CMake: link TF-M for both memory partition
This patch introduces the MCUBOOT_NO_SWAP compiler switch:
- Default value is False to preserve swapping functionality to be
default
- When disabling it then TF-M is built in one instance:
- tfm_sign.bin: linked to run in XIP mode from slot 0 memory
partition
- When enabling it then TF-M is built in two instances:
- tfm_sign_0.bin: linked to run in XIP mode from slot 0 memory
partition
- tfm_sign_1.bin: linked to run in XIP mode from slot 1 memory
partition
Change-Id: I2757601295c80a42aba351a6d89c17f78dad3a0f
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Co-Authored-By: Mate Toth-Pal <mate.toth-pal@arm.com>
Co-Authored-By: Gyorgy Szing <Gyorgy.Szing@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index f0666b0..b05561a 100755
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -41,9 +41,13 @@
include("Common/${ARMCLANG_MODULE}")
set (COMMON_COMPILE_FLAGS -fshort-enums -fshort-wchar -funsigned-char -mfpu=none -mcmse)
- ##Shared compiler and linker settings.
- function(config_setting_shared_flags tgt)
+ ##Shared compiler settings.
+ function(config_setting_shared_compiler_flags tgt)
embedded_set_target_compile_flags(TARGET ${tgt} LANGUAGE C FLAGS -xc -std=c99 ${COMMON_COMPILE_FLAGS} -Wall -Werror)
+ endfunction()
+
+ ##Shared linker settings.
+ function(config_setting_shared_linker_flags tgt)
embedded_set_target_link_flags(TARGET ${tgt} FLAGS --strict --map --symbols --xref --entry=Reset_Handler --info=summarysizes,sizes,totals,unused,veneers)
endfunction()
elseif(${COMPILER} STREQUAL "GNUARM")
@@ -55,8 +59,12 @@
set (COMMON_COMPILE_FLAGS -fshort-enums -fshort-wchar -funsigned-char -msoft-float -mcmse)
##Shared compiler and linker settings.
- function(config_setting_shared_flags tgt)
+ function(config_setting_shared_compiler_flags tgt)
embedded_set_target_compile_flags(TARGET ${tgt} LANGUAGE C FLAGS -xc -std=c99 ${COMMON_COMPILE_FLAGS} -Wall -Werror -Wno-format -Wno-return-type -Wno-unused-but-set-variable)
+ endfunction()
+
+ ##Shared linker settings.
+ function(config_setting_shared_linker_flags tgt)
#--no-wchar-size-warning flag is added because TF-M sources are compiled
#with short wchars, however the standard library is compiled with normal
#wchar, and this generates linker time warnings. TF-M code does not use
@@ -69,7 +77,7 @@
#Create a string from the compile flags list, so that it can be used later
#in this file to set mbedtls and BL2 flags
-string(REPLACE ";" " " COMMON_COMPILE_FLAGS_STR "${COMMON_COMPILE_FLAGS}")
+list_to_string(COMMON_COMPILE_FLAGS_STR ${COMMON_COMPILE_FLAGS})
#Settings which shall be set for all projects the same way based
# on the variables above.
@@ -152,17 +160,17 @@
if (BL2)
add_definitions(-DBL2)
+ if (MCUBOOT_NO_SWAP)
+ set(LINK_TO_BOTH_MEMORY_REGION ON)
+ endif()
+else()
+ if (MCUBOOT_NO_SWAP)
+ message (FATAL_ERROR "Bootloader build is turned off, not possible to specify bootloader behavior")
+ endif()
endif()
-##Secure side
-config_setting_shared_flags(tfm_s)
-
-##Non secure side
-config_setting_shared_flags(tfm_ns)
-
-##TF-M storage
-config_setting_shared_flags(tfm_storage)
-set(MBEDTLS_C_FLAGS "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"tfm_mbedtls_config.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/platform/ext/common")
+##Set mbedTLS compiler flags and variables for secure storage and audit log
+set(MBEDTLS_C_FLAGS_SST_LOG "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"tfm_mbedtls_config.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/platform/ext/common")
#Default TF-M secure storage flags.
#These flags values can be overwritten by setting them in platform/ext/<TARGET_NAME>.cmake
@@ -190,13 +198,5 @@
set (MBEDTLS_DEBUG ON)
endif()
-##TF-M audit logging
-config_setting_shared_flags(tfm_audit)
-
-##Tests
-config_setting_shared_flags(tfm_secure_tests)
-config_setting_shared_flags(tfm_non_secure_tests)
-
-##BL2
-config_setting_shared_flags(mcuboot)
+##Set mbedTLS compiler flags for BL2 bootloader
set(MBEDTLS_C_FLAGS_BL2 "-D__ARM_FEATURE_CMSE=3 -D__thumb2__ ${COMMON_COMPILE_FLAGS_STR} -DMBEDTLS_CONFIG_FILE=\\\\\\\"config-boot.h\\\\\\\" -I${CMAKE_CURRENT_LIST_DIR}/bl2/ext/mcuboot/include")
diff --git a/ConfigCoreTest.cmake b/ConfigCoreTest.cmake
index 7045d2b..d6402b0 100644
--- a/ConfigCoreTest.cmake
+++ b/ConfigCoreTest.cmake
@@ -24,6 +24,9 @@
#definitions) based on these.
