TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / d8fbe0e87f52cf84646c000b7c062b2740fa8efa / . / bl2 / ext / mcuboot / MCUBoot.cmake
blob: d40ca7edfec491f82058553922f582bc4069c5f5 [file] [log] [blame]
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]1#-------------------------------------------------------------------------------
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]2# Copyright (c) 2018-2019, Arm Limited. All rights reserved.
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8cmake_minimum_required(VERSION 3.7)
9
10function(mcuboot_create_boot_payload)
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]11 set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]12 set( _ONE_VALUE_ARGS S_BIN NS_BIN FULL_BIN SIGN_BIN POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]13 set( _MULTI_VALUE_ARGS) #List arguments (e.g. LANGUAGES C ASM CXX)
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]14 cmake_parse_arguments(_MY_PARAMS "${_OPTIONS_ARGS}" "${_ONE_VALUE_ARGS}" "${_MULTI_VALUE_ARGS}" ${ARGN})
15
16 if (NOT DEFINED _MY_PARAMS_S_BIN)
17 message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'S_BIN' missing.")
18 endif()
19
20 if (NOT DEFINED _MY_PARAMS_NS_BIN)
21 message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'NS_BIN' missing.")
22 endif()
23
24 if (NOT DEFINED _MY_PARAMS_FULL_BIN)
25 message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'FULL_BIN' missing.")
26 endif()
27
28 if (NOT DEFINED _MY_PARAMS_SIGN_BIN)
29 message(FATAL_ERROR "mcuboot_create_boot_payload(): mandatory parameter 'SIGN_BIN' missing.")
30 endif()
31
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]32 if (DEFINED _MY_PARAMS_POSTFIX)
Tamas Banbba85642019-06-06 09:31:59 +0100[diff] [blame]33 if (${_MY_PARAMS_POSTFIX} STREQUAL "_1")
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]34 set(MY_POSTFIX "1")
Tamas Banbba85642019-06-06 09:31:59 +0100[diff] [blame]35 else()
36 message(FATAL_ERROR "Unknown artefacts postfix: ${_MY_PARAMS_POSTFIX}")
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]37 endif()
38 endif()
39
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]40 #Find Python3.x interpreter
41 find_package(PythonInterp 3)
42 if (NOT PYTHONINTERP_FOUND)
43 message(FATAL_ERROR "Failed to find Python3.x interpreter. Pyhton3 must be installed and available on the PATH.")
44 endif()
45
46 if(NOT DEFINED FLASH_LAYOUT)
47 message(FATAL_ERROR "ERROR: Incomplete Configuration: FLASH_LAYOUT is not defined.")
48 endif()
49
Tamas Ban7801ed42019-05-20 13:21:53 +0100[diff] [blame]50 if (MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
51 set(KEY_FILE "${MCUBOOT_DIR}/root-rsa-3072.pem")
52 elseif(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-2048")
53 set(KEY_FILE "${MCUBOOT_DIR}/root-rsa-2048.pem")
54 else()
55 message(FATAL_ERROR "${MCUBOOT_SIGNATURE_TYPE} is not supported as firmware signing algorithm")
56 endif()
57
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]58 set(PARTIAL_CONTENT_FOR_PREPROCESSING "#include \"${FLASH_LAYOUT}\"\n\n"
Sverteczky, Marcell7d069e82019-07-04 18:17:33 +0200[diff] [blame]59 "/* Enumeration that is used by the assemble.py and imgtool.py scripts\n"
60 " * for correct binary generation when nested macros are used\n"
61 " */\n"
Sverteczky, Marcell4b78a4b2019-06-03 14:17:10 +0200[diff] [blame]62 "enum image_attributes {\n"
63 "\tRE_SECURE_IMAGE_OFFSET = SECURE_IMAGE_OFFSET,\n"
64 "\tRE_SECURE_IMAGE_MAX_SIZE = SECURE_IMAGE_MAX_SIZE,\n"
65 "\tRE_NON_SECURE_IMAGE_OFFSET = NON_SECURE_IMAGE_OFFSET,\n"
Sverteczky, Marcell7d069e82019-07-04 18:17:33 +0200[diff] [blame]66 "\tRE_NON_SECURE_IMAGE_MAX_SIZE = NON_SECURE_IMAGE_MAX_SIZE,\n"
67 "#ifdef IMAGE_LOAD_ADDRESS\n"
68 "\tRE_IMAGE_LOAD_ADDRESS = IMAGE_LOAD_ADDRESS,\n"
69 "#endif\n"
Sverteczky, Marcell4b78a4b2019-06-03 14:17:10 +0200[diff] [blame]70 )
71
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]72if (MCUBOOT_IMAGE_NUMBER GREATER 1)
73 if (SECURITY_COUNTER_S)
74 set(ADD_SECURITY_COUNTER_S "-s ${SECURITY_COUNTER_S}")
75 else()
76 set(ADD_SECURITY_COUNTER_S "")
77 endif()
78 if (SECURITY_COUNTER_NS)
79 set(ADD_SECURITY_COUNTER_NS "-s ${SECURITY_COUNTER_NS}")
80 else()
81 set(ADD_SECURITY_COUNTER_NS "")
82 endif()
83 if (DEFINED SECURITY_COUNTER)
84 message(WARNING "In case of multiple updatable images the security counter value can be specified"
85 " for the Secure and Non-secure images separately with the SECURITY_COUNTER_S and SECURITY_COUNTER_NS"
86 " defines. The value of SECURITY_COUNTER was ignored.")
