated binary image from the two independently signed
201 # binary file. This only uses the local assemble.py script (not from
202 # upstream mcuboot) because that script is geared towards zephyr
203 # support
204 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
205 --layout $<TARGET_OBJECTS:signing_layout_s>
206 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
207 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
208 -o tfm_s_ns_signed.bin
209 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
210 )
211 else()
212 add_custom_command(OUTPUT tfm_s_ns_signed.bin
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]213 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]214 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
215 DEPENDS signing_layout_s
216
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]217 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
218 # In such a configuration there is a subsystem with higher privileges controlling the
219 # the boot process and current implementation requires to use the non-secure key here.
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]220 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
221 -v ${MCUBOOT_IMAGE_VERSION_S}
222 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]223 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]224 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
225 --align 1
226 --pad
227 --pad-header
228 -H 0x400
229 -s ${MCUBOOT_SECURITY_COUNTER_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]230 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
231 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]232 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]233 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
234 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
235 )
236 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]237endif()
238
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]239add_custom_target(signed_images
240 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]241 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]242)