set (REGRESSION False)
set (CORE_TEST True)
+
+#BL2 bootloader(MCUBoot) related settings
set (BL2 True)
+set (MCUBOOT_NO_SWAP False)
include ("${CMAKE_CURRENT_LIST_DIR}/CommonConfig.cmake")
diff --git a/ConfigDefault.cmake b/ConfigDefault.cmake
index fb5f516..343d506 100755
--- a/ConfigDefault.cmake
+++ b/ConfigDefault.cmake
@@ -26,6 +26,9 @@
#definitions) based on these.
set (REGRESSION False)
set (CORE_TEST False)
+
+#BL2 bootloader(MCUBoot) related settings
set (BL2 True)
+set (MCUBOOT_NO_SWAP False)
include ("${CMAKE_CURRENT_LIST_DIR}/CommonConfig.cmake")
diff --git a/ConfigRegression.cmake b/ConfigRegression.cmake
index c557ef8..975a173 100755
--- a/ConfigRegression.cmake
+++ b/ConfigRegression.cmake
@@ -26,6 +26,9 @@
#definitions) based on these.
set (REGRESSION True)
set (CORE_TEST False)
+
+#BL2 bootloader(MCUBoot) related settings
set (BL2 True)
+set (MCUBOOT_NO_SWAP False)
include ("${CMAKE_CURRENT_LIST_DIR}/CommonConfig.cmake")
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index 89f9c54..5d9a2a2 100755
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -23,6 +23,10 @@
set(INTERFACE_DIR ${TFM_ROOT_DIR}/interface)
set(TEST_INTERFACE_DIR ${TFM_ROOT_DIR}/test/interface)
+#Include BL2 bootloader related functions
+set(MCUBOOT_DIR "${TFM_ROOT_DIR}/bl2/ext/mcuboot")
+include("${MCUBOOT_DIR}/MCUBoot.cmake")
+
#Set variables
get_filename_component(CMSIS_5_DIR ${TFM_ROOT_DIR}/../CMSIS_5 ABSOLUTE)
@@ -30,6 +34,10 @@
message(FATAL_ERROR "Missing CMSIS_5. Please clone the CMSIS_5 repo to directory \"${CMSIS_5_DIR}\".")
endif()
+if (NOT DEFINED BL2)
+ message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
+endif ()
+
set(NS_APP_SRC "${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Config/RTX_Config.c"
"${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Source/rtx_lib.c"
"${APP_DIR}/main_ns.c"
@@ -67,134 +75,205 @@
endif()
embedded_set_target_linker_file(TARGET ${PROJECT_NAME} PATH "${NS_SCATTER_FILE_NAME}")
-if(NOT DEFINED PLATFORM_LINK_INCLUDES)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
-endif()
-embedded_set_target_link_includes(TARGET ${PROJECT_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
+#Create an object library to avoid compiling all source files twice, when two executables
+#with different memory map need to be linked(BL2 non-swapping)
+set(PROJECT_OBJ_LIB ${PROJECT_NAME}_obj_lib)
+add_library(${PROJECT_OBJ_LIB} OBJECT ${ALL_SRC_C} ${ALL_SRC_C_NS} ${ALL_SRC_ASM_NS} ${NS_APP_SRC})
+
+#Set common compiler flags
+config_setting_shared_compiler_flags(${PROJECT_OBJ_LIB})
+
+#Set macro definitions
+target_compile_definitions(${PROJECT_OBJ_LIB} PRIVATE __thumb2__ __DOMAIN_NS=1 __ARM_FEATURE_CMSE=3 LOG_MSG_HANDLER_MODE_PRINTF_ENABLED)
#Set include directories.
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TEST_INTERFACE_DIR}/include ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${INTERFACE_DIR}/include ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Include ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/Include ABSOLUTE APPEND)
-embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Config ABSOLUTE APPEND)
-
-#Create an executable
-add_executable(${PROJECT_NAME} ${ALL_SRC_C} ${ALL_SRC_C_NS} ${ALL_SRC_ASM_NS} ${NS_APP_SRC})
-#Add the RTX library
-if(NOT DEFINED RTX_LIB_PATH)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: RTX_LIB_PATH is not defined.")
-endif()
-target_link_libraries(${PROJECT_NAME} "${RTX_LIB_PATH}")
-#Set macro definitions
-target_compile_definitions(${PROJECT_NAME} PRIVATE __thumb2__ __DOMAIN_NS=1 __ARM_FEATURE_CMSE=3 LOG_MSG_HANDLER_MODE_PRINTF_ENABLED)
-
-#Generate binary file from axf
-compiler_generate_binary_output(${PROJECT_NAME})
-
-#Generate MCUBoot compatible payload
-if (BL2)
- #Find Python3.x interpreter
- find_package(PythonInterp 3)
-
- if (NOT PYTHONINTERP_FOUND)
- message(FATAL_ERROR "Failed to find Python3.x interpreter. Python3 must be installed and available on the PATH.")
- endif()
-
- set(MCUBOOT_DIR ${TFM_ROOT_DIR}/bl2/ext/mcuboot)
-
-if(NOT DEFINED FLASH_LAYOUT)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: FLASH_LAYOUT is not defined.")
