TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 34cf9b91b9aa37162c7c9eae874c204283506b0d / . / cmake / spe-CMakeLists.cmake
blob: 6b72e67025f84a3503e083df9ae229f8fe91d86b [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7cmake_minimum_required(VERSION 3.15)
8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
16set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
17target_link_libraries(tfm_config INTERFACE psa_interface)
18
19add_library(tfm_api_ns)
20
21file(GLOB spe_sources "interface/src/*.c")
22
23target_sources(tfm_api_ns
24 PRIVATE
25 ${spe_sources}
26 # NS specific implementation of NS interface dispatcher
27 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c>
28)
29
30target_include_directories(tfm_api_ns
31 PUBLIC
32 interface/include
33)
34
35add_subdirectory(platform)
36
37target_link_libraries(tfm_api_ns
38 PUBLIC
39 platform_ns
40 tfm_config
41 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
42)
43
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]44if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]45
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]46 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]47
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]48 add_custom_target(tfm_app_binaries
49 DEPENDS tfm_ns_binaries
50 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
51 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]52
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]53 #Sign non-secure binary image with provided secret key
54 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
55 --version ${MCUBOOT_IMAGE_VERSION_NS}
56 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
57 --key ${MCUBOOT_KEY_NS}
58 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
59 --align ${MCUBOOT_ALIGN_VAL}
60 --pad
61 --pad-header
62 -H ${BL2_HEADER_SIZE}
63 -s ${MCUBOOT_SECURITY_COUNTER_NS}
64 -L ${MCUBOOT_ENC_KEY_LEN}
65 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
66 ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
67 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
68 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
69 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
70 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
71 ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]72
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]73 # Create concatenated binary image from the two independently signed
74 # binary file. This only uses the local assemble.py script (not from
75 # upstream mcuboot) because that script is geared towards zephyr
76 # support
77 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
78 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
79 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
80 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
81 --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
82 # merge bootloader and application into Hex image for upload
83 COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/bin/bl2.bin -Binary -offset 0xA000000
84 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000
85 -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel
86 )
87 else()
88 add_custom_target(tfm_app_binaries
89 DEPENDS tfm_ns_binaries
90 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
91 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]92
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]93 # concatenate S + NS binaries into tfm_s_ns.bin
94 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
95 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
96 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
97 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
98 --output ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]99
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame^]100 # sign the combined tfm_s_ns.bin file
101 COMMAND ${Python3_EXECUTABLE}
102 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
103 --version ${MCUBOOT_IMAGE_VERSION_S}
104 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
105 --key ${MCUBOOT_KEY_S}
106 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
107 --align ${MCUBOOT_ALIGN_VAL}
108 --pad
109 --pad-header
110 -H ${BL2_HEADER_SIZE}
111 -s ${MCUBOOT_SECURITY_COUNTER_S}
112 -L ${MCUBOOT_ENC_KEY_LEN}
113 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
114 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
115 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
116 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
117 ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
118 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
119 )
120 endif()
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]121endif()