TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / 2484570fa4bef6fc274b81b67dd2d726d82e7545 / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: aec72cfd20ad1234e046906e2cf683f03665e734 [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame]2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
David Vincze8c95d2a2022-01-19 10:11:58 +0100[diff] [blame]15# Add/process CBOR encoded measured boot data (MCUBOOT_MEASURED_BOOT) only if
16# the store encoded measurements config is enabled. Otherwise, unencoded
17# measurements are stored in the shared data area and must be processed at
18# runtime.
19if (CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS)
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame]20 set(MCUBOOT_MEASURED_BOOT ON)
21endif()
22
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]23add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
24
25target_include_directories(bootutil
26 PUBLIC
27 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]28 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]29)
30
31target_link_libraries(bootutil
32 PUBLIC
33 mcuboot_config
34 platform_bl2
35 bl2_mbedcrypto
36)
37
Feder Liangd4dbaa92021-09-07 15:34:46 +0800[diff] [blame]38target_compile_options(bootutil
39 PRIVATE
40 ${BL2_COMPILER_CP_FLAG}
41)
42
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]43target_compile_definitions(bootutil
44 PRIVATE
45 $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
46)
47
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]48target_include_directories(mcuboot_config
49 INTERFACE
50 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
51)
52
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]53target_include_directories(bl2
54 PUBLIC
55 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]56)
57
58target_sources(bl2
59 PRIVATE
60 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
61 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
62 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
63 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]64)
65
66target_link_libraries(bl2
67 PUBLIC
68 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]69)
70
71set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
72list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
73
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]74if (MCUBOOT_ALIGN_VAL GREATER 8)
75set (MCUBOOT_BOOT_MAX_ALIGN ${MCUBOOT_ALIGN_VAL})
76else()
77set (MCUBOOT_BOOT_MAX_ALIGN 8)
78endif()
79
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]80configure_file(include/mcuboot_config/mcuboot_config.h.in
81 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
82 @ONLY)
83
84############################### IMAGE SIGNING ##################################
85
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]86if (PLATFORM_DEFAULT_IMAGE_SIGNING)
87 find_package(Python3)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]88
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]89 set(IMAGE_TYPE "S_IMAGE")
90 set(FLASH_AREA_NUM ${MCUBOOT_S_IMAGE_FLASH_AREA_NUM})
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]91 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]92 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
93 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
94 else()
95 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
96 # used in this mode the signing_layout_s target's source file is renamed.
97 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
98 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
99 endif()
100
101 target_compile_options(signing_layout_s
102 PRIVATE
103 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
104 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
105 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
106 )
107 target_compile_definitions(signing_layout_s
108 PRIVATE
109 $<$<BOOL:${BL2}>:BL2>
110 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
111 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
112 )
113 target_link_libraries(signing_layout_s
114 PRIVATE
115 platform_bl2
116 )
117
118 if(NS)
119 add_custom_target(tfm_s_ns_bin
120 SOURCES tfm_s_ns.bin
121 )
122 add_custom_command(OUTPUT tfm_s_ns.bin
123 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
124 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
125 DEPENDS tfm_s_bin tfm_ns_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]126 DEPENDS signing_layout_s
127
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]128 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]129 --layout $<TARGET_OBJECTS:signing_layout_s>
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]130 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
131 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
132 -o tfm_s_ns.bin
133 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]134 )
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]135 endif()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]136
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]137 add_custom_target(tfm_s_signed_bin
138 SOURCES tfm_s_signed.bin
139 )
140 add_custom_command(OUTPUT tfm_s_signed.bin
141 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
142 DEPENDS tfm_s_bin signing_layout_s
143 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
144
145 #Sign secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]146 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]147 -v ${MCUBOOT_IMAGE_VERSION_S}
148 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathfbc2c502022-09-09 16:16:07 +0200[diff] [blame]149 -k ${MCUBOOT_KEY_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]150 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]151 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]152 --pad
153 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]154 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]155 -s ${MCUBOOT_SECURITY_COUNTER_S}
Raef Coles4591d322022-09-14 11:51:34 +0100[diff] [blame]156 -L ${MCUBOOT_ENC_KEY_LEN}
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]157 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]158 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
Sherry Zhang50c3bb52022-10-21 15:07:41 +0800[diff] [blame]159 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]160 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
David Vincze3fa12f22021-10-05 12:43:37 +0200[diff] [blame]161 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]162 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
163 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
164 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
165 )
166
167 set(IMAGE_TYPE "NS_IMAGE")
168 set(FLASH_AREA_NUM ${MCUBOOT_NS_IMAGE_FLASH_AREA_NUM})
169 configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
170
171 add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
172 target_compile_options(signing_layout_ns
173 PRIVATE
174 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
175 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
176 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
177 )
178 target_compile_definitions(signing_layout_ns
179 PRIVATE
180 $<$<BOOL:${BL2}>:BL2>
181 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
182 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
183 )
184 target_link_libraries(signing_layout_ns
185 PRIVATE
186 platform_bl2
187 )
188
189 if(NS)
190 add_custom_target(tfm_ns_signed_bin
191 SOURCES tfm_ns_signed.bin
192 )
193 add_custom_command(OUTPUT tfm_ns_signed.bin
194 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
195 DEPENDS tfm_ns_bin signing_layout_ns
196 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
197
198 #Sign non-secure binary image with provided secret key
199 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
200 -v ${MCUBOOT_IMAGE_VERSION_NS}
201 --layout $<TARGET_OBJECTS:signing_layout_ns>
202 -k ${MCUBOOT_KEY_NS}
203 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
204 --align ${MCUBOOT_ALIGN_VAL}
205 --pad
206 --pad-header
207 -H ${BL2_HEADER_SIZE}
208 -s ${MCUBOOT_SECURITY_COUNTER_NS}
209 -L ${MCUBOOT_ENC_KEY_LEN}
210 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
211 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
212 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
213 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
214 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
215 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
216 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
217 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]218 )
219 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]220
Raef Colesb5be31b2022-11-01 11:42:42 +0000[diff] [blame]221 if(NS)
222 add_custom_target(tfm_s_ns_signed_bin
223 SOURCES tfm_s_ns_signed.bin
224 )
225 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
226 add_custom_command(OUTPUT tfm_s_ns_signed.bin
227 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
228 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
229 DEPENDS signing_layout_s
230
231 # Create concatenated binary image from the two independently signed
232 # binary file. This only uses the local assemble.py script (not from
233 # upstream mcuboot) because that script is geared towards zephyr
234 # support
235 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
236 --layout $<TARGET_OBJECTS:signing_layout_s>
237 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
238 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
239 -o tfm_s_ns_signed.bin
240 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
241 )
242 else()
243 add_custom_command(OUTPUT tfm_s_ns_signed.bin
244 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
245 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
246 DEPENDS signing_layout_s
247
248 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
249 -v ${MCUBOOT_IMAGE_VERSION_S}
250 --layout $<TARGET_OBJECTS:signing_layout_s>
251 -k ${MCUBOOT_KEY_S}
252 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
253 --align ${MCUBOOT_ALIGN_VAL}
254 --pad
255 --pad-header
256 -H ${BL2_HEADER_SIZE}
257 -s ${MCUBOOT_SECURITY_COUNTER_S}
258 -L ${MCUBOOT_ENC_KEY_LEN}
259 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
260 $<$<BOOL:${MCUBOOT_CONFIRM_IMAGE}>:--confirm>
261 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
262 $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
263 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
264 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
265 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
266 )
267 endif()
268 endif()
269
270 add_custom_target(signed_images
271 ALL
272 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
273 )
274endif()