TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / a1e8602d5ec2acad923b24eb436dc0f663eea649 / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: 0ffdfe06863c053e1befd4e1f770a991a5c97f01 [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]2# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]15add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
16
17target_include_directories(bootutil
18 PUBLIC
19 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]20 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]21)
22
23target_link_libraries(bootutil
24 PUBLIC
25 mcuboot_config
26 platform_bl2
27 bl2_mbedcrypto
28)
29
Feder Liangd4dbaa92021-09-07 15:34:46 +0800[diff] [blame]30target_compile_options(bootutil
31 PRIVATE
32 ${BL2_COMPILER_CP_FLAG}
33)
34
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]35target_compile_definitions(bootutil
36 PRIVATE
37 $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
38)
39
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]40target_include_directories(mcuboot_config
41 INTERFACE
42 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
43)
44
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]45target_include_directories(bl2
46 PUBLIC
47 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]48)
49
50target_sources(bl2
51 PRIVATE
52 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
53 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
54 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
55 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]56)
57
58target_link_libraries(bl2
59 PUBLIC
60 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]61)
62
63set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
64list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
65
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]66if (MCUBOOT_ALIGN_VAL GREATER 8)
67set (MCUBOOT_BOOT_MAX_ALIGN ${MCUBOOT_ALIGN_VAL})
68else()
69set (MCUBOOT_BOOT_MAX_ALIGN 8)
70endif()
71
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]72configure_file(include/mcuboot_config/mcuboot_config.h.in
73 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
74 @ONLY)
75
76############################### IMAGE SIGNING ##################################
77
78find_package(Python3)
79
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]80set(IMAGE_TYPE "S_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]81set(FLASH_AREA_NUM ${MCUBOOT_S_IMAGE_FLASH_AREA_NUM})
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]82if (MCUBOOT_IMAGE_NUMBER GREATER 1)
83 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
84 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]85else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]86 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
87 # used in this mode the signing_layout_s target's source file is renamed.
88 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
89 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]90endif()
91
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]92target_compile_options(signing_layout_s
93 PRIVATE
94 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
95 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
96 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
97)
98target_compile_definitions(signing_layout_s
99 PRIVATE
100 $<$<BOOL:${BL2}>:BL2>
101 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]102 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]103)
104target_link_libraries(signing_layout_s
105 PRIVATE
106 platform_bl2
107)
108
109if(NS)
110 add_custom_target(tfm_s_ns_bin
111 SOURCES tfm_s_ns.bin
112 )
113 add_custom_command(OUTPUT tfm_s_ns.bin
114 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
115 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
116 DEPENDS tfm_s_bin tfm_ns_bin
117 DEPENDS signing_layout_s
118
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]119 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]120 --layout $<TARGET_OBJECTS:signing_layout_s>
121 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
122 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
123 -o tfm_s_ns.bin
124 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
125 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]126endif()
127
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]128add_custom_target(tfm_s_signed_bin
129 SOURCES tfm_s_signed.bin
130)
131add_custom_command(OUTPUT tfm_s_signed.bin
132 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
133 DEPENDS tfm_s_bin signing_layout_s
134 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]135
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]136 #Sign secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]137 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]138 -v ${MCUBOOT_IMAGE_VERSION_S}
139 --layout $<TARGET_OBJECTS:signing_layout_s>
140 -k ${MCUBOOT_KEY_S}
141 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]142 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]143 --pad
144 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]145 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]146 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]147 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]148 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]149 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
150 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
151 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
152 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
153 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
154)
155
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]156set(IMAGE_TYPE "NS_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]157set(FLASH_AREA_NUM ${MCUBOOT_NS_IMAGE_FLASH_AREA_NUM})
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]158configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
159
160add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
161target_compile_options(signing_layout_ns
162 PRIVATE
163 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
164 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
165 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
166)
167target_compile_definitions(signing_layout_ns
168 PRIVATE
169 $<$<BOOL:${BL2}>:BL2>
170 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]171 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]172)
173target_link_libraries(signing_layout_ns
174 PRIVATE
175 platform_bl2
176)
177
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]178if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]179 add_custom_target(tfm_ns_signed_bin
180 SOURCES tfm_ns_signed.bin
181 )
182 add_custom_command(OUTPUT tfm_ns_signed.bin
183 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
184 DEPENDS tfm_ns_bin signing_layout_ns
185 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
186
187 #Sign non-secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]188 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]189 -v ${MCUBOOT_IMAGE_VERSION_NS}
190 --layout $<TARGET_OBJECTS:signing_layout_ns>
191 -k ${MCUBOOT_KEY_NS}
192 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]193 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]194 --pad
195 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]196 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]197 -s ${MCUBOOT_SECURITY_COUNTER_NS}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]198 -L ${MCUBOOT_ENC_KEY_LEN_NS}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]199 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]200 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
201 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
202 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
203 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
204 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
205 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]206endif()
207
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]208if(NS)
209 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]210 SOURCES tfm_s_ns_signed.bin
211 )
212 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
213 add_custom_command(OUTPUT tfm_s_ns_signed.bin
214 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
215 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
216 DEPENDS signing_layout_s
217
218 # Create concatenated binary image from the two independently signed
219 # binary file. This only uses the local assemble.py script (not from
220 # upstream mcuboot) because that script is geared towards zephyr
221 # support
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]222 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]223 --layout $<TARGET_OBJECTS:signing_layout_s>
224 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
225 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
226 -o tfm_s_ns_signed.bin
227 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
228 )
229 else()
230 add_custom_command(OUTPUT tfm_s_ns_signed.bin
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]231 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]232 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
233 DEPENDS signing_layout_s
234
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]235 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
236 # In such a configuration there is a subsystem with higher privileges controlling the
237 # the boot process and current implementation requires to use the non-secure key here.
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]238 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]239 -v ${MCUBOOT_IMAGE_VERSION_S}
240 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]241 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]242 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]243 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]244 --pad
245 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]246 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]247 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]248 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]249 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
250 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]251 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]252 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
253 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
254 )
255 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]256endif()
257
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]258add_custom_target(signed_images
259 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]260 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]261)