TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / 37aedb51b80af13ef03e53fb162c66488ec67bff / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: 2e1e082da532070cecd1f7e10861eda59c00582f [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]2# Copyright (c) 2020, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.13)
9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]11set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
12
13target_include_directories(bl2
14 PUBLIC
15 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
16 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
17 $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot/bootutil/include>
18 $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot>
19)
20
21target_sources(bl2
22 PRIVATE
23 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
24 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
25 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
26 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
27 ${MCUBOOT_PATH}/boot/bootutil/src/loader.c
28 ${MCUBOOT_PATH}/boot/bootutil/src/bootutil_misc.c
29 ${MCUBOOT_PATH}/boot/bootutil/src/image_validate.c
30 ${MCUBOOT_PATH}/boot/bootutil/src/image_rsa.c
31 ${MCUBOOT_PATH}/boot/bootutil/src/tlv.c
32 ${MCUBOOT_PATH}/boot/bootutil/src/boot_record.c
Balint Matyi69e2d2e2020-07-08 10:53:54 +0100[diff] [blame]33 ${MCUBOOT_PATH}/boot/bootutil/src/swap_scratch.c
34 ${MCUBOOT_PATH}/boot/bootutil/src/swap_move.c
35 ${MCUBOOT_PATH}/boot/bootutil/src/swap_misc.c
36 ${MCUBOOT_PATH}/boot/bootutil/src/encrypted.c
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]37)
38
39set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
40list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
41
42configure_file(include/mcuboot_config/mcuboot_config.h.in
43 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
44 @ONLY)
45
46############################### IMAGE SIGNING ##################################
47
48find_package(Python3)
49
50set(FLASH_AREA_NUM 0)
51if (MCUBOOT_IMAGE_NUMBER GREATER 1)
52 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
53 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]54else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]55 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
56 # used in this mode the signing_layout_s target's source file is renamed.
57 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
58 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]59endif()
60
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]61target_compile_options(signing_layout_s
62 PRIVATE
63 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
64 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
65 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
66)
67target_compile_definitions(signing_layout_s
68 PRIVATE
69 $<$<BOOL:${BL2}>:BL2>
70 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
71)
72target_link_libraries(signing_layout_s
73 PRIVATE
74 platform_bl2
75)
76
77if(NS)
78 add_custom_target(tfm_s_ns_bin
79 SOURCES tfm_s_ns.bin
80 )
81 add_custom_command(OUTPUT tfm_s_ns.bin
82 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
83 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
84 DEPENDS tfm_s_bin tfm_ns_bin
85 DEPENDS signing_layout_s
86
87 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
88 --layout $<TARGET_OBJECTS:signing_layout_s>
89 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
90 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
91 -o tfm_s_ns.bin
92 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
93 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]94endif()
95
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]96add_custom_target(tfm_s_signed_bin
97 SOURCES tfm_s_signed.bin
98)
99add_custom_command(OUTPUT tfm_s_signed.bin
100 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
101 DEPENDS tfm_s_bin signing_layout_s
102 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]103
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]104 #Sign secure binary image with provided secret key
105 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
106 -v ${MCUBOOT_IMAGE_VERSION_S}
107 --layout $<TARGET_OBJECTS:signing_layout_s>
108 -k ${MCUBOOT_KEY_S}
109 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
110 --align 1
111 --pad
112 --pad-header
113 -H 0x400
114 -s ${MCUBOOT_SECURITY_COUNTER_S}
115 -d \"\(0,${MCUBOOT_S_IMAGE_MIN_VER}\)\"
116 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
117 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
118 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
119 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
120 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
121)
122
123if(NS)
124 set(FLASH_AREA_NUM 1)
125 configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
126
127 add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
128 target_compile_options(signing_layout_ns
129 PRIVATE
130 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
131 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
132 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
133 )
134 target_compile_definitions(signing_layout_ns
135 PRIVATE
136 $<$<BOOL:${BL2}>:BL2>
137 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
138 )
139 target_link_libraries(signing_layout_ns
140 PRIVATE
141 platform_bl2
142 )
143
144 add_custom_target(tfm_ns_signed_bin
145 SOURCES tfm_ns_signed.bin
146 )
147 add_custom_command(OUTPUT tfm_ns_signed.bin
148 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
149 DEPENDS tfm_ns_bin signing_layout_ns
150 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
151
152 #Sign non-secure binary image with provided secret key
153 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
154 -v ${MCUBOOT_IMAGE_VERSION_NS}
155 --layout $<TARGET_OBJECTS:signing_layout_ns>
156 -k ${MCUBOOT_KEY_NS}
157 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
158 --align 1
159 --pad
160 --pad-header
161 -H 0x400
162 -s ${MCUBOOT_SECURITY_COUNTER_NS}
163 -d \"\(1, ${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
164 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
165 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
166 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
167 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
168 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
169 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]170endif()
171
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]172if(NS)
173 add_custom_target(tfm_s_ns_signed_bin
174 ALL
175 SOURCES tfm_s_ns_signed.bin
176 )
177 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
178 add_custom_command(OUTPUT tfm_s_ns_signed.bin
179 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
180 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
181 DEPENDS signing_layout_s
182
183 # Create concatenated binary image from the two independently signed
184 # binary file. This only uses the local assemble.py script (not from
185 # upstream mcuboot) because that script is geared towards zephyr
186 # support
187 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
188 --layout $<TARGET_OBJECTS:signing_layout_s>
189 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
190 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
191 -o tfm_s_ns_signed.bin
192 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
193 )
194 else()
195 add_custom_command(OUTPUT tfm_s_ns_signed.bin
196 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
197 DEPENDS signing_layout_s
198
199 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
200 -v ${MCUBOOT_IMAGE_VERSION_S}
201 --layout $<TARGET_OBJECTS:signing_layout_s>
202 -k ${MCUBOOT_KEY_S}
203 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
204 --align 1
205 --pad
206 --pad-header
207 -H 0x400
208 -s ${MCUBOOT_SECURITY_COUNTER_S}
209 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
210 -d \"\(1, ${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
211 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
212 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
213 tfm_s_ns.bin
214 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
215 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
216 )
217 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]218endif()
219
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]220add_custom_target(signed_images
221 ALL
222 DEPENDS $<$<BOOL:${NS}>:tfm_s_ns_signed_bin>
223)