87 set(SECURITY_COUNTER "")
88 endif()
89
90 if (NOT IMAGE_VERSION_S)
91 set(IMAGE_VERSION_S 0.0.0+0)
92 endif()
93 if (NOT IMAGE_VERSION_NS)
94 set(IMAGE_VERSION_NS 0.0.0+0)
95 endif()
96 if (DEFINED IMAGE_VERSION)
97 message(WARNING "In case of multiple updatable images the image version can be specified"
98 " for the Secure and Non-secure images separately with the IMAGE_VERSION_S and IMAGE_VERSION_NS"
99 " defines. The value of IMAGE_VERSION was ignored.")
100 set(IMAGE_VERSION "")
101 endif()
102
103 set(FILE_TO_PREPROCESS ${CMAKE_BINARY_DIR}/image_macros_to_preprocess)
104 set(PREPROCESSED_FILE ${CMAKE_BINARY_DIR}/image_macros_preprocessed)
105
106 #Create files that will be preprocessed later in order to be able to handle
107 # nested macros in header files for certain macros
108 string(CONCAT CONTENT_FOR_PREPROCESSING ${PARTIAL_CONTENT_FOR_PREPROCESSING}
109 "\tRE_SIGN_BIN_SIZE = FLASH_AREA_0_SIZE,\n}\;")
110 file(WRITE ${FILE_TO_PREPROCESS}_s.c ${CONTENT_FOR_PREPROCESSING})
111 string(CONCAT CONTENT_FOR_PREPROCESSING ${PARTIAL_CONTENT_FOR_PREPROCESSING}
112 "\tRE_SIGN_BIN_SIZE = FLASH_AREA_1_SIZE,\n}\;")
113 file(WRITE ${FILE_TO_PREPROCESS}_ns.c ${CONTENT_FOR_PREPROCESSING})
114
115 #Preprocess the _s.c file that contains the secure image related macros
116 compiler_preprocess_file(SRC ${FILE_TO_PREPROCESS}_s.c
117 DST ${PREPROCESSED_FILE}_s.c
118 BEFORE_TARGET ${_MY_PARAMS_S_BIN}
119 TARGET_PREFIX ${_MY_PARAMS_S_BIN}
120 DEFINES "MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}")
121
122 #Preprocess the _ns.c file that contains the non-secure image related macros
123 compiler_preprocess_file(SRC ${FILE_TO_PREPROCESS}_ns.c
124 DST ${PREPROCESSED_FILE}_ns.c
125 BEFORE_TARGET ${_MY_PARAMS_NS_BIN}
126 TARGET_PREFIX ${_MY_PARAMS_NS_BIN}
127 DEFINES "MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}")
128
129 add_custom_command(TARGET ${_MY_PARAMS_NS_BIN}
130 POST_BUILD
131
132 #Sign secure binary image with default public key in mcuboot folder
133 COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
134 ARGS sign
135 --layout ${PREPROCESSED_FILE}_s.c
136 -k ${KEY_FILE}
137 --align 1
138 -v ${IMAGE_VERSION_S}
139 ${ADD_SECURITY_COUNTER_S}
140 -H 0x400
141 $<TARGET_FILE_DIR:${_MY_PARAMS_S_BIN}>/${_MY_PARAMS_S_BIN}.bin
142 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_S_BIN}_signed.bin
143
144 #Sign non-secure binary image with default public key in mcuboot folder
145 COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
146 ARGS sign
147 --layout ${PREPROCESSED_FILE}_ns.c
148 -k ${KEY_FILE}
149 --align 1
150 -v ${IMAGE_VERSION_NS}
151 ${ADD_SECURITY_COUNTER_NS}
152 -H 0x400
153 $<TARGET_FILE_DIR:${_MY_PARAMS_NS_BIN}>/${_MY_PARAMS_NS_BIN}.bin
154 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_NS_BIN}_signed.bin
155
156 #Create concatenated binary image from the two independently signed binary file
157 COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/assemble.py
158 ARGS --layout ${PREPROCESSED_FILE}_s.c
159 -s ${CMAKE_BINARY_DIR}/${_MY_PARAMS_S_BIN}_signed.bin
160 -n ${CMAKE_BINARY_DIR}/${_MY_PARAMS_NS_BIN}_signed.bin
161 -o ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin)
162
163else() # MCUBOOT_IMAGE_NUMBER = 1
164 if (SECURITY_COUNTER)
165 set(ADD_SECURITY_COUNTER "-s ${SECURITY_COUNTER}")
166 else()
