TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / bc7fe469c05fc8fbf77908e954938bc21933bd88 / . / bl2 / ext / mcuboot / CMakeLists.txt
blob: ccc98837db5c6dacd84fd74c0c7d07f5935e4081 [file] [log] [blame]
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]1#------------------------------------------------------------------------------
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]2# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8cmake_minimum_required(VERSION 3.15)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]9cmake_policy(SET CMP0079 NEW)
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]10
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]11add_library(mcuboot_config INTERFACE)
12
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]13set(MCUBOOT_KEY_ENC "${MCUBOOT_PATH}/enc-rsa2048-pub.pem" CACHE FILEPATH "Path to key with which to encrypt binary")
14
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]15add_subdirectory("${MCUBOOT_PATH}/boot/bootutil" bootutil)
16
17target_include_directories(bootutil
18 PUBLIC
19 include
Michel Jaouenfd7164f2021-04-29 09:37:49 +0200[diff] [blame]20 config
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]21)
22
23target_link_libraries(bootutil
24 PUBLIC
25 mcuboot_config
26 platform_bl2
27 bl2_mbedcrypto
28)
29
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]30target_compile_definitions(bootutil
31 PRIVATE
32 $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
33)
34
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]35target_include_directories(mcuboot_config
36 INTERFACE
37 $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}> # for mcuboot_config.h only
38)
39
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]40target_include_directories(bl2
41 PUBLIC
42 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]43)
44
45target_sources(bl2
46 PRIVATE
47 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_main.c
48 ${CMAKE_CURRENT_SOURCE_DIR}/keys.c
49 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_extended.c
50 ${CMAKE_CURRENT_SOURCE_DIR}/flash_map_legacy.c
Raef Coles6d47fb72020-12-16 09:26:48 +0000[diff] [blame]51)
52
53target_link_libraries(bl2
54 PUBLIC
55 bootutil
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]56)
57
58set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
59list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
60
61configure_file(include/mcuboot_config/mcuboot_config.h.in
62 ${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
63 @ONLY)
64
65############################### IMAGE SIGNING ##################################
66
67find_package(Python3)
68
69set(FLASH_AREA_NUM 0)
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]70set(IMAGE_TYPE "S_IMAGE")
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]71if (MCUBOOT_IMAGE_NUMBER GREATER 1)
72 configure_file(signing_layout.c.in signing_layout_s.c @ONLY)
73 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]74else()
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]75 # Imgtool script requires the s_ns sufix. Since only one sigining layout is
76 # used in this mode the signing_layout_s target's source file is renamed.
77 configure_file(signing_layout.c.in signing_layout_s_ns.c @ONLY)
78 add_library(signing_layout_s OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_s_ns.c)
David Vinczec3e313a2020-01-06 17:31:11 +0100[diff] [blame]79endif()
80
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]81target_compile_options(signing_layout_s
82 PRIVATE
83 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
84 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
85 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_s>>
86)
87target_compile_definitions(signing_layout_s
88 PRIVATE
89 $<$<BOOL:${BL2}>:BL2>
90 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]91 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]92)
93target_link_libraries(signing_layout_s
94 PRIVATE
95 platform_bl2
96)
97
98if(NS)
99 add_custom_target(tfm_s_ns_bin
100 SOURCES tfm_s_ns.bin
101 )
102 add_custom_command(OUTPUT tfm_s_ns.bin
103 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
104 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
105 DEPENDS tfm_s_bin tfm_ns_bin
106 DEPENDS signing_layout_s
107
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]108 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]109 --layout $<TARGET_OBJECTS:signing_layout_s>
110 -s $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
111 -n $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
112 -o tfm_s_ns.bin
113 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns.bin $<TARGET_FILE_DIR:bl2>
114 )
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]115endif()
116
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]117add_custom_target(tfm_s_signed_bin
118 SOURCES tfm_s_signed.bin
119)
120add_custom_command(OUTPUT tfm_s_signed.bin
121 DEPENDS $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
122 DEPENDS tfm_s_bin signing_layout_s
123 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]124
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]125 #Sign secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]126 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]127 -v ${MCUBOOT_IMAGE_VERSION_S}
128 --layout $<TARGET_OBJECTS:signing_layout_s>
129 -k ${MCUBOOT_KEY_S}
130 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
131 --align 1
132 --pad
133 --pad-header
134 -H 0x400
135 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame^]136 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]137 -d \"\(1,${MCUBOOT_NS_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]138 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
139 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
140 $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
