TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / 531fce8f8112e7d3c32783e68dc1de1534369bfd / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: f757e2c793914c632377eff1a7c55a75efa65094 [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]2# Copyright (c) 2020, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]15add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
16
17target_include_directories(bootutil
18 PUBLIC
19 include
20)
21
22target_link_libraries(bootutil
23 PUBLIC
24 mcuboot_config
25 platform_bl2
26 bl2_mbedcrypto
27)
28
29target_include_directories(mcuboot_config
30 INTERFACE
31 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
32)
33
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]34target_include_directories(bl2
35 PUBLIC
36 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]37)
38
39target_sources(bl2
40 PRIVATE
41 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
42 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
43 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
44 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]45)
46
47target_link_libraries(bl2
48 PUBLIC
49 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]50)
51
52set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
53list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
54
55configure_file(include/mcuboot_config/mcuboot_config.h.in
56 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
57 @ONLY)
58
59############################### IMAGE SIGNING ##################################
60
61find_package(Python3)
62
63set(FLASH_AREA_NUM 0)
64if (MCUBOOT_IMAGE_NUMBER GREATER 1)
65 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
66 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]67else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]68 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
69 # used in this mode the signing_layout_s target's source file is renamed.
70 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
71 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]72endif()
73
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]74target_compile_options(signing_layout_s
75 PRIVATE
76 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
77 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
78 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
79)
80target_compile_definitions(signing_layout_s
81 PRIVATE
82 $<$<BOOL:${BL2}>:BL2>
83 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
84)
85target_link_libraries(signing_layout_s
86 PRIVATE
87 platform_bl2
88)
89
90if(NS)
91 add_custom_target(tfm_s_ns_bin
92 SOURCES tfm_s_ns.bin
93 )
94 add_custom_command(OUTPUT tfm_s_ns.bin
95 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
96 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
97 DEPENDS tfm_s_bin tfm_ns_bin
98 DEPENDS signing_layout_s
99
100 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
101 --layout $<TARGET_OBJECTS:signing_layout_s>
102 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
103 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
104 -o tfm_s_ns.bin
105 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
106 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]107endif()
108
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]109add_custom_target(tfm_s_signed_bin
110 SOURCES tfm_s_signed.bin
111)
112add_custom_command(OUTPUT tfm_s_signed.bin
113 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
114 DEPENDS tfm_s_bin signing_layout_s
115 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]116
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]117 #Sign secure binary image with provided secret key
118 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
119 -v ${MCUBOOT_IMAGE_VERSION_S}
120 --layout $<TARGET_OBJECTS:signing_layout_s>
121 -k ${MCUBOOT_KEY_S}
122 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
123 --align 1
124 --pad
125 --pad-header
126 -H 0x400
127 -s ${MCUBOOT_SECURITY_COUNTER_S}
128 -d \"\(0,${MCUBOOT_S_IMAGE_MIN_VER}\)\"
129 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
130 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
131 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
132 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
133 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
134)
135
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame^]136set(FLASH_AREA_NUM 1)
137configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
138
139add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
140target_compile_options(signing_layout_ns
141 PRIVATE
142 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
143 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
144 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
145)
146target_compile_definitions(signing_layout_ns
147 PRIVATE
148 $<$<BOOL:${BL2}>:BL2>
149 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
150)
151target_link_libraries(signing_layout_ns
152 PRIVATE
153 platform_bl2
154)
155
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]156if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]157 add_custom_target(tfm_ns_signed_bin
158 SOURCES tfm_ns_signed.bin
159 )
160 add_custom_command(OUTPUT tfm_ns_signed.bin
161 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
162 DEPENDS tfm_ns_bin signing_layout_ns
163 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
164
165 #Sign non-secure binary image with provided secret key
166 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
167 -v ${MCUBOOT_IMAGE_VERSION_NS}
168 --layout $<TARGET_OBJECTS:signing_layout_ns>
169 -k ${MCUBOOT_KEY_NS}
170 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
171 --align 1
172 --pad
173 --pad-header
174 -H 0x400
175 -s ${MCUBOOT_SECURITY_COUNTER_NS}
176 -d \"\(1, ${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
177 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
178 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
179 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
180 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
181 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
182 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]183endif()
184
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]185if(NS)
186 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]187 SOURCES tfm_s_ns_signed.bin
188 )
189 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
190 add_custom_command(OUTPUT tfm_s_ns_signed.bin
191 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
192 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
193 DEPENDS signing_layout_s
194
195 # Create concatenated binary image from the two independently signed
196 # binary file. This only uses the local assemble.py script (not from
197 # upstream mcuboot) because that script is geared towards zephyr
198 # support
199 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
200 --layout $<TARGET_OBJECTS:signing_layout_s>
201 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
202 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
203 -o tfm_s_ns_signed.bin
204 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
205 )
206 else()
207 add_custom_command(OUTPUT tfm_s_ns_signed.bin
208 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
209 DEPENDS signing_layout_s
210
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]211 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
212 # In such a configuration there is a subsystem with higher privileges controlling the
213 # the boot process and current implementation requires to use the non-secure key here.
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]214 COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
215 -v ${MCUBOOT_IMAGE_VERSION_S}
216 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]217 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]218 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
219 --align 1
220 --pad
221 --pad-header
222 -H 0x400
223 -s ${MCUBOOT_SECURITY_COUNTER_S}
224 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
225 -d \"\(1, ${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
226 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
227 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
228 tfm_s_ns.bin
229 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
230 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
231 )
232 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]233endif()
234
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]235add_custom_target(signed_images
236 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]237 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]238)