167 set(ADD_SECURITY_COUNTER "")
168 endif()
169 if (DEFINED SECURITY_COUNTER_S OR
170 DEFINED SECURITY_COUNTER_NS)
171 message(WARNING "In case of a single updatable image the security counter value can be specified with"
172 " the SECURITY_COUNTER define. The values of SECURITY_COUNTER_S and/or SECURITY_COUNTER_NS were ignored.")
173 set(SECURITY_COUNTER_S "")
174 set(SECURITY_COUNTER_NS "")
175 endif()
176
177 if (NOT IMAGE_VERSION)
178 set(IMAGE_VERSION 0.0.0+0)
179 endif()
180 if (DEFINED IMAGE_VERSION_S OR
181 DEFINED IMAGE_VERSION_NS)
182 message(WARNING "In case of a single updatable image the image version can be specified with"
183 " the IMAGE_VERSION define. The values of IMAGE_VERSION_S and/or IMAGE_VERSION_NS were ignored.")
184 set(IMAGE_VERSION_S "")
185 set(IMAGE_VERSION_NS "")
186 endif()
187
188 set(FILE_TO_PREPROCESS ${CMAKE_BINARY_DIR}/image_macros_to_preprocess.c)
189 set(PREPROCESSED_FILE ${CMAKE_BINARY_DIR}/image_macros_preprocessed.c)
190 string(CONCAT CONTENT_FOR_PREPROCESSING ${PARTIAL_CONTENT_FOR_PREPROCESSING}
191 "\tRE_SIGN_BIN_SIZE = FLASH_AREA_0_SIZE,\n}\;")
192
Sverteczky, Marcell4b78a4b2019-06-03 14:17:10 +0200[diff] [blame]193 #Create a file that will be preprocessed later in order to be able to handle nested macros
Sverteczky, Marcell7d069e82019-07-04 18:17:33 +0200[diff] [blame]194 #in header files for certain macros
Sverteczky, Marcell4b78a4b2019-06-03 14:17:10 +0200[diff] [blame]195 file(WRITE ${FILE_TO_PREPROCESS} ${CONTENT_FOR_PREPROCESSING})
196
197 #Preprocess the .c file that contains the image related macros
198 compiler_preprocess_file(SRC ${FILE_TO_PREPROCESS}
199 DST ${PREPROCESSED_FILE}
200 BEFORE_TARGET ${_MY_PARAMS_NS_BIN}
David Vincze63eda7a2019-08-09 17:42:51 +0200[diff] [blame]201 TARGET_PREFIX ${_MY_PARAMS_NS_BIN}
202 DEFINES "MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}")
Sverteczky, Marcell4b78a4b2019-06-03 14:17:10 +0200[diff] [blame]203
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]204 add_custom_command(TARGET ${_MY_PARAMS_NS_BIN}
205 POST_BUILD
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]206 #Create concatenated binary image from the two binary file
207 COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/assemble.py
Sverteczky, Marcell7d069e82019-07-04 18:17:33 +0200[diff] [blame]208 ARGS --layout ${PREPROCESSED_FILE}
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]209 -s $<TARGET_FILE_DIR:${_MY_PARAMS_S_BIN}>/${_MY_PARAMS_S_BIN}.bin
210 -n $<TARGET_FILE_DIR:${_MY_PARAMS_NS_BIN}>/${_MY_PARAMS_NS_BIN}.bin
211 -o ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
212
213 #Sign concatenated binary image with default public key in mcuboot folder
214 COMMAND ${PYTHON_EXECUTABLE} ${MCUBOOT_DIR}/scripts/imgtool.py
215 ARGS sign
Sverteczky, Marcell7d069e82019-07-04 18:17:33 +0200[diff] [blame]216 --layout ${PREPROCESSED_FILE}
Tamas Ban7801ed42019-05-20 13:21:53 +0100[diff] [blame]217 -k ${KEY_FILE}
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]218 --align 1
Oliver Swede21440442018-07-10 09:31:32 +0100[diff] [blame]219 -v ${IMAGE_VERSION}
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]220 ${ADD_SECURITY_COUNTER}
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]221 -H 0x400
Tamas Bandb69d522018-03-01 10:04:41 +0000[diff] [blame]222 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
