TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / a6f501e34f962775eb18f38b48d60bd030835b3f^! / . / bl2 / ext
commita6f501e34f962775eb18f38b48d60bd030835b3f[log] [tgz]
authorDavid Vincze <david.vincze@arm.com>Mon Jun 14 10:42:30 2021 +0200
committerDavid Hu <david.hu@arm.com>Mon Jul 25 12:09:24 2022 +0200
treec646b6706bc3ac65baf56299f7bfea68e44e369e
parenta1e8602d5ec2acad923b24eb436dc0f663eea649 [diff]
Build: Introduce CONFIG_TFM_BOOT_STORE_MEASUREMENTS

Use the CONFIG_TFM_BOOT_STORE_MEASUREMENTS CMake variable instead of
MCUBOOT_MEASURED_BOOT to control measured boot mechanisms in
each boot stages.
The form (encoding) and amount of the saved measured boot data
can vary depending on the number of boot stages. This variable
can be used the serve the different cases.

Change-Id: I1cdb7372d753228f4b422e12c3f0f90594a2739e
Signed-off-by: David Vincze <david.vincze@arm.com>

diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 0ffdfe0..e3d3315 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt

@@ -1,5 +1,5 @@
 #------------------------------------------------------------------------------
-# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -12,6 +12,10 @@
 
 set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
 
+if (CONFIG_TFM_BOOT_STORE_MEASUREMENTS)
+    set(MCUBOOT_MEASURED_BOOT ON)
+endif()
+
 add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
 
 target_include_directories(bootutil

diff --git a/bl2/ext/mcuboot/mcuboot_default_config.cmake b/bl2/ext/mcuboot/mcuboot_default_config.cmake
index fb67ab5..3f0ad2d 100644
--- a/bl2/ext/mcuboot/mcuboot_default_config.cmake
+++ b/bl2/ext/mcuboot/mcuboot_default_config.cmake

@@ -34,7 +34,6 @@
 set_property(CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS "1;2;4;8;16;32")
 
 set(MCUBOOT_DIRECT_XIP_REVERT           ON          CACHE BOOL      "Enable the revert mechanism in direct-xip mode")
-set(MCUBOOT_MEASURED_BOOT               ON          CACHE BOOL      "Add boot measurement values to boot status. Used for initial attestation token")
 set(MCUBOOT_HW_ROLLBACK_PROT            ON          CACHE BOOL      "Enable security counter validation against non-volatile HW counters")
 set(MCUBOOT_ENC_IMAGES                  OFF         CACHE BOOL      "Enable encrypted image upgrade support")
 set(MCUBOOT_ENCRYPT_RSA                 OFF         CACHE BOOL      "Use RSA for encrypted image upgrade support")