-endif()
-
- add_custom_command(TARGET ${PROJECT_NAME}
- POST_BUILD
-
- #Create concatenated binary image from tfm_ns.bin and tfm_s.bin
- COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/assemble.py
- ARGS -l ${FLASH_LAYOUT}
- -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
- -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
- -o ${CMAKE_BINARY_DIR}/tfm_full.bin
-
- #Sign concatenated binary image with default public key in mcuboot folder
- COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
- ARGS sign
- -k ${MCUBOOT_DIR}/root-rsa-2048.pem
- --align 1
- -v 1.0
- -H 0x400
- --pad ${SIGN_BIN_SIZE}
- ${CMAKE_BINARY_DIR}/tfm_full.bin
- ${CMAKE_BINARY_DIR}/tfm_sign.bin
- )
-endif()
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TEST_INTERFACE_DIR}/include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${INTERFACE_DIR}/include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR}/secure_fw/spm ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR}/secure_fw/core ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/Include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${CMSIS_5_DIR}/CMSIS/RTOS2/RTX/Config ABSOLUTE APPEND)
if (NOT DEFINED CORE_TEST)
message(FATAL_ERROR "Incomplete build configuration: CORE_TEST is undefined. ")
elseif(CORE_TEST)
- target_compile_definitions(${PROJECT_NAME} PRIVATE CORE_TEST)
+ target_compile_definitions(${PROJECT_OBJ_LIB} PRIVATE CORE_TEST)
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_CORE)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
-elseif (TFM_PARTITION_TEST_CORE)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
-endif()
+# For the non-swapping BL2 configuration two executables need to be built.
+# One can be executed from flash partition slot_0 and other from slot_1.
+# Only the linking phase is different. This function captures common settings
+# and eliminates copy-paste.
+function(set_up_app_build)
+ set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
+ set( _ONE_VALUE_ARGS NS_TARGET S_TARGET FULL_BIN SIGN_BIN VENEER_NAME POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
+ set( _MULTI_VALUE_ARGS LINK_DEFINES) #List arguments (e.g. LANGUAGES C ASM CXX)
+ cmake_parse_arguments(_MY_PARAMS "${_OPTIONS_ARGS}" "${_ONE_VALUE_ARGS}" "${_MULTI_VALUE_ARGS}" ${ARGN})
-if (NOT DEFINED TFM_PARTITION_TEST_SST)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
-elseif (TFM_PARTITION_TEST_SST)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SST")
-endif()
-
-if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
-elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
-endif()
-
-#Set BL2 specific settings.
-if (NOT DEFINED BL2)
- message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
-elseif (BL2)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "BL2")
-endif()
-
-
-if(NOT TARGET tfm_s)
- #We need access to the secure veneers. If the location is not already
- #specified, then set it.
- if (NOT DEFINED S_VENEER_FILE)
- set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/s_veneers.o")
+ if (NOT DEFINED _MY_PARAMS_NS_TARGET)
+ message(FATAL_ERROR "set_up_app_build(): mandatory parameter 'NS_TARGET' missing.")
endif()
+
+ if (NOT DEFINED _MY_PARAMS_S_TARGET)
+ message(FATAL_ERROR "set_up_app_build(): mandatory parameter 'S_TARGET' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_FULL_BIN)
+ message(FATAL_ERROR "set_up_app_build(): mandatory parameter 'FULL_BIN' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_SIGN_BIN)
+ message(FATAL_ERROR "set_up_app_build(): mandatory parameter 'SIGN_BIN' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_VENEER_NAME)
+ message(FATAL_ERROR "set_up_app_build(): mandatory parameter 'VENEER_NAME' missing.")
+ endif()
+
+ set(EXE_NAME ${_MY_PARAMS_NS_TARGET}${_MY_PARAMS_POSTFIX})
+ set(S_BIN ${_MY_PARAMS_S_TARGET}${_MY_PARAMS_POSTFIX})
+ set(FULL_NAME ${_MY_PARAMS_FULL_BIN}${_MY_PARAMS_POSTFIX})
+ set(SIGN_NAME ${_MY_PARAMS_SIGN_BIN}${_MY_PARAMS_POSTFIX})
+ set(VENEER_NAME ${_MY_PARAMS_VENEER_NAME}${_MY_PARAMS_POSTFIX}.o)
+
+ #Create linker target: add object library to executable
+ add_executable(${EXE_NAME} $<TARGET_OBJECTS:${PROJECT_OBJ_LIB}>)
+
+ #Set common linker flags
+ config_setting_shared_linker_flags(${EXE_NAME})
+
+ #Set individual linker flags per linker target/executable
+ foreach(flag ${_MY_PARAMS_LINK_DEFINES})
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "${flag}")
+ endforeach(flag)
+
+ embedded_set_target_linker_file(TARGET ${EXE_NAME} PATH "${NS_SCATTER_FILE_NAME}")
+
+ #Add the RTX library
+ if(NOT DEFINED RTX_LIB_PATH)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: RTX_LIB_PATH is not defined.")
+ endif()
+ target_link_libraries(${EXE_NAME} "${RTX_LIB_PATH}")
+
+ if(NOT DEFINED PLATFORM_LINK_INCLUDES)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
+ endif()
+ embedded_set_target_link_includes(TARGET ${EXE_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
+
+ #Generate binary file from axf
+ compiler_generate_binary_output(${EXE_NAME})
+
+ #Generate MCUBoot compatible payload
+ if (BL2)
+ mcuboot_create_boot_payload(S_BIN ${S_BIN}
+ NS_BIN ${EXE_NAME}
+ FULL_BIN ${FULL_NAME}
+ SIGN_BIN ${SIGN_NAME}
+ POSTFIX ${_MY_PARAMS_POSTFIX})
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_CORE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
+ elseif (TFM_PARTITION_TEST_CORE)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SST)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
+ elseif (TFM_PARTITION_TEST_SST)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
+ elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+ endif()
+
+ #Set BL2 specific settings.
