modules: tfm: Exclude non-secure TF-M application from build
Exclude the non-secure TF-M application from being built by TF-M. This also stops the building of the tfm_ns_api library that we were linking against. This library is defined by the tf-m regression tests. Add the installed interface source files exported by the TF-M build system compile them in the zephyr build system. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This commit is contained in:
parent
a703cbe9ce
commit
c51505f661
|
@ -49,6 +49,11 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
else()
|
||||
list(APPEND TFM_CMAKE_ARGS -DBL2=FALSE)
|
||||
endif()
|
||||
if (CONFIG_TFM_BUILD_NS)
|
||||
list(APPEND TFM_CMAKE_ARGS -DNS=TRUE)
|
||||
else()
|
||||
list(APPEND TFM_CMAKE_ARGS -DNS=FALSE)
|
||||
endif()
|
||||
if (CONFIG_TFM_ISOLATION_LEVEL)
|
||||
list(APPEND TFM_CMAKE_ARGS -DTFM_ISOLATION_LEVEL=${CONFIG_TFM_ISOLATION_LEVEL})
|
||||
endif()
|
||||
|
@ -148,8 +153,9 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
|
||||
set(VENEERS_FILE ${TFM_BINARY_DIR}/secure_fw/s_veneers.o)
|
||||
set(TFM_API_NS_PATH ${TFM_BINARY_DIR}/tf-m-tests/app/libtfm_api_ns.a)
|
||||
set(TFM_GENERATED_INCLUDES ${TFM_BINARY_DIR}/generated/interface/include)
|
||||
set(PLATFORM_NS_FILE ${TFM_BINARY_DIR}/platform/libplatform_ns.a)
|
||||
set(TFM_GENERATED_INCLUDES ${TFM_BINARY_DIR}/generated/interface/include)
|
||||
set(TFM_INTERFACE_SOURCE_DIR ${TFM_BINARY_DIR}/install/interface/src)
|
||||
|
||||
if (TFM_PSA_TEST_SUITE)
|
||||
set(PSA_TEST_VAL_FILE ${TFM_BINARY_DIR}/tf-m-tests/app/psa_api_tests/val/val_nspe.a)
|
||||
|
@ -195,6 +201,25 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
${TFM_S_SIGNED_BIN_FILE}
|
||||
${TFM_NS_SIGNED_BIN_FILE}
|
||||
${TFM_S_NS_SIGNED_BIN_FILE}
|
||||
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_platform_ipc_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_ps_ipc_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_its_ipc_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_crypto_ipc_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_initial_attestation_ipc_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_firmware_update_ipc_api.c
|
||||
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_psa_ns_api.c
|
||||
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_platform_func_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_ps_func_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_its_func_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_crypto_func_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_initial_attestation_func_api.c
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_firmware_update_func_api.c
|
||||
|
||||
# Specific to nordic_nrf platform
|
||||
${TFM_INTERFACE_SOURCE_DIR}/tfm_ioctl_core_ns_api.c
|
||||
)
|
||||
|
||||
# Get the toolchain variant
|
||||
|
@ -331,12 +356,51 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
src/zephyr_tfm_log.c
|
||||
interface/interface.c
|
||||
)
|
||||
|
||||
# Non-Secure interface to request system reboot
|
||||
if (CONFIG_TFM_PARTITION_PLATFORM AND NOT CONFIG_TFM_PARTITION_PLATFORM_CUSTOM_REBOOT)
|
||||
zephyr_library_sources(src/reboot.c)
|
||||
endif()
|
||||
zephyr_library_sources_ifndef(CONFIG_TFM_PSA_TEST_NONE src/zephyr_tfm_psa_test.c)
|
||||
|
||||
if (TFM_PSA_TEST_SUITE)
|
||||
zephyr_library_link_libraries(
|
||||
${PSA_TEST_VAL_FILE}
|
||||
${PSA_TEST_PAL_FILE}
|
||||
${PSA_TEST_COMBINE_FILE}
|
||||
)
|
||||
endif()
|
||||
|
||||
if(NOT CONFIG_TFM_BUILD_NS)
|
||||
if(CONFIG_TFM_IPC)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PLATFORM ${TFM_INTERFACE_SOURCE_DIR}/tfm_platform_ipc_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PROTECTED_STORAGE ${TFM_INTERFACE_SOURCE_DIR}/tfm_ps_ipc_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ${TFM_INTERFACE_SOURCE_DIR}/tfm_its_ipc_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_CRYPTO ${TFM_INTERFACE_SOURCE_DIR}/tfm_crypto_ipc_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_INITIAL_ATTESTATION ${TFM_INTERFACE_SOURCE_DIR}/tfm_initial_attestation_ipc_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_FIRMWARE_UPDATE ${TFM_INTERFACE_SOURCE_DIR}/tfm_firmware_update_ipc_api.c)
|
||||
|
||||
zephyr_library_sources(${TFM_INTERFACE_SOURCE_DIR}/tfm_psa_ns_api.c)
|
||||
else()
