| Anton Komlev | aee4b61 | 2023-05-14 17:38:36 +0100 | [diff] [blame] | 1 | #------------------------------------------------------------------------------- |
| 2 | # Copyright (c) 2023, Arm Limited. All rights reserved. |
| 3 | # |
| 4 | # SPDX-License-Identifier: BSD-3-Clause |
| 5 | # |
| 6 | #------------------------------------------------------------------------------- |
| 7 | cmake_minimum_required(VERSION 3.15) |
| 8 | |
| 9 | # This CMake script is prepard by TF-M for building the non-secure side |
| 10 | # application and not used in secure build a tree being for export only. |
| 11 | # This file is renamed to spe/CMakeList.txt during installation phase |
| 12 | |
| 13 | include(spe_config) |
| 14 | include(spe_export) |
| 15 | |
| 16 | set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True) |
| 17 | target_link_libraries(tfm_config INTERFACE psa_interface) |
| 18 | |
| 19 | add_library(tfm_api_ns) |
| 20 | |
| 21 | file(GLOB spe_sources "interface/src/*.c") |
| 22 | |
| 23 | target_sources(tfm_api_ns |
| 24 | PRIVATE |
| 25 | ${spe_sources} |
| 26 | # NS specific implementation of NS interface dispatcher |
| 27 | $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:interface/src/os_wrapper/tfm_ns_interface_rtos.c> |
| 28 | ) |
| 29 | |
| 30 | target_include_directories(tfm_api_ns |
| 31 | PUBLIC |
| 32 | interface/include |
| 33 | ) |
| 34 | |
| 35 | add_subdirectory(platform) |
| 36 | |
| 37 | target_link_libraries(tfm_api_ns |
| 38 | PUBLIC |
| 39 | platform_ns |
| 40 | tfm_config |
| 41 | $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o> |
| 42 | ) |
| 43 | |
| 44 | target_add_scatter_file() |
| 45 | |
| 46 | add_custom_target(tfm_ns_binaries |
| 47 | DEPENDS tfm_ns |
| 48 | COMMAND ${CMAKE_OBJCOPY} -O binary $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.bin |
| 49 | COMMAND ${CMAKE_OBJCOPY} -O elf32-littlearm $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.elf |
| 50 | COMMAND ${CMAKE_OBJCOPY} -O ihex $<TARGET_FILE:tfm_ns> ${CMAKE_BINARY_DIR}/tfm_ns.hex |
| 51 | ) |
| 52 | |
| 53 | if (MCUBOOT_IMAGE_NUMBER GREATER 1) |
| 54 | |
| 55 | add_custom_target(tfm_app_binaries |
| 56 | DEPENDS tfm_ns_binaries |
| 57 | DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,> |
| 58 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts |
| 59 | |
| 60 | #Sign non-secure binary image with provided secret key |
| 61 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py |
| 62 | --version ${MCUBOOT_IMAGE_VERSION_NS} |
| 63 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o |
| 64 | --key ${MCUBOOT_KEY_NS} |
| 65 | --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash> |
| 66 | --align ${MCUBOOT_ALIGN_VAL} |
| 67 | --pad |
| 68 | --pad-header |
| 69 | -H ${BL2_HEADER_SIZE} |
| 70 | -s ${MCUBOOT_SECURITY_COUNTER_NS} |
| 71 | -L ${MCUBOOT_ENC_KEY_LEN} |
| 72 | -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\" |
| 73 | ${CMAKE_BINARY_DIR}/tfm_ns.bin |
| 74 | $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only> |
| 75 | $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm> |
| 76 | $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}> |
| 77 | $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record> |
| 78 | ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin |
| 79 | |
| 80 | # Create concatenated binary image from the two independently signed |
| 81 | # binary file. This only uses the local assemble.py script (not from |
| 82 | # upstream mcuboot) because that script is geared towards zephyr |
| 83 | # support |
| 84 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py |
| 85 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o |
| 86 | --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s_signed.bin |
| 87 | --non_secure ${CMAKE_BINARY_DIR}/tfm_ns_signed.bin |
| 88 | --output ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin |
| 89 | # merge bootloader and application into Hex image for upload |
| 90 | COMMAND srec_cat ${CMAKE_CURRENT_SOURCE_DIR}/outputs/bl2.bin -Binary -offset 0xA000000 |
| 91 | ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin -Binary -offset 0xA020000 |
| 92 | -o ${CMAKE_BINARY_DIR}/tfm.hex -Intel |
| 93 | ) |
| 94 | else() |
| 95 | |
| 96 | add_custom_target(tfm_app_binaries |
| 97 | DEPENDS tfm_ns_binaries |
| 98 | DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,> |
| 99 | WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts |
| 100 | |
| 101 | # concatenate S + NS binaries into tfm_s_ns.bin |
| 102 | COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py |
| 103 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o |
| 104 | --secure ${CMAKE_CURRENT_SOURCE_DIR}/outputs/tfm_s.bin |
| 105 | --non_secure ${CMAKE_BINARY_DIR}/tfm_ns.bin |
| 106 | --output ${CMAKE_BINARY_DIR}/tfm_s_ns.bin |
| 107 | |
| 108 | # sign the combined tfm_s_ns.bin file |
| 109 | COMMAND ${Python3_EXECUTABLE} |
| 110 | ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py |
| 111 | --version ${MCUBOOT_IMAGE_VERSION_S} |
| 112 | --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o |
| 113 | --key ${MCUBOOT_KEY_S} |
| 114 | --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash> |
| 115 | --align ${MCUBOOT_ALIGN_VAL} |
| 116 | --pad |
| 117 | --pad-header |
| 118 | -H ${BL2_HEADER_SIZE} |
| 119 | -s ${MCUBOOT_SECURITY_COUNTER_S} |
| 120 | -L ${MCUBOOT_ENC_KEY_LEN} |
| 121 | $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only> |
| 122 | $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm> |
| 123 | $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}> |
| 124 | $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record> |
| 125 | ${CMAKE_BINARY_DIR}/tfm_s_ns.bin |
| 126 | ${CMAKE_BINARY_DIR}/tfm_s_ns_signed.bin |
| 127 | ) |
| 128 | endif() |
| 129 | |