+ if (BL2)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "BL2")
+ endif()
+
+ #We depend on the non secure tests. See if the library target is available.
+ if(TARGET tfm_non_secure_tests)
+ #If yes, then use the library.
+ target_link_libraries(${EXE_NAME} tfm_non_secure_tests)
+ #Ensure library is built first.
+ add_dependencies(${EXE_NAME} tfm_non_secure_tests)
+ endif()
+
+ #Ensure secure_fw is built before our executable.
+ add_dependencies(${EXE_NAME} ${S_BIN})
+
+ #Add the veneers to the executable.
+ set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/${VENEER_NAME}")
+ set_property(TARGET ${EXE_NAME} APPEND PROPERTY LINK_LIBRARIES ${S_VENEER_FILE})
+
+ #Collect executables to common location: build/install/outputs/
+ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${EXE_NAME}.axf
+ ${CMAKE_CURRENT_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/${TARGET_PLATFORM}/)
+
+ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${EXE_NAME}.axf
+ ${CMAKE_CURRENT_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/fvp/)
+endfunction()
+
+if (NOT TARGET_TFM_S_EXISTED)
+ set(S_VENEER_FILE_LOCATION "${CMAKE_CURRENT_BINARY_DIR}")
add_subdirectory(../secure_fw ${CMAKE_CURRENT_BINARY_DIR}/secure_fw)
endif()
-#We depend on the non secure tests. See if the library target is available.
-if(TARGET tfm_non_secure_tests)
- #If yes, then use the library.
- target_link_libraries(${PROJECT_NAME} tfm_non_secure_tests)
- #Ensure library is built first.
- #add_dependencies(${PROJECT_NAME} tfm_non_secure_tests)
+if (LINK_TO_BOTH_MEMORY_REGION)
+ #Link to primary memory region
+ set_up_app_build(NS_TARGET ${PROJECT_NAME}
+ S_TARGET tfm_s
+ FULL_BIN tfm_full
+ SIGN_BIN tfm_sign
+ VENEER_NAME s_veneers
+ POSTFIX _0)
+
+ #Link to secondary memory region(add extra linker flag)
+ set_up_app_build(NS_TARGET ${PROJECT_NAME}
+ LINK_DEFINES "LINK_TO_SECONDARY_PARTITION"
+ S_TARGET tfm_s
+ FULL_BIN tfm_full
+ SIGN_BIN tfm_sign
+ VENEER_NAME s_veneers
+ POSTFIX _1)
else()
- #If not, add the test source to the build.
- #As of today since secufre_fw is built as a sub-project this code will never
- #execute.
+ #Link to primary memory region only
+ set_up_app_build(NS_TARGET ${PROJECT_NAME}
+ S_TARGET tfm_s
+ FULL_BIN tfm_full
+ SIGN_BIN tfm_sign
+ VENEER_NAME s_veneers)
+endif()
+
+#If the tfm_non_secure_tests target is not available
+if(NOT TARGET tfm_non_secure_tests)
+ #Add the test source to the build.
+ #As of today since secure_fw is built as a sub-project this code will never execute.
option(ENABLE_INVERT_SERVICE_TESTS "" TRUE)
option(ENABLE_SECURE_STORAGE_SERVICE_TESTS "" TRUE)
include(../test/CMakeLists.inc)
- target_sources(${PROJECT_NAME} PUBLIC ${ALL_SRC_C} ${ALL_SRC_C_NS})
+ target_sources(${PROJECT_OBJ_LIB} PUBLIC ${ALL_SRC_C} ${ALL_SRC_C_NS})
endif()
-#Ensure secure_fw is built before our executable.
-add_dependencies(${PROJECT_NAME} tfm_s)
+#Finally let CMake system apply changes after the whole project is defined.
+if (TARGET ${PROJECT_NAME})
+ embedded_project_end(${PROJECT_NAME})
+endif()
-#Add the veneers to the executable.
-set_property(TARGET ${PROJECT_NAME} APPEND PROPERTY LINK_LIBRARIES ${S_VENEER_FILE})
+if (TARGET ${PROJECT_NAME}_0)
+ embedded_project_end(${PROJECT_NAME}_0)
+endif()
-#Finally let cmake system apply changes after the whole project is defined.
-embedded_project_end(${PROJECT_NAME})
+if (TARGET ${PROJECT_NAME}_1)
+ embedded_project_end(${PROJECT_NAME}_1)
+endif()
+
+embedded_project_end(${PROJECT_OBJ_LIB})
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index fb0d4ca..0ab7dcd 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -90,10 +90,10 @@
include(${TFM_ROOT_DIR}/BuildMbedtls.cmake)
#Setting include directories
-embedded_include_directories(PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/bl2/ext/mcuboot/include ABSOLUTE APPEND)
-embedded_include_directories(PATH ${TFM_ROOT_DIR}/bl2/ext/mcuboot/bootutil/include/ ABSOLUTE APPEND)
-embedded_include_directories(PATH ${MBEDTLS_INSTALL_DIR}/include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR}/bl2/ext/mcuboot/include ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR}/bl2/ext/mcuboot/bootutil/include/ ABSOLUTE APPEND)
+embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${MBEDTLS_INSTALL_DIR}/include ABSOLUTE APPEND)
#Define linker file
if(NOT DEFINED BL2_LINKER_CONFIG)
@@ -108,6 +108,10 @@
add_executable(${PROJECT_NAME} ${ALL_SRC_ASM_BL2} ${ALL_SRC_C} ${ALL_SRC_CXX})
+#Set common compiler and linker flags
+config_setting_shared_compiler_flags(${PROJECT_NAME})
+config_setting_shared_linker_flags(${PROJECT_NAME})
+
#Add BL2 define to linker to resolve symbols in region_defs.h
embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "BL2")
@@ -125,7 +129,25 @@
MCUBOOT_VALIDATE_SLOT0
MCUBOOT_USE_FLASH_AREA_GET_SECTORS
MBEDTLS_CONFIG_FILE="config-boot.h"
- )
+ MCUBOOT_TARGET_CONFIG="flash_layout.h")
+
+if (MCUBOOT_NO_SWAP)
+ target_compile_definitions(${PROJECT_NAME} PRIVATE MCUBOOT_NO_SWAP)
+endif()
+
+#Set install location. Keep original value to avoid overriding command line settings.