141 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin
142 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_signed.bin $<TARGET_FILE_DIR:bl2>
143)
144
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]145set(FLASH_AREA_NUM 1)
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]146set(IMAGE_TYPE "NS_IMAGE")
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]147configure_file(signing_layout.c.in signing_layout_ns.c @ONLY)
148
149add_library(signing_layout_ns OBJECT ${CMAKE_CURRENT_BINARY_DIR}/signing_layout_ns.c)
150target_compile_options(signing_layout_ns
151 PRIVATE
152 $<$<C_COMPILER_ID:GNU>:-E\;-xc>
153 $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
154 $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
155)
156target_compile_definitions(signing_layout_ns
157 PRIVATE
158 $<$<BOOL:${BL2}>:BL2>
159 $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
Sherry Zhangae25f052021-05-13 14:49:48 +0800[diff] [blame]160 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
Mark Horvath531fce82021-01-15 16:10:22 +0100[diff] [blame]161)
162target_link_libraries(signing_layout_ns
163 PRIVATE
164 platform_bl2
165)
166
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]167if(NS)
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]168 add_custom_target(tfm_ns_signed_bin
169 SOURCES tfm_ns_signed.bin
170 )
171 add_custom_command(OUTPUT tfm_ns_signed.bin
172 DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
173 DEPENDS tfm_ns_bin signing_layout_ns
174 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
175
176 #Sign non-secure binary image with provided secret key
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]177 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]178 -v ${MCUBOOT_IMAGE_VERSION_NS}
179 --layout $<TARGET_OBJECTS:signing_layout_ns>
180 -k ${MCUBOOT_KEY_NS}
181 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
182 --align 1
183 --pad
184 --pad-header
185 -H 0x400
186 -s ${MCUBOOT_SECURITY_COUNTER_NS}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame^]187 -L ${MCUBOOT_ENC_KEY_LEN_NS}
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]188 -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]189 $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
190 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
191 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
192 ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin
193 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_signed.bin $<TARGET_FILE_DIR:bl2>
194 )
Tamas Band0f4e1d2019-07-11 09:39:03 +0100[diff] [blame]195endif()
196
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]197if(NS)
198 add_custom_target(tfm_s_ns_signed_bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]199 SOURCES tfm_s_ns_signed.bin
200 )
201 if (MCUBOOT_IMAGE_NUMBER GREATER 1)
202 add_custom_command(OUTPUT tfm_s_ns_signed.bin
203 DEPENDS tfm_s_signed_bin $<TARGET_FILE_DIR:tfm_s>/tfm_s.bin
204 DEPENDS tfm_ns_signed_bin $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
205 DEPENDS signing_layout_s
206
207 # Create concatenated binary image from the two independently signed
208 # binary file. This only uses the local assemble.py script (not from
209 # upstream mcuboot) because that script is geared towards zephyr
210 # support
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]211 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/assemble.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]212 --layout $<TARGET_OBJECTS:signing_layout_s>
213 -s $<TARGET_FILE_DIR:bl2>/tfm_s_signed.bin
214 -n $<TARGET_FILE_DIR:bl2>/tfm_ns_signed.bin
215 -o tfm_s_ns_signed.bin
216 COMMAND ${CMAKE_COMMAND} -E copy tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
217 )
218 else()
219 add_custom_command(OUTPUT tfm_s_ns_signed.bin
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]220 WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]221 DEPENDS tfm_s_ns_bin tfm_s_ns.bin
222 DEPENDS signing_layout_s
223
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]224 # Use the non-secure key to sign the combined image if FORWARD_PROT_MSG is set.
225 # In such a configuration there is a subsystem with higher privileges controlling the
226 # the boot process and current implementation requires to use the non-secure key here.
TTornblom30aef322021-10-29 11:29:32 +0200[diff] [blame]227 COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/wrapper/wrapper.py
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]228 -v ${MCUBOOT_IMAGE_VERSION_S}
229 --layout $<TARGET_OBJECTS:signing_layout_s>
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]230 -k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]231 --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
232 --align 1
233 --pad
234 --pad-header
235 -H 0x400
236 -s ${MCUBOOT_SECURITY_COUNTER_S}
Sherry Zhangbc7fe462021-11-03 16:07:00 +0800[diff] [blame^]237 -L ${MCUBOOT_ENC_KEY_LEN_S}
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]238 $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
239 $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
Sherry Zhang4c9b0ed2021-04-20 18:29:19 +0800[diff] [blame]240 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns.bin
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]241 ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin
242 COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_s_ns_signed.bin $<TARGET_FILE_DIR:bl2>
243 )
244 endif()
Marc Moreno Berenguea1f296f2018-01-25 15:21:22 +0000[diff] [blame]245endif()
246
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]247add_custom_target(signed_images
248 ALL
Mark Horvathf0565142020-11-19 18:52:44 +0100[diff] [blame]249 DEPENDS $<IF:$<BOOL:${NS}>,tfm_s_ns_signed_bin,tfm_s_signed_bin>
Raef Coles8efad882020-07-10 09:46:00 +0100[diff] [blame]250)