TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 66bd9a0815aeecaf52c5d3afd127ff6cffc261e2 / . / cmake / spe-CMakeLists.cmake
blob: 15e392dc259462a639e23e471137dd6ffe3d64f4 [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7cmake_minimum_required(VERSION 3.15)
8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
16set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
17target_link_libraries(tfm_config INTERFACE psa_interface)
18
19add_library(tfm_api_ns)
20
21file(GLOB spe_sources "interface/src/*.c")
22
23target_sources(tfm_api_ns
24 PRIVATE
25 ${spe_sources}
26 # NS specific implementation of NS interface dispatcher
27 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c>
28)
29
30target_include_directories(tfm_api_ns
31 PUBLIC
32 interface/include
David Hu71f6dcc2023-10-18 11:52:21 +0800[diff] [blame]33 interface/include/crypto_keys
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]34)
35
36add_subdirectory(platform)
37
38target_link_libraries(tfm_api_ns
39 PUBLIC
40 platform_ns
41 tfm_config
42 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
43)
44
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]45if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]46
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]47 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]48
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]49 add_custom_target(tfm_app_binaries
50 DEPENDS tfm_ns_binaries
51 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
52 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]53
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]54 #Sign non-secure binary image with provided secret key
55 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
56 --version ${MCUBOOT_IMAGE_VERSION_NS}
57 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
58 --key ${MCUBOOT_KEY_NS}
59 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
60 --align ${MCUBOOT_ALIGN_VAL}
61 --pad
62 --pad-header
63 -H ${BL2_HEADER_SIZE}
64 -s ${MCUBOOT_SECURITY_COUNTER_NS}
65 -L ${MCUBOOT_ENC_KEY_LEN}
66 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
67 ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
68 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
69 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
70 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
71 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
72 ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]73
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]74 # Create concatenated binary image from the two independently signed
75 # binary file. This only uses the local assemble.py script (not from
76 # upstream mcuboot) because that script is geared towards zephyr
77 # support
78 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
79 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
80 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
81 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin
82 --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
83 # merge bootloader and application into Hex image for upload
84 COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/bin/bl2.bin -Binary -offset 0xA000000
85 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000
86 -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel
87 )
88 else()
89 add_custom_target(tfm_app_binaries
90 DEPENDS tfm_ns_binaries
91 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
92 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]93
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]94 # concatenate S + NS binaries into tfm_s_ns.bin
95 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
96 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
97 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
98 --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin
99 --output ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]100
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]101 # sign the combined tfm_s_ns.bin file
102 COMMAND ${Python3_EXECUTABLE}
103 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
104 --version ${MCUBOOT_IMAGE_VERSION_S}
105 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
106 --key ${MCUBOOT_KEY_S}
107 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
108 --align ${MCUBOOT_ALIGN_VAL}
109 --pad
110 --pad-header
111 -H ${BL2_HEADER_SIZE}
112 -s ${MCUBOOT_SECURITY_COUNTER_S}
113 -L ${MCUBOOT_ENC_KEY_LEN}
114 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
115 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
116 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
117 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
118 ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin
119 ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin
120 )
121 endif()
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]122endif()