+if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for MCUBoot." FORCE)
+endif()
+
+#Collect executables to common location: build/install/outputs/
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.axf
+ ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.bin
+ DESTINATION outputs/${TARGET_PLATFORM}/)
+
+install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.axf
+ ${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.bin
+ DESTINATION outputs/fvp/)
#Finally let cmake system apply changes after the whole project is defined.
embedded_project_end(${PROJECT_NAME})
diff --git a/bl2/ext/mcuboot/MCUBoot.cmake b/bl2/ext/mcuboot/MCUBoot.cmake
new file mode 100644
index 0000000..cdcfcbd
--- /dev/null
+++ b/bl2/ext/mcuboot/MCUBoot.cmake
@@ -0,0 +1,62 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2018, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+cmake_minimum_required(VERSION 3.7)
+
+function(mcuboot_create_boot_payload)
+ set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
+ set( _ONE_VALUE_ARGS S_BIN NS_BIN FULL_BIN SIGN_BIN POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
+ set( _MULTI_VALUE_ARGS) #List arguments (e.g. LANGUAGES C ASM CXX)
+ cmake_parse_arguments(_MY_PARAMS "${_OPTIONS_ARGS}" "${_ONE_VALUE_ARGS}" "${_MULTI_VALUE_ARGS}" ${ARGN})
+
+ if (NOT DEFINED _MY_PARAMS_S_BIN)
+ message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'S_BIN' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_NS_BIN)
+ message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'NS_BIN' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_FULL_BIN)
+ message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'FULL_BIN' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_SIGN_BIN)
+ message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'SIGN_BIN' missing.")
+ endif()
+
+ #Find Python3.x interpreter
+ find_package(PythonInterp 3)
+ if (NOT PYTHONINTERP_FOUND)
+ message(FATAL_ERROR "Failed to find Python3.x interpreter. Pyhton3 must be installed and available on the PATH.")
+ endif()
+
+ if(NOT DEFINED FLASH_LAYOUT)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: FLASH_LAYOUT is not defined.")
+ endif()
+
+ add_custom_command(TARGET ${_MY_PARAMS_NS_BIN}
+ POST_BUILD
+
+ #Create concatenated binary image from the two binary file
+ COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/assemble.py
+ ARGS -l ${FLASH_LAYOUT}
+ -s $<TARGET_FILE_DIR:${_MY_PARAMS_S_BIN}>/${_MY_PARAMS_S_BIN}.bin
+ -n $<TARGET_FILE_DIR:${_MY_PARAMS_NS_BIN}>/${_MY_PARAMS_NS_BIN}.bin
+ -o ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
+
+ #Sign concatenated binary image with default public key in mcuboot folder
+ COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
+ ARGS sign
+ -k ${MCUBOOT_DIR}/root-rsa-2048.pem
+ --align 1
+ -v 1.0
+ -H 0x400
+ --pad ${SIGN_BIN_SIZE}
+ ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
+ ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin)
+endfunction()
\ No newline at end of file
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index aea79d7..f451e49 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -18,15 +18,15 @@
project(tfm_s LANGUAGES ASM C)
embedded_project_fixup()
-set (SECURE_FW_DIR "${CMAKE_CURRENT_LIST_DIR}")
-set (TFM_ROOT_DIR "${SECURE_FW_DIR}/..")
-set (TEST_DIR "${TFM_ROOT_DIR}/test")
-set (INTERFACE_DIR "${TFM_ROOT_DIR}/interface")
+set(SECURE_FW_DIR "${CMAKE_CURRENT_LIST_DIR}")
+set(TFM_ROOT_DIR "${SECURE_FW_DIR}/..")
