| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 1 | #------------------------------------------------------------------------------- |
| 2 | # Copyright (c) 2023, Arm Limited. All rights reserved. |
| 3 | # |
| 4 | # SPDX-License-Identifier: BSD-3-Clause |
| 5 | # |
| 6 | #------------------------------------------------------------------------------- |
| 7 | cmake_minimum_required(VERSION 3.15) |
| 8 | |
| 9 | # This CMake script is prepard by TF-M for building the non-secure side |
| 10 | # application and not used in secure build a tree being for export only. |
| 11 | # This file is renamed to spe/CMakeList.txt during installation phase |
| 12 | |
| 13 | include(spe_config) |
| 14 | include(spe_export) |
| 15 | |
| 16 | set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True) |
| 17 | target_link_libraries(tfm_config INTERFACE psa_interface) |
| 18 | |
| 19 | add_library(tfm_api_ns) |
| 20 | |
| 21 | file(GLOB spe_sources "interface/src/*.c") |
| 22 | |
| 23 | target_sources(tfm_api_ns |
| 24 | PRIVATE |
| 25 | ${spe_sources} |
| 26 | # NS specific implementation of NS interface dispatcher |
| 27 | $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c> |
| 28 | ) |
| 29 | |
| 30 | target_include_directories(tfm_api_ns |
| 31 | PUBLIC |
| 32 | interface/include |
| David Hu | 71f6dcc | 2023-10-18 11:52:21 +0800 | [diff] [blame] | 33 | interface/include/crypto_keys |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 34 | ) |
| 35 | |
| David Hu | 35aa1a5 | 2023-10-24 23:04:04 +0800 | [diff] [blame^] | 36 | add_library(platform_region_defs INTERFACE) |
| 37 | |
| 38 | target_compile_definitions(platform_region_defs |
| 39 | INTERFACE |
| 40 | $<$<BOOL:${BL1}>:BL1> |
| 41 | $<$<BOOL:${BL2}>:BL2> |
| 42 | BL2_HEADER_SIZE=${BL2_HEADER_SIZE} |
| 43 | BL2_TRAILER_SIZE=${BL2_TRAILER_SIZE} |
| 44 | BL1_HEADER_SIZE=${BL1_HEADER_SIZE} |
| 45 | BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE} |
| 46 | $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}> |
| 47 | $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_${TEST_PSA_API}> |
| 48 | $<$<OR:$<CONFIG:Debug>,$<CONFIG:relwithdebinfo>>:ENABLE_HEAP> |
| 49 | ) |
| 50 | |
| 51 | target_link_libraries(platform_region_defs |
| 52 | INTERFACE |
| 53 | tfm_config |
| 54 | ) |
| 55 | |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 56 | add_subdirectory(platform) |
| 57 | |
| 58 | target_link_libraries(tfm_api_ns |
| 59 | PUBLIC |
| David Hu | 35aa1a5 | 2023-10-24 23:04:04 +0800 | [diff] [blame^] | 60 | platform_region_defs |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 61 | $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o> |
| David Hu | 35aa1a5 | 2023-10-24 23:04:04 +0800 | [diff] [blame^] | 62 | PRIVATE |
| 63 | platform_ns |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 64 | ) |
| 65 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 66 | if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING) |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 67 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 68 | if (MCUBOOT_IMAGE_NUMBER GREATER 1) |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 69 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 70 | add_custom_target(tfm_app_binaries |
| 71 | DEPENDS tfm_ns_binaries |
| 72 | DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,> |
| 73 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 74 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 75 | #Sign non-secure binary image with provided secret key |
| 76 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py |
| 77 | --version ${MCUBOOT_IMAGE_VERSION_NS} |
| 78 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o |
| 79 | --key ${MCUBOOT_KEY_NS} |
| 80 | --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash> |
| 81 | --align ${MCUBOOT_ALIGN_VAL} |
| 82 | --pad |
| 83 | --pad-header |
| 84 | -H ${BL2_HEADER_SIZE} |
| 85 | -s ${MCUBOOT_SECURITY_COUNTER_NS} |
| 86 | -L ${MCUBOOT_ENC_KEY_LEN} |
| 87 | -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\" |
| 88 | ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin |
| 89 | $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only> |
| 90 | $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm> |
| 91 | $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}> |
| 92 | $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record> |
| 93 | ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 94 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 95 | # Create concatenated binary image from the two independently signed |
| 96 | # binary file. This only uses the local assemble.py script (not from |
| 97 | # upstream mcuboot) because that script is geared towards zephyr |
| 98 | # support |
| 99 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py |
| 100 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o |
| 101 | --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin |
| 102 | --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns_signed.bin |
| 103 | --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin |
| 104 | # merge bootloader and application into Hex image for upload |
| 105 | COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/bin/bl2.bin -Binary -offset 0xA000000 |
| 106 | ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000 |
| 107 | -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel |
| 108 | ) |
| 109 | else() |
| 110 | add_custom_target(tfm_app_binaries |
| 111 | DEPENDS tfm_ns_binaries |
| 112 | DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,> |
| 113 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 114 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 115 | # concatenate S + NS binaries into tfm_s_ns.bin |
| 116 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py |
| 117 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o |
| 118 | --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin |
| 119 | --non_secure ${CMAKE_BINARY_DIR}/bin/tfm_ns.bin |
| 120 | --output ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 121 | |
| Dávid Házi | 34cf9b9 | 2023-10-11 11:10:41 +0200 | [diff] [blame] | 122 | # sign the combined tfm_s_ns.bin file |
| 123 | COMMAND ${Python3_EXECUTABLE} |
| 124 | ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py |
| 125 | --version ${MCUBOOT_IMAGE_VERSION_S} |
| 126 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o |
| 127 | --key ${MCUBOOT_KEY_S} |
| 128 | --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash> |
| 129 | --align ${MCUBOOT_ALIGN_VAL} |
| 130 | --pad |
| 131 | --pad-header |
| 132 | -H ${BL2_HEADER_SIZE} |
| 133 | -s ${MCUBOOT_SECURITY_COUNTER_S} |
| 134 | -L ${MCUBOOT_ENC_KEY_LEN} |
| 135 | $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only> |
| 136 | $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm> |
| 137 | $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}> |
| 138 | $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record> |
| 139 | ${CMAKE_BINARY_DIR}/bin/tfm_s_ns.bin |
| 140 | ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin |
| 141 | ) |
| 142 | endif() |
| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 143 | endif() |