TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / 1b49416b5a79feefe890e39c01917f3379b90976 / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: f82a73846b30830d4af49f2b224efcc07d25d63a [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame]2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
David Vincze8c95d2a2022-01-19 10:11:58 +0100[diff] [blame]15# Add/process CBOR encoded measured boot data (MCUBOOT_MEASURED_BOOT) only if
16# the store encoded measurements config is enabled. Otherwise, unencoded
17# measurements are stored in the shared data area and must be processed at
18# runtime.
19if (CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS)
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame]20 set(MCUBOOT_MEASURED_BOOT ON)
21endif()
22
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]23add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
24
25target_include_directories(bootutil
26 PUBLIC
27 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]28 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]29)
30
31target_link_libraries(bootutil
32 PUBLIC
33 mcuboot_config
34 platform_bl2
35 bl2_mbedcrypto
36)
37
Feder Liangd4dbaa92021-09-07 15:34:46 +0800[diff] [blame]38target_compile_options(bootutil
39 PRIVATE
40 ${BL2_COMPILER_CP_FLAG}
41)
42
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]43target_compile_definitions(bootutil
44 PRIVATE
45 $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
46)
47
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]48target_include_directories(mcuboot_config
49 INTERFACE
50 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
51)
52
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]53target_include_directories(bl2
54 PUBLIC
55 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]56)
57
58target_sources(bl2
59 PRIVATE
60 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
61 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
62 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
63 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]64)
65
66target_link_libraries(bl2
67 PUBLIC
68 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]69)
70
71set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
72list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
73
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]74if (MCUBOOT_ALIGN_VAL GREATER 8)
75set (MCUBOOT_BOOT_MAX_ALIGN ${MCUBOOT_ALIGN_VAL})
76else()
77set (MCUBOOT_BOOT_MAX_ALIGN 8)
78endif()
79
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]80configure_file(include/mcuboot_config/mcuboot_config.h.in
81 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
82 @ONLY)
83
84############################### IMAGE SIGNING ##################################
85
86find_package(Python3)
87
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]88set(IMAGE_TYPE "S_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]89set(FLASH_AREA_NUM ${MCUBOOT_S_IMAGE_FLASH_AREA_NUM})
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]90if (MCUBOOT_IMAGE_NUMBER GREATER 1)
91 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
92 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]93else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]94 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
95 # used in this mode the signing_layout_s target's source file is renamed.
96 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
97 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]98endif()
99
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]100target_compile_options(signing_layout_s
101 PRIVATE
102 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
103 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
104 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
105)
106target_compile_definitions(signing_layout_s
107 PRIVATE
108 $<$<BOOL:${BL2}>:BL2>
109 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]110 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]111)
112target_link_libraries(signing_layout_s
113 PRIVATE
114 platform_bl2
115)
116
117if(NS)
118 add_custom_target(tfm_s_ns_bin
119 SOURCES tfm_s_ns.bin
120 )
121 add_custom_command(OUTPUT tfm_s_ns.bin
122 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
123 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
124 DEPENDS tfm_s_bin tfm_ns_bin
125 DEPENDS signing_layout_s
126
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]127 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]128 --layout $<TARGET_OBJECTS:signing_layout_s>
129 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
130 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
131 -o tfm_s_ns.bin
132 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
133 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]134endif()
135
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]136add_custom_target(tfm_s_signed_bin
137 SOURCES tfm_s_signed.bin
138)
139add_custom_command(OUTPUT tfm_s_signed.bin
140 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
141 DEPENDS tfm_s_bin signing_layout_s
142 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]143
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]144 #Sign secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]145 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]146 -v ${MCUBOOT_IMAGE_VERSION_S}
147 --layout $<TARGET_OBJECTS:signing_layout_s>
148 -k ${MCUBOOT_KEY_S}
149 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]150 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]151 --pad
152 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]153 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]154 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]155 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]156 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]157 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
158 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
David Vincze3fa12f22021-10-05 12:43:37 +0200[diff] [blame]159 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]160 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
161 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
162 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
163)
164
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]165set(IMAGE_TYPE "NS_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]166set(FLASH_AREA_NUM ${MCUBOOT_NS_IMAGE_FLASH_AREA_NUM})
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]167configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
168
169add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
170target_compile_options(signing_layout_ns
171 PRIVATE
172 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
173 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
174 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
175)
176target_compile_definitions(signing_layout_ns
177 PRIVATE
178 $<$<BOOL:${BL2}>:BL2>
179 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]180 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]181)
182target_link_libraries(signing_layout_ns
183 PRIVATE
184 platform_bl2
185)
186
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]187if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]188 add_custom_target(tfm_ns_signed_bin
189 SOURCES tfm_ns_signed.bin
190 )
191 add_custom_command(OUTPUT tfm_ns_signed.bin
192 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
193 DEPENDS tfm_ns_bin signing_layout_ns
194 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
195
196 #Sign non-secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]197 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]198 -v ${MCUBOOT_IMAGE_VERSION_NS}
199 --layout $<TARGET_OBJECTS:signing_layout_ns>
200 -k ${MCUBOOT_KEY_NS}
201 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]202 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]203 --pad
204 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]205 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]206 -s ${MCUBOOT_SECURITY_COUNTER_NS}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]207 -L ${MCUBOOT_ENC_KEY_LEN_NS}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]208 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]209 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
210 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
211 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
David Vincze3fa12f22021-10-05 12:43:37 +0200[diff] [blame]212 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]213 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
214 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
215 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]216endif()
217
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]218if(NS)
219 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]220 SOURCES tfm_s_ns_signed.bin
221 )
222 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
223 add_custom_command(OUTPUT tfm_s_ns_signed.bin
224 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
225 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
226 DEPENDS signing_layout_s
227
228 # Create concatenated binary image from the two independently signed
229 # binary file. This only uses the local assemble.py script (not from
230 # upstream mcuboot) because that script is geared towards zephyr
231 # support
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]232 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]233 --layout $<TARGET_OBJECTS:signing_layout_s>
234 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
235 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
236 -o tfm_s_ns_signed.bin
237 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
238 )
239 else()
240 add_custom_command(OUTPUT tfm_s_ns_signed.bin
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]241 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]242 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
243 DEPENDS signing_layout_s
244
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]245 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
246 # In such a configuration there is a subsystem with higher privileges controlling the
247 # the boot process and current implementation requires to use the non-secure key here.
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]248 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]249 -v ${MCUBOOT_IMAGE_VERSION_S}
250 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]251 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]252 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]253 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]254 --pad
255 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]256 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]257 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]258 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]259 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
260 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
David Vincze3fa12f22021-10-05 12:43:37 +0200[diff] [blame]261 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]262 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]263 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
264 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
265 )
266 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]267endif()
268
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]269add_custom_target(signed_images
270 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]271 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]272)