+set(TEST_DIR "${TFM_ROOT_DIR}/test")
+set(INTERFACE_DIR "${TFM_ROOT_DIR}/interface")
if(CORE_TEST)
- set (TFM_LVL 3)
+ set(TFM_LVL 3)
else()
- set (TFM_LVL 1)
+ set(TFM_LVL 1)
endif()
include(${SECURE_FW_DIR}/spm/CMakeLists.inc)
@@ -56,102 +56,195 @@
endif()
embedded_set_target_linker_file(TARGET ${PROJECT_NAME} PATH "${S_SCATTER_FILE_NAME}")
-if(NOT DEFINED PLATFORM_LINK_INCLUDES)
- message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
-endif()
-embedded_set_target_link_includes(TARGET ${PROJECT_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
-
embedded_target_include_directories(TARGET ${PROJECT_NAME} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+#Create an object library to avoid compiling all source files twice, when two executables
+#with different memory map need to be linked(BL2 non-swapping)
+set(PROJECT_OBJ_LIB ${PROJECT_NAME}_obj_lib)
+add_library(${PROJECT_OBJ_LIB} OBJECT ${ALL_SRC_C} ${ALL_SRC_C_S} ${ALL_SRC_ASM_S})
-#Specify what we build
-add_executable(${PROJECT_NAME} ${ALL_SRC_C} ${ALL_SRC_C_S} ${ALL_SRC_ASM_S})
+#Set common compiler flags
+config_setting_shared_compiler_flags(${PROJECT_OBJ_LIB})
+
+if (CORE_TEST)
+ embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES TFM_CORE_DEBUG TFM_PARTITION_TEST_CORE APPEND)
+endif()
+
+#Set include directories
+embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
+
+# For the non-swapping BL2 configuration two executables need to be built.
+# One can be executed from flash partition slot_0 and other from slot_1.
+# Only the linking phase is different. This function captures common settings
+# and eliminates copy-paste.
+function(set_up_secure_fw_build)
+ set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
+ set( _ONE_VALUE_ARGS S_TARGET VENEER_NAME POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
+ set( _MULTI_VALUE_ARGS LINK_DEFINES) #List arguments (e.g. LANGUAGES C ASM CXX)
+ cmake_parse_arguments(_MY_PARAMS "${_OPTIONS_ARGS}" "${_ONE_VALUE_ARGS}" "${_MULTI_VALUE_ARGS}" ${ARGN})
+
+ if (NOT DEFINED _MY_PARAMS_S_TARGET)
+ message(FATAL_ERROR "set_up_secure_fw_build(): mandatory parameter 'S_TARGET' missing.")
+ endif()
+
+ if (NOT DEFINED _MY_PARAMS_VENEER_NAME)
+ message(FATAL_ERROR "set_up_secure_fw_build(): mandatory parameter 'VENEER_NAME' missing.")
+ endif()
+
+ set(EXE_NAME ${_MY_PARAMS_S_TARGET}${_MY_PARAMS_POSTFIX})
+ set(VENEER_NAME ${_MY_PARAMS_VENEER_NAME}${_MY_PARAMS_POSTFIX}.o)
+
+ #Create linker target: add object library to executable
+ add_executable(${EXE_NAME} $<TARGET_OBJECTS:${PROJECT_OBJ_LIB}>)
+
+ #Set common linker flags
+ config_setting_shared_linker_flags(${EXE_NAME})
+
+ #Indicates to secure target(s) already created
+ set(TARGET_TFM_S_EXISTED True PARENT_SCOPE)
+
+ #Set individual linker flags per linker target/executable
+ foreach(flag ${_MY_PARAMS_LINK_DEFINES})
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "${flag}")
+ endforeach(flag)
+
+ embedded_set_target_linker_file(TARGET ${EXE_NAME} PATH "${S_SCATTER_FILE_NAME}")
+
+ add_dependencies(${EXE_NAME} tfm_storage)
+ add_dependencies(${EXE_NAME} tfm_audit)
+ add_dependencies(${EXE_NAME} tfm_secure_tests)
+
+ #Set macro definitions for the project.
+ embedded_set_target_compile_defines(TARGET ${PROJECT_OBJ_LIB} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} DAUTH_CHIP_DEFAULT APPEND)
+
+ if (REGRESSION OR CORE_TEST)
+ #The test service veneers may not be referenced in the secure binary so the
+ #veneer objects are explicitly loaded from the secure tests library.
+ if(${COMPILER} STREQUAL "ARMCLANG")
+ target_link_libraries(${EXE_NAME} tfm_storage tfm_audit $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_secure_tests)
+ elseif(${COMPILER} STREQUAL "GNUARM")
+ target_link_libraries(${EXE_NAME} -Wl,--whole-archive tfm_secure_tests -Wl,--no-whole-archive tfm_storage tfm_audit)
+ else()
+ message(FATAL_ERROR "unknown compiler" )
+ endif()
+ else()
+ target_link_libraries(${EXE_NAME} tfm_storage tfm_audit)
+ endif()
+
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
+
+ if (NOT DEFINED TFM_PARTITION_TEST_CORE)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
+ elseif (TFM_PARTITION_TEST_CORE)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SST)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
+ elseif (TFM_PARTITION_TEST_SST)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+ endif()
+
+ if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
+ message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
+ elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+ endif()
+
+ if (NOT DEFINED BL2)
+ message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
+ elseif (BL2)
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "BL2")
+ endif()
+
+ if(CORE_TEST)
+ set(SECURE_AXF_DIR_PREFIX "${CMAKE_BINARY_DIR}/unit_test/")
+ set_target_properties(${EXE_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${SECURE_AXF_DIR_PREFIX})
+ embedded_set_target_link_defines(TARGET ${EXE_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+ endif()
+
+ if(NOT DEFINED PLATFORM_LINK_INCLUDES)
+ message(FATAL_ERROR "ERROR: Incomplete Configuration: PLATFORM_LINK_INCLUDES is not defined.")
+ endif()
+ embedded_set_target_link_includes(TARGET ${EXE_NAME} INCLUDES "${PLATFORM_LINK_INCLUDES}")
+
+ #Generate binary file from executable
+ compiler_generate_binary_output(${EXE_NAME})
+
+ #Configure where we put the CMSE veneers generated by the compiler.
