boards: arm: musca_b1: Add TFM support

This commit adds support for TF-M to the MUSCA B1. When the CONFIG_BUILD_WITH_TFM flag is set, a secure and non-secure processing environment image pair will be generated, with the Zephy application image running on the non-secure side. The secure and non-secure binary images will be signed for use with the BL2 secure bootloader. Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
2020-05-08 08:23:36 -05:00 · 2020-05-08 08:23:36 -05:00 · 679b437b75
parent f2ccd2b00a
commit 679b437b75
2 changed files with 59 additions and 1 deletions
--- a/boards/arm/v2m_musca_b1/CMakeLists.txt
+++ b/boards/arm/v2m_musca_b1/CMakeLists.txt
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019 Linaro Limited
+# Copyright (c) 2019,2020 Linaro Limited
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@ -7,3 +7,59 @@
 zephyr_library()
 zephyr_library_sources(pinmux.c)
 zephyr_library_include_directories(${ZEPHYR_BASE}/drivers)
+
+if (CONFIG_BUILD_WITH_TFM)
+	# Set default image versions if not defined elsewhere
+	if (NOT DEFINED TFM_IMAGE_VERSION_S)
+		set(TFM_IMAGE_VERSION_S 0.0.0+0)
+	endif()
+
+	if (NOT DEFINED TFM_IMAGE_VERSION_NS)
+		set(TFM_IMAGE_VERSION_NS 0.0.0+0)
+	endif()
+
+	set(PREPROCESSED_FILE "${CMAKE_BINARY_DIR}/tfm/image_macros_preprocessed")
+	set(TFM_MCUBOOT_DIR "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot")
+
+	# Configure which format (full or hash) to include the public key in
+	# the image manifest
+	set(TFM_PUBLIC_KEY_FORMAT "full")
+
+	# Set srec_cat binary name
+	find_program(SREC_CAT srec_cat)
+	if(${SREC_CAT} STREQUAL SREC_CAT-NOTFOUND)
+	    message(FATAL_ERROR "'srec_cat' not found. Please install it, or add it to $PATH.")
+	endif()
+
+	#Create and sign for concatenated binary image should align with the TF-M BL2
+	set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
+
+		#Create concatenated binary image from the two binary file
+		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/assemble.py
+		ARGS --layout ${PREPROCESSED_FILE}.c
+			-s ${CMAKE_BINARY_DIR}/tfm/install/outputs/MUSCA_B1/tfm_s.bin
+			-n ${CMAKE_BINARY_DIR}/zephyr/zephyr.bin
+			-o ${CMAKE_BINARY_DIR}/tfm_full.bin
+
+		#Sign concatenated binary image with default public key in mcuboot folder
+		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py
+		ARGS sign
+			--layout ${PREPROCESSED_FILE}.c
+			-k ${CONFIG_TFM_KEY_FILE_S}
+			--public-key-format ${TFM_PUBLIC_KEY_FORMAT}
+			--align 1
+			-v ${TFM_IMAGE_VERSION_S}
+			${ADD_SECURITY_COUNTER}
+			-H 0x400
+			${CMAKE_BINARY_DIR}/tfm_full.bin
+			${CMAKE_BINARY_DIR}/tfm_sign.bin
+
+		#srec_cat to combine images into hex for drag and drop
+		COMMAND ${SREC_CAT}
+		ARGS ${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/mcuboot.bin -binary
+			-offset 0xA000000
+			${CMAKE_BINARY_DIR}/tfm_sign.bin -binary
+			-offset 0xA020000
+			-o ${CMAKE_BINARY_DIR}/tfm_zephyr.hex -Intel --line-length=44
+	)
+endif()
--- a/boards/arm/v2m_musca_b1/board.cmake
+++ b/boards/arm/v2m_musca_b1/board.cmake
@ -1,5 +1,7 @@
 #SPDX-License-Identifier: Apache-2.0

+set(TFM_TARGET_PLATFORM "MUSCA_B1")
+
 board_set_debugger_ifnset(pyocd)
 board_set_flasher_ifnset(pyocd)