TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / a6f501e34f962775eb18f38b48d60bd030835b3f / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: e3d331557949c3746077c0b235295eafc92f5071 [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame^]2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame^]15if (CONFIG_TFM_BOOT_STORE_MEASUREMENTS)
16 set(MCUBOOT_MEASURED_BOOT ON)
17endif()
18
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]19add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
20
21target_include_directories(bootutil
22 PUBLIC
23 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]24 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]25)
26
27target_link_libraries(bootutil
28 PUBLIC
29 mcuboot_config
30 platform_bl2
31 bl2_mbedcrypto
32)
33
Feder Liangd4dbaa92021-09-07 15:34:46 +0800[diff] [blame]34target_compile_options(bootutil
35 PRIVATE
36 ${BL2_COMPILER_CP_FLAG}
37)
38
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]39target_compile_definitions(bootutil
40 PRIVATE
41 $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
42)
43
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]44target_include_directories(mcuboot_config
45 INTERFACE
46 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
47)
48
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]49target_include_directories(bl2
50 PUBLIC
51 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]52)
53
54target_sources(bl2
55 PRIVATE
56 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
57 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
58 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
59 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]60)
61
62target_link_libraries(bl2
63 PUBLIC
64 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]65)
66
67set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
68list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
69
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]70if (MCUBOOT_ALIGN_VAL GREATER 8)
71set (MCUBOOT_BOOT_MAX_ALIGN ${MCUBOOT_ALIGN_VAL})
72else()
73set (MCUBOOT_BOOT_MAX_ALIGN 8)
74endif()
75
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]76configure_file(include/mcuboot_config/mcuboot_config.h.in
77 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
78 @ONLY)
79
80############################### IMAGE SIGNING ##################################
81
82find_package(Python3)
83
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]84set(IMAGE_TYPE "S_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]85set(FLASH_AREA_NUM ${MCUBOOT_S_IMAGE_FLASH_AREA_NUM})
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]86if (MCUBOOT_IMAGE_NUMBER GREATER 1)
87 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
88 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]89else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]90 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
91 # used in this mode the signing_layout_s target's source file is renamed.
92 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
93 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]94endif()
95
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]96target_compile_options(signing_layout_s
97 PRIVATE
98 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
99 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
100 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
101)
102target_compile_definitions(signing_layout_s
103 PRIVATE
104 $<$<BOOL:${BL2}>:BL2>
105 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]106 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]107)
108target_link_libraries(signing_layout_s
109 PRIVATE
110 platform_bl2
111)
112
113if(NS)
114 add_custom_target(tfm_s_ns_bin
115 SOURCES tfm_s_ns.bin
116 )
117 add_custom_command(OUTPUT tfm_s_ns.bin
118 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
119 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
120 DEPENDS tfm_s_bin tfm_ns_bin
121 DEPENDS signing_layout_s
122
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]123 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]124 --layout $<TARGET_OBJECTS:signing_layout_s>
125 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
126 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
127 -o tfm_s_ns.bin
128 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
129 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]130endif()
131
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]132add_custom_target(tfm_s_signed_bin
133 SOURCES tfm_s_signed.bin
134)
135add_custom_command(OUTPUT tfm_s_signed.bin
136 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
137 DEPENDS tfm_s_bin signing_layout_s
138 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]139
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]140 #Sign secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]141 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]142 -v ${MCUBOOT_IMAGE_VERSION_S}
143 --layout $<TARGET_OBJECTS:signing_layout_s>
144 -k ${MCUBOOT_KEY_S}
145 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]146 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]147 --pad
148 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]149 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]150 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]151 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]152 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]153 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
154 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
155 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
156 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
157 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
158)
159
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]160set(IMAGE_TYPE "NS_IMAGE")
Raef Coles8bc1ff82021-04-26 12:02:52 +0100[diff] [blame]161set(FLASH_AREA_NUM ${MCUBOOT_NS_IMAGE_FLASH_AREA_NUM})
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]162configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
163
164add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
165target_compile_options(signing_layout_ns
166 PRIVATE
167 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
168 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
169 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
170)
171target_compile_definitions(signing_layout_ns
172 PRIVATE
173 $<$<BOOL:${BL2}>:BL2>
174 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]175 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]176)
177target_link_libraries(signing_layout_ns
178 PRIVATE
179 platform_bl2
180)
181
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]182if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]183 add_custom_target(tfm_ns_signed_bin
184 SOURCES tfm_ns_signed.bin
185 )
186 add_custom_command(OUTPUT tfm_ns_signed.bin
187 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
188 DEPENDS tfm_ns_bin signing_layout_ns
189 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
190
191 #Sign non-secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]192 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]193 -v ${MCUBOOT_IMAGE_VERSION_NS}
194 --layout $<TARGET_OBJECTS:signing_layout_ns>
195 -k ${MCUBOOT_KEY_NS}
196 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]197 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]198 --pad
199 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]200 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]201 -s ${MCUBOOT_SECURITY_COUNTER_NS}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]202 -L ${MCUBOOT_ENC_KEY_LEN_NS}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]203 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]204 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
205 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
206 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
207 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
208 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
209 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]210endif()
211
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]212if(NS)
213 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]214 SOURCES tfm_s_ns_signed.bin
215 )
216 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
217 add_custom_command(OUTPUT tfm_s_ns_signed.bin
218 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
219 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
220 DEPENDS signing_layout_s
221
222 # Create concatenated binary image from the two independently signed
223 # binary file. This only uses the local assemble.py script (not from
224 # upstream mcuboot) because that script is geared towards zephyr
225 # support
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]226 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]227 --layout $<TARGET_OBJECTS:signing_layout_s>
228 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
229 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
230 -o tfm_s_ns_signed.bin
231 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
232 )
233 else()
234 add_custom_command(OUTPUT tfm_s_ns_signed.bin
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]235 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]236 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
237 DEPENDS signing_layout_s
238
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]239 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
240 # In such a configuration there is a subsystem with higher privileges controlling the
241 # the boot process and current implementation requires to use the non-secure key here.
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]242 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]243 -v ${MCUBOOT_IMAGE_VERSION_S}
244 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]245 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]246 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
Michel Jaouen24c3dd02021-08-12 15:32:13 +0200[diff] [blame]247 --align ${MCUBOOT_ALIGN_VAL}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]248 --pad
249 --pad-header
Ludovic Barre5319ac02021-11-02 09:51:29 +0100[diff] [blame]250 -H ${BL2_HEADER_SIZE}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]251 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame]252 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]253 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
254 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]255 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]256 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
257 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
258 )
259 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]260endif()
261
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]262add_custom_target(signed_images
263 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]264 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]265)