+ if (DEFINED S_VENEER_FILE_LOCATION)
+ set(S_VENEER_FILE "${S_VENEER_FILE_LOCATION}/${VENEER_NAME}")
+ else()
+ set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/${VENEER_NAME}")
+ endif()
+ compiler_set_cmse_output(${EXE_NAME} "${S_VENEER_FILE}")
+
+ #Configure what file shall be installed.
+ #Set install location. Keep original value to avoid overriding command line settings.
+ if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for secure_fw." FORCE)
+ endif()
+
+ install(DIRECTORY ${TFM_ROOT_DIR}/interface/include/
+ DESTINATION tfm/inc)
+
+ install(DIRECTORY ${TFM_ROOT_DIR}/interface/src/
+ DESTINATION tfm/src)
+
+ install(FILES ${S_VENEER_FILE} DESTINATION tfm/veneers)
+
+ #Collect executables to common location: build/install/outputs/
+ if (DEFINED SECURE_AXF_DIR_PREFIX)
+ set(MY_BINARY_DIR ${SECURE_AXF_DIR_PREFIX})
+ else()
+ set(MY_BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR})
+ endif()
+
+ install(FILES ${MY_BINARY_DIR}/${EXE_NAME}.axf
+ ${MY_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/${TARGET_PLATFORM}/)
+
+ install(FILES ${MY_BINARY_DIR}/${EXE_NAME}.axf
+ ${MY_BINARY_DIR}/${EXE_NAME}.bin
+ DESTINATION outputs/fvp/)
+endfunction()
#Adds the test directory
add_subdirectory(${TFM_ROOT_DIR}/test ${CMAKE_BINARY_DIR}/test)
#Add the secure storage library target
add_subdirectory(${SECURE_FW_DIR}/services/secure_storage)
+
#Add the audit logging library target
add_subdirectory(${SECURE_FW_DIR}/services/audit_logging)
-add_dependencies(${PROJECT_NAME} tfm_storage)
-add_dependencies(${PROJECT_NAME} tfm_audit)
-add_dependencies(${PROJECT_NAME} tfm_secure_tests)
+if (LINK_TO_BOTH_MEMORY_REGION)
+ #Link to primary memory region
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ VENEER_NAME s_veneers
+ POSTFIX "_0")
-#Set macro definitions for the project.
-embedded_set_target_compile_defines(TARGET ${PROJECT_NAME} LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} DAUTH_CHIP_DEFAULT APPEND)
-
-if (REGRESSION OR CORE_TEST)
- #The test service veneers may not be referenced in the secure binary so the
- #veneer objects are explicitly loaded from the secure tests library.
- if(${COMPILER} STREQUAL "ARMCLANG")
- target_link_libraries(${PROJECT_NAME} tfm_storage tfm_audit $<TARGET_LINKER_FILE:tfm_secure_tests>\(*veneers.o\) tfm_secure_tests)
- elseif(${COMPILER} STREQUAL "GNUARM")
- target_link_libraries(${PROJECT_NAME} -Wl,--whole-archive tfm_secure_tests -Wl,--no-whole-archive tfm_storage tfm_audit)
- else()
- message(FATAL_ERROR "unknown compiler" )
- endif()
+ #Link to secondary memory region(add extra linker flag)
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ LINK_DEFINES "LINK_TO_SECONDARY_PARTITION"
+ VENEER_NAME s_veneers
+ POSTFIX "_1")
else()
- target_link_libraries(${PROJECT_NAME} tfm_storage tfm_audit)
+ #Link to primary memory region only
+ set_up_secure_fw_build(S_TARGET ${PROJECT_NAME}
+ VENEER_NAME s_veneers)
endif()
-embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_LVL=${TFM_LVL}")
-
-if (NOT DEFINED TFM_PARTITION_TEST_CORE)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_CORE is undefined. ")
-elseif (TFM_PARTITION_TEST_CORE)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
+#Finally let CMake system apply changes after the whole project is defined.
+if (TARGET ${PROJECT_NAME})
+ embedded_project_end(${PROJECT_NAME})
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_SST)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SST is undefined. ")
-elseif (TFM_PARTITION_TEST_SST)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SST")
+if (TARGET ${PROJECT_NAME}_0)
+ embedded_project_end(${PROJECT_NAME}_0)
endif()
-if (NOT DEFINED TFM_PARTITION_TEST_SECURE_SERVICES)
- message(FATAL_ERROR "Incomplete build configuration: TFM_PARTITION_TEST_SECURE_SERVICES is undefined. ")
-elseif (TFM_PARTITION_TEST_SECURE_SERVICES)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_SECURE_SERVICES")
+if (TARGET ${PROJECT_NAME}_1)
+ embedded_project_end(${PROJECT_NAME}_1)
endif()
-if (NOT DEFINED BL2)
- message(FATAL_ERROR "Incomplete build configuration: BL2 is undefined. ")
-elseif (BL2)
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "BL2")
-endif()
-
-if(CORE_TEST)
- embedded_set_target_compile_defines(TARGET ${PROJECT_NAME} LANGUAGE C DEFINES TFM_CORE_DEBUG TFM_PARTITION_TEST_CORE APPEND)
- set(SECURE_AXF_DIR_PREFIX "${CMAKE_BINARY_DIR}/unit_test/")
- set_target_properties(${PROJECT_NAME} PROPERTIES RUNTIME_OUTPUT_DIRECTORY ${SECURE_AXF_DIR_PREFIX})
- embedded_set_target_link_defines(TARGET ${PROJECT_NAME} DEFINES "TFM_PARTITION_TEST_CORE")
-endif()
-
-#Generate binary file from axf
-compiler_generate_binary_output(${PROJECT_NAME})
-
-#Configure where we put the CMSE veneers generated by the compiler.