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PLATFORM ${TFM_INTERFACE_SOURCE_DIR}/tfm_platform_func_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PROTECTED_STORAGE ${TFM_INTERFACE_SOURCE_DIR}/tfm_ps_func_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ${TFM_INTERFACE_SOURCE_DIR}/tfm_its_func_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_CRYPTO ${TFM_INTERFACE_SOURCE_DIR}/tfm_crypto_func_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_INITIAL_ATTESTATION ${TFM_INTERFACE_SOURCE_DIR}/tfm_initial_attestation_func_api.c)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_FIRMWARE_UPDATE ${TFM_INTERFACE_SOURCE_DIR}/tfm_firmware_update_func_api.c)
|
||||
endif()
|
||||
|
||||
if(CONFIG_SOC_FAMILY_NRF)
|
||||
zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PLATFORM ${TFM_INTERFACE_SOURCE_DIR}/tfm_ioctl_core_ns_api.c)
|
||||
endif()
|
||||
|
||||
else()
|
||||
zephyr_library_link_libraries(
|
||||
${TFM_API_NS_PATH}
|
||||
${PLATFORM_NS_FILE}
|
||||
)
|
||||
endif()
|
||||
|
||||
zephyr_include_directories(
|
||||
${TFM_GENERATED_INCLUDES}
|
||||
)
|
||||
|
@ -346,11 +410,6 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
)
|
||||
|
||||
zephyr_library_link_libraries(
|
||||
${PSA_TEST_VAL_FILE}
|
||||
${PSA_TEST_PAL_FILE}
|
||||
${PSA_TEST_COMBINE_FILE}
|
||||
${PLATFORM_NS_FILE}
|
||||
${TFM_API_NS_PATH}
|
||||
${VENEERS_FILE}
|
||||
)
|
||||
|
||||
|
@ -408,7 +467,7 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
set(NS_SIGNED_FILE ${CMAKE_BINARY_DIR}/zephyr_ns_signed.hex)
|
||||
set(S_SIGNED_FILE ${CMAKE_BINARY_DIR}/tfm_s_signed.hex)
|
||||
|
||||
if (CONFIG_TFM_REGRESSION_NS)
|
||||
if (CONFIG_TFM_USE_NS_APP)
|
||||
# Use the TF-M NS binary as the Non-Secure application firmware image
|
||||
set(NS_APP_FILE $<TARGET_PROPERTY:tfm,TFM_NS_HEX_FILE>)
|
||||
else()
|
||||
|
@ -453,7 +512,7 @@ if (CONFIG_BUILD_WITH_TFM)
|
|||
)
|
||||
|
||||
else()
|
||||
if (CONFIG_TFM_REGRESSION_NS)
|
||||
if (CONFIG_TFM_USE_NS_APP)
|
||||
tfm_sign(sign_cmd_ns NS TRUE ${NS_APP_FILE} ${NS_SIGNED_FILE})
|
||||
else()
|
||||
tfm_sign(sign_cmd_ns NS FALSE ${NS_APP_FILE} ${NS_SIGNED_FILE})
|
||||
|
|
|
@ -206,6 +206,31 @@ config TFM_BL2
|
|||
TFM is designed to run with MCUboot in a certain configuration.
|
||||
This config adds MCUboot to the build - built via TFM's build system.
|
||||
|
||||
config TFM_BUILD_NS
|
||||
bool "Build the TF-M Non-Secure application and libraries"
|
||||
help
|
||||
Instruct the TF-M build system to build the TF-M Non-Secure
|
||||
application and libraries.
|
||||
|
||||
This option is intended for testing purposes only, since this is the
|
||||
easiest way to build the TF-M regression tests application and test
|
||||
support libraries in the zephyr build system.
|
||||
|
||||
config TFM_USE_NS_APP
|
||||
bool "Use the TF-M Non-Secure application"
|
||||
depends on TFM_BUILD_NS
|
||||
help
|
||||
The TF-M build system can produce multiple executable files.
|
||||
The main one is the TF-M secure firmware. Optionally the TF-M
|
||||
non-secure application can be built.
|
||||
Usually the TF-M non-secure application is not used since the
|
||||
zephyr application is the non-secure application.
|
||||
With this option enabled this is reversed and the TF-M non-secure
|
||||
application is used instead of the Zephyr non-secure application.
|
||||
|
||||
This option is intended for testing purposes only, since this is the
|
||||
easiest way to integrate and run the TF-M regression tests in the
|
||||
zephyr build system.
|
||||
if TFM_BL2
|
||||
|
||||
config TFM_MCUBOOT_IMAGE_NUMBER
|
||||
|
@ -265,12 +290,15 @@ config TFM_REGRESSION_S
|
|||
help
|
||||
When enabled, this option signifies that the TF-M build includes
|
||||
the Secure domain regression tests.
|
||||
The regression tests will be included in the TF-M secure firmware.
|
||||
|
||||
config TFM_REGRESSION_NS
|
||||
bool "Use the TF-M Non-Secure Regression test application"
|
||||
bool "TF-M Non-Secure Regression tests"
|
||||
help
|
||||
When this is enabled, the Zephyr application as a whole will be
|
||||
replaced with the TF-M Non-Secure Regression test application.
|
||||
When enabled, this option signifies that the TF-M build includes
|
||||
the Non-Secure domain regression tests.
|
||||
The regression tests will be included in the TF-M non-secure
|
||||
application.
|
||||
|
||||
choice TFM_PSA_TEST
|
||||
prompt "Enable a PSA test suite"
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
#
|
||||
|
||||
CONFIG_BUILD_WITH_TFM=y
|
||||
CONFIG_TFM_BUILD_NS=y
|
||||
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
|
||||
CONFIG_QEMU_ICOUNT_SHIFT=1
|
||||
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
|
||||
CONFIG_BUILD_WITH_TFM=y
|
||||
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y
|
||||
CONFIG_TFM_BUILD_NS=y
|
||||
CONFIG_TFM_USE_NS_APP=y
|
||||
CONFIG_TFM_REGRESSION_S=y
|
||||
CONFIG_TFM_REGRESSION_NS=y
|
||||
|
||||
|
|
Loading…
Reference in a new issue