223 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin)
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]224endif()
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]225
226 #Collect executables to common location: build/install/outputs/
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]227 set(TFM_SIGN_NAME tfm_s_ns_signed)
228
229 if (DEFINED MY_POSTFIX)
230 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin
231 RENAME tfm_sig${MY_POSTFIX}.bin
232 DESTINATION outputs/${TARGET_PLATFORM}/)
233 else()
234 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin
235 DESTINATION outputs/${TARGET_PLATFORM}/)
236 endif()
237
Tamas Ban57bfa432018-04-13 16:05:49 +0100[diff] [blame]238 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_SIGN_BIN}.bin
239 RENAME ${TFM_SIGN_NAME}${_MY_PARAMS_POSTFIX}.bin
240 DESTINATION outputs/fvp/)
David Vinczed8fbe0e2019-08-12 15:58:57 +0200[diff] [blame^]241
242if (MCUBOOT_IMAGE_NUMBER GREATER 1)
243 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_S_BIN}_signed.bin
244 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_NS_BIN}_signed.bin
245 DESTINATION outputs/${TARGET_PLATFORM}/)
246 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_S_BIN}_signed.bin
247 ${CMAKE_BINARY_DIR}/${_MY_PARAMS_NS_BIN}_signed.bin
248 DESTINATION outputs/fvp/)
249
250else() # MCUBOOT_IMAGE_NUMBER = 1
251 set(TFM_FULL_NAME tfm_s_ns_concatenated)
252
253 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
254 DESTINATION outputs/${TARGET_PLATFORM}/)
255 install(FILES ${CMAKE_BINARY_DIR}/${_MY_PARAMS_FULL_BIN}.bin
256 RENAME ${TFM_FULL_NAME}${_MY_PARAMS_POSTFIX}.bin
257 DESTINATION outputs/fvp/)
258endif()
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]259endfunction()
David Vincze63eda7a2019-08-09 17:42:51 +0200[diff] [blame]260
261#Validate and override the upgrade strategy to be used by the bootloader.
262#
263# If the given upgrade strategy is not supported with the current value
264# of the MCUBOOT_IMAGE_NUMBER variable then the function will override its
265# previously set value.
266#
267#Examples:
268# mcuboot_override_upgrade_strategy("SWAP")
269#
270#INPUTS:
271# strategy - (mandatory) - Upgrade strategy to be used.
272#
273#OUTPUTS:
274# MCUBOOT_UPGRADE_STRATEGY variable is set to the new strategy.
275#
276function(mcuboot_override_upgrade_strategy strategy)
277 if ((${strategy} STREQUAL "NO_SWAP" OR
278 ${strategy} STREQUAL "RAM_LOADING") AND
279 NOT (MCUBOOT_IMAGE_NUMBER EQUAL 1))
280 message(WARNING "The number of separately updatable images with the NO_SWAP or the RAM_LOADING"
281 " upgrade strategy can be only '1'. Your choice was overriden.")
282 set(MCUBOOT_IMAGE_NUMBER 1 PARENT_SCOPE)
283 endif()
284 get_property(_validation_list CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
285 #Check if validation list is set.
286 if (NOT _validation_list)
287 #Set the default upgrade strategy if the CACHE variable has not been set yet.
288 set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Configure BL2 which upgrade strategy to use")
289 set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWAP;NO_SWAP;RAM_LOADING")
290 endif()
291 set(MCUBOOT_UPGRADE_STRATEGY ${strategy} PARENT_SCOPE)
292 validate_cache_value(MCUBOOT_UPGRADE_STRATEGY STRINGS)
293endfunction()