-if (NOT DEFINED S_VENEER_FILE)
- set(S_VENEER_FILE "${CMAKE_CURRENT_BINARY_DIR}/s_veneers.o")
-endif()
-compiler_set_cmse_output(${PROJECT_NAME} "${S_VENEER_FILE}")
-
-#Configure what file shall be installed.
-#Set install location. Keep original value to avoid overriding command line
-#settings.
-if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
- SET(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for secure_fw." FORCE)
-endif()
-
-install(DIRECTORY ${TFM_ROOT_DIR}/interface/include/
- DESTINATION tfm/inc)
-
-install(DIRECTORY ${TFM_ROOT_DIR}/interface/src/
- DESTINATION tfm/src)
-
-install(FILES ${S_VENEER_FILE}
- DESTINATION tfm/veneers)
-
-#Finally let cmake system apply changes after the whole project is defined.
-embedded_project_end(${PROJECT_NAME})
+embedded_project_end(${PROJECT_OBJ_LIB})
diff --git a/secure_fw/services/audit_logging/CMakeLists.txt b/secure_fw/services/audit_logging/CMakeLists.txt
index a8ce41a..7bdf17d 100644
--- a/secure_fw/services/audit_logging/CMakeLists.txt
+++ b/secure_fw/services/audit_logging/CMakeLists.txt
@@ -27,6 +27,9 @@
set (MBEDTLS_INSTALL_DIR ${MBEDTLS_BINARY_DIR}/mbedtls_install)
set (MBEDTLS_TARGET_NAME "mbedtls_log_lib")
+#Set mbedTLS compiler flags
+set(MBEDTLS_C_FLAGS ${MBEDTLS_C_FLAGS_SST_LOG})
+
###Get the definition of what files we need to build
set (ENABLE_AUDIT_LOGGING ON)
include(CMakeLists.inc)
@@ -62,4 +65,8 @@
#Ask the compiler to merge the mbedtls and the audit logging libraries.
compiler_merge_library(DEST tfm_audit LIBS "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX_C}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX_C}")
+#Set common compiler and linker flags
+config_setting_shared_compiler_flags(tfm_audit)
+config_setting_shared_linker_flags(tfm_audit)
+
embedded_project_end(tfm_audit)
diff --git a/secure_fw/services/secure_storage/CMakeLists.txt b/secure_fw/services/secure_storage/CMakeLists.txt
index e7673a9..1db9482 100644
--- a/secure_fw/services/secure_storage/CMakeLists.txt
+++ b/secure_fw/services/secure_storage/CMakeLists.txt
@@ -27,6 +27,9 @@
set (MBEDTLS_INSTALL_DIR ${MBEDTLS_BINARY_DIR}/mbedtls_install)
set (MBEDTLS_TARGET_NAME "mbedtls_sst_lib")
+#Set mbedTLS compiler flags
+set(MBEDTLS_C_FLAGS ${MBEDTLS_C_FLAGS_SST_LOG})
+
###Get the definition of what files we need to build
set (ENABLE_SECURE_STORAGE ON)
include(CMakeLists.inc)
@@ -56,6 +59,11 @@
# Specify what we build (for the secure storage service, build as a static library)
add_library(tfm_storage STATIC ${ALL_SRC_ASM} ${ALL_SRC_C})
+
+#Set common compiler and linker flags
+config_setting_shared_compiler_flags(tfm_storage)
+config_setting_shared_linker_flags(tfm_storage)
+
embedded_set_target_compile_defines(TARGET tfm_storage LANGUAGE C DEFINES __ARM_FEATURE_CMSE=3 __thumb2__ TFM_LVL=${TFM_LVL})
#Add a dependency on the mbed_tls_lib_install target.
add_dependencies(tfm_storage ${MBEDTLS_TARGET_NAME}_install)
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index bd6c65d..b81f46b 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -51,17 +51,27 @@
#Build the secure library
add_library(tfm_secure_tests STATIC ${ALL_SRC_C} ${ALL_SRC_C_S})
+
+#Set common compiler and linker flags
+config_setting_shared_compiler_flags(tfm_secure_tests)
+config_setting_shared_linker_flags(tfm_secure_tests)
+
embedded_set_target_compile_defines(TARGET tfm_secure_tests LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 TFM_LVL=${TFM_LVL} APPEND)
#Build the non-secure library
set(CMAKE_STATIC_LIBRARY_PREFIX_C "lib")
add_library(tfm_non_secure_tests STATIC ${ALL_SRC_C} ${ALL_SRC_C_NS})
+
+#Set common compiler and linker flags
+config_setting_shared_compiler_flags(tfm_non_secure_tests)
+config_setting_shared_linker_flags(tfm_non_secure_tests)
+
embedded_set_target_compile_defines(TARGET tfm_non_secure_tests LANGUAGE C DEFINES __thumb2__ __ARM_FEATURE_CMSE=3 __DOMAIN_NS=1 APPEND)
#__DOMAIN_NS=1
if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
- SET(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for tfm_storage." FORCE)
+ set(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/install" CACHE PATH "Default install location for tfm_storage." FORCE)
endif()
install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/framework/integ_test.h