TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / 8dc9eb22b7a74ebb85d2b9fdad37ef120f259cd0 / . / cmake / spe-CMakeLists.cmake
blob: e697f56921022aecd5f8939fd37612e386c49dc0 [file] [log] [blame]
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7cmake_minimum_required(VERSION 3.15)
8
9# This CMake script is prepard by TF-M for building the non-secure side
10# application and not used in secure build a tree being for export only.
11# This file is renamed to spe/CMakeList.txt during installation phase
12
13include(spe_config)
14include(spe_export)
15
16set_target_properties(tfm_config psa_interface PROPERTIES IMPORTED_GLOBAL True)
17target_link_libraries(tfm_config INTERFACE psa_interface)
18
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]19# In actual NS integration, NS side build should include the source files
20# exported by TF-M build.
21set(INTERFACE_SRC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/src)
22set(INTERFACE_INC_DIR ${CMAKE_CURRENT_LIST_DIR}/interface/include)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]23
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]24add_library(tfm_api_ns STATIC)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]25
26target_sources(tfm_api_ns
27 PRIVATE
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]28 $<$<BOOL:${TFM_PARTITION_PLATFORM}>:${INTERFACE_SRC_DIR}/tfm_platform_api.c>
29 $<$<BOOL:${TFM_PARTITION_PROTECTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_ps_api.c>
30 $<$<BOOL:${TFM_PARTITION_INTERNAL_TRUSTED_STORAGE}>:${INTERFACE_SRC_DIR}/tfm_its_api.c>
31 $<$<BOOL:${TFM_PARTITION_CRYPTO}>:${INTERFACE_SRC_DIR}/tfm_crypto_api.c>
32 $<$<BOOL:${TFM_PARTITION_INITIAL_ATTESTATION}>:${INTERFACE_SRC_DIR}/tfm_attest_api.c>
33 $<$<BOOL:${TFM_PARTITION_FIRMWARE_UPDATE}>:${INTERFACE_SRC_DIR}/tfm_fwu_api.c>
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]34)
35
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]36target_sources(tfm_api_ns
37 PRIVATE
38 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_ns_api.c>
39 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_SRC_DIR}/multi_core/tfm_multi_core_psa_ns_api.c>
40 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${INTERFACE_SRC_DIR}/tfm_psa_ns_api.c>
41)
42
43# Include interface headers exported by TF-M
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]44target_include_directories(tfm_api_ns
45 PUBLIC
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]46 ${INTERFACE_INC_DIR}
47 ${INTERFACE_INC_DIR}/crypto_keys
48 $<$<BOOL:${TFM_PARTITION_NS_AGENT_MAILBOX}>:${INTERFACE_INC_DIR}/multi_core>
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]49)
50
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]51add_library(platform_region_defs INTERFACE)
52
53target_compile_definitions(platform_region_defs
54 INTERFACE
55 $<$<BOOL:${BL1}>:BL1>
56 $<$<BOOL:${BL2}>:BL2>
57 BL2_HEADER_SIZE=${BL2_HEADER_SIZE}
58 BL2_TRAILER_SIZE=${BL2_TRAILER_SIZE}
59 BL1_HEADER_SIZE=${BL1_HEADER_SIZE}
60 BL1_TRAILER_SIZE=${BL1_TRAILER_SIZE}
61 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
62 $<$<BOOL:${TEST_PSA_API}>:PSA_API_TEST_${TEST_PSA_API}>
63 $<$<OR:$<CONFIG:Debug>,$<CONFIG:relwithdebinfo>>:ENABLE_HEAP>
64)
65
66target_link_libraries(platform_region_defs
67 INTERFACE
68 tfm_config
69)
70
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]71add_subdirectory(platform)
72
David Hub27a6632023-10-23 22:38:39 +0800[diff] [blame]73target_sources(platform_ns
74 PRIVATE
75 $<$<BOOL:${PLATFORM_DEFAULT_UART_STDOUT}>:${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/common/uart_stdout.c>
76)
77
Anton Komlev8dc9eb22023-09-15 15:53:03 +0100[diff] [blame^]78target_compile_definitions(platform_ns
79 PUBLIC
80 $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
81 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},hard>:CONFIG_TFM_FLOAT_ABI=2>
82 $<$<STREQUAL:${CONFIG_TFM_FLOAT_ABI},soft>:CONFIG_TFM_FLOAT_ABI=0>
83 $<$<BOOL:${CONFIG_TFM_ENABLE_CP10CP11}>:CONFIG_TFM_ENABLE_CP10CP11>
84)
85
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]86target_link_libraries(tfm_api_ns
87 PUBLIC
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]88 platform_region_defs
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]89 $<$<BOOL:${CONFIG_TFM_USE_TRUSTZONE}>:${CMAKE_CURRENT_SOURCE_DIR}/interface/lib/s_veneers.o>
David Hu35aa1a52023-10-24 23:04:04 +0800[diff] [blame]90 platform_ns
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]91)
92
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]93if(BL2 AND PLATFORM_DEFAULT_IMAGE_SIGNING)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]94
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]95 add_custom_target(tfm_s_ns_signed_bin
96 ALL
97 SOURCES tfm_s_ns_signed.bin
98 )
99
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]100 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]101
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]102 add_custom_target(tfm_ns_signed_bin
103 SOURCES tfm_ns_signed.bin
