TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / c28b9b293c0555ba3cd37f34b931e18099f51446 / . / cmake / spe-CMakeLists.cmake
blob: d75c67f486f57d04a86541d67f88dc692e90494d [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7cmake_minimum_required(VERSION 3.15)
8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
16set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
17target_link_libraries(tfm_config INTERFACE psa_interface)
18
19add_library(tfm_api_ns)
20
21file(GLOB spe_sources "interface/src/*.c")
22
23target_sources(tfm_api_ns
24 PRIVATE
25 ${spe_sources}
26 # NS specific implementation of NS interface dispatcher
27 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c>
28)
29
30target_include_directories(tfm_api_ns
31 PUBLIC
32 interface/include
33)
34
35add_subdirectory(platform)
36
37target_link_libraries(tfm_api_ns
38 PUBLIC
39 platform_ns
40 tfm_config
41 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
42)
43
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]44if (MCUBOOT_IMAGE_NUMBER GREATER 1)
45
46 add_custom_target(tfm_app_binaries
47 DEPENDS tfm_ns_binaries
48 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
49 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
50
51 #Sign non-secure binary image with provided secret key
52 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
53 --version ${MCUBOOT_IMAGE_VERSION_NS}
54 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
55 --key ${MCUBOOT_KEY_NS}
56 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
57 --align ${MCUBOOT_ALIGN_VAL}
58 --pad
59 --pad-header
60 -H ${BL2_HEADER_SIZE}
61 -s ${MCUBOOT_SECURITY_COUNTER_NS}
62 -L ${MCUBOOT_ENC_KEY_LEN}
63 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
David Hu9e1b2632023-10-14 13:35:24 +0800[diff] [blame]64 ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]65 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
66 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
67 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
68 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
David Hu9e1b2632023-10-14 13:35:24 +0800[diff] [blame]69 ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]70
71 # Create concatenated binary image from the two independently signed
72 # binary file. This only uses the local assemble.py script (not from
73 # upstream mcuboot) because that script is geared towards zephyr
74 # support
75 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
76 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
Anton Komlev3dd98632023-09-20 16:26:30 +0100[diff] [blame]77 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
David Hu9e1b2632023-10-14 13:35:24 +0800[diff] [blame]78 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]79 --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
80 # merge bootloader and application into Hex image for upload
Anton Komlev3dd98632023-09-20 16:26:30 +0100[diff] [blame]81 COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/bin/bl2.bin -Binary -offset 0xA000000
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]82 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000
83 -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel
84 )
85else()
86
87 add_custom_target(tfm_app_binaries
88 DEPENDS tfm_ns_binaries
89 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
90 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
91
92 # concatenate S + NS binaries into tfm_s_ns.bin
93 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
94 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Anton Komlev3dd98632023-09-20 16:26:30 +0100[diff] [blame]95 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
David Hu9e1b2632023-10-14 13:35:24 +0800[diff] [blame]96 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
97 --output ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]98
99 # sign the combined tfm_s_ns.bin file
100 COMMAND ${Python3_EXECUTABLE}
101 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
102 --version ${MCUBOOT_IMAGE_VERSION_S}
103 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
104 --key ${MCUBOOT_KEY_S}
105 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
106 --align ${MCUBOOT_ALIGN_VAL}
107 --pad
108 --pad-header
109 -H ${BL2_HEADER_SIZE}
110 -s ${MCUBOOT_SECURITY_COUNTER_S}
111 -L ${MCUBOOT_ENC_KEY_LEN}
112 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
113 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
114 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
115 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
David Hu9e1b2632023-10-14 13:35:24 +0800[diff] [blame]116 ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]117 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
118 )
119endif()
120