104 )
105 add_custom_command(OUTPUT tfm_ns_signed.bin
106 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]107 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]108 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]109 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]110
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]111 #Sign non-secure binary image with provided secret key
112 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
113 --version ${MCUBOOT_IMAGE_VERSION_NS}
114 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_ns.o
115 --key ${MCUBOOT_KEY_NS}
116 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
117 --align ${MCUBOOT_ALIGN_VAL}
118 --pad
119 --pad-header
120 -H ${BL2_HEADER_SIZE}
121 -s ${MCUBOOT_SECURITY_COUNTER_NS}
122 -L ${MCUBOOT_ENC_KEY_LEN}
123 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]124 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]125 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
126 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
127 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
128 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]129 tfm_ns_signed.bin
130 COMMAND ${CMAKE_COMMAND} -E copy tfm_ns_signed.bin ${CMAKE_BINARY_DIR}/bin
131 )
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]132
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]133 # Create concatenated binary image from the two independently signed
134 # binary file. This only uses the local assemble.py script (not from
135 # upstream mcuboot) because that script is geared towards zephyr
136 # support
137 add_custom_command(OUTPUT tfm_s_ns_signed.bin
138 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
139 DEPENDS tfm_ns_signed_bin tfm_ns_signed.bin
140 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]141 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]142
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]143 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
144 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s.o
145 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s_signed.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]146 --non_secure tfm_ns_signed.bin
147 --output tfm_s_ns_signed.bin
148 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin ${CMAKE_BINARY_DIR}
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]149 )
150 else()
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]151 add_custom_target(tfm_s_ns_bin
152 SOURCES tfm_s_ns.bin
153 )
154 add_custom_command(OUTPUT tfm_s_ns.bin
155 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
156 DEPENDS tfm_ns_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]157 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
158 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]159
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]160 # concatenate S + NS binaries into tfm_s_ns.bin
161 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/assemble.py
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]162 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]163 --secure ${CMAKE_CURRENT_SOURCE_DIR}/bin/tfm_s.bin
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]164 --non_secure $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
165 --output tfm_s_ns.bin
166 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin ${CMAKE_BINARY_DIR}/bin
167 )
168
169 add_custom_command(OUTPUT tfm_s_ns_signed.bin
170 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]171 DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]172 DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,>
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]173 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]174
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]175 # sign the combined tfm_s_ns.bin file
176 COMMAND ${Python3_EXECUTABLE}
177 ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/scripts/wrapper/wrapper.py
178 --version ${MCUBOOT_IMAGE_VERSION_S}
David Hub5f10a52023-10-26 22:24:10 +0800[diff] [blame]179 --layout ${CMAKE_CURRENT_SOURCE_DIR}/image_signing/layout_files/signing_layout_s_ns.o
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]180 --key ${MCUBOOT_KEY_S}
181 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
182 --align ${MCUBOOT_ALIGN_VAL}
183 --pad
184 --pad-header
185 -H ${BL2_HEADER_SIZE}
186 -s ${MCUBOOT_SECURITY_COUNTER_S}
187 -L ${MCUBOOT_ENC_KEY_LEN}
188 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
189 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
190 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
191 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
David Hua01be0a2023-10-25 23:08:10 +0800[diff] [blame]192 tfm_s_ns.bin
193 tfm_s_ns_signed.bin
194 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin ${CMAKE_BINARY_DIR}
Dávid Házi34cf9b92023-10-11 11:10:41 +0200[diff] [blame]195 )
196 endif()
Anton Komlevaee4b612023-05-14 17:38:36 +0100[diff] [blame]197endif()