ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Refactor: MUSCA targets post binary hook scripts 

Raise an exception if there was an issue with handling any command
when signing the binaries for MUSCA targets.
pull/14333/head
Vikas Katariya 2021-01-18 15:50:09 +00:00 committed by Lingkai Dong
parent 308ffe9e89
commit 1a8386a178
3 changed files with 31 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
tools/targets/ARM_MUSCA_B1.py → tools/targets/ARM_MUSCA.py
View File

@ -23,10 +23,10 @@ import subprocess
SCRIPT_DIR = dirname(abspath(__file__))
MBED_OS_ROOT = abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir))
MUSCA_B1_BASE = path_join(MBED_OS_ROOT, 'targets', 'TARGET_ARM_SSG', 'TARGET_MUSCA_B1')
def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
def musca_tfm_bin(t_self, non_secure_bin, secure_bin, target_name):
MUSCA_BASE = path_join(MBED_OS_ROOT, 'targets', 'TARGET_ARM_SSG', ('TARGET_' + target_name))
assert os.path.isfile(secure_bin)
assert os.path.isfile(non_secure_bin)
@ -34,10 +34,10 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
tempdir = path_join(build_dir, 'temp')
if not isdir(tempdir):
os.makedirs(tempdir)
flash_layout = path_join(MUSCA_B1_BASE, 'partition', 'flash_layout.h')
mcuboot_bin = path_join(MUSCA_B1_BASE, 'bl2.bin')
image_macros_s = path_join(MUSCA_B1_BASE, 'partition', 'signing_layout_s.c')
image_macros_ns = path_join(MUSCA_B1_BASE, 'partition', 'signing_layout_ns.c')
flash_layout = path_join(MUSCA_BASE, 'partition', 'flash_layout.h')
mcuboot_bin = path_join(MUSCA_BASE, 'bl2.bin')
image_macros_s = path_join(MUSCA_BASE, 'partition', 'signing_layout_s.c')
image_macros_ns = path_join(MUSCA_BASE, 'partition', 'signing_layout_ns.c')
s_bin_name, s_bin_ext = splitext(basename(secure_bin))
s_signed_bin = abspath(path_join(tempdir, s_bin_name + '_signed' + s_bin_ext))
ns_bin_name, ns_bin_ext = splitext(basename(non_secure_bin))
@ -54,7 +54,7 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
"-v",
'1.2.0',
"-k",
path_join(SCRIPT_DIR, 'musca_b1-root-rsa-3072.pem'),
path_join(SCRIPT_DIR, (target_name.lower() + '-root-rsa-3072.pem')),
"--layout",
image_macros_s,
"--public-key-format",
@ -74,7 +74,11 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
s_signed_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
retcode = run_cmd(cmd, MBED_OS_ROOT)
if retcode:
raise Exception("Unable to sign " + target_name +
" secure binary, Error code: " + retcode)
return
#2. Run wrapper to sign the non-secure mbed binary
cmd = [
@ -83,7 +87,7 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
"-v",
'1.2.0',
"-k",
path_join(SCRIPT_DIR, 'musca_b1-root-rsa-3072_1.pem'),
path_join(SCRIPT_DIR, (target_name.lower() + '-root-rsa-3072_1.pem')),
"--layout",
image_macros_ns,
"--public-key-format",
@ -103,7 +107,11 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
ns_signed_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
retcode = run_cmd(cmd, MBED_OS_ROOT)
if retcode:
raise Exception("Unable to sign " + target_name +
" non-secure binary, Error code: " + retcode)
return
#3. Concatenate signed secure TFM and non-secure mbed binaries
cmd = [
@ -119,7 +127,11 @@ def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
concatenated_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
retcode = run_cmd(cmd, MBED_OS_ROOT)
if retcode:
raise Exception("Unable to concatenate " + target_name +
" binaries, Error code: " + retcode)
return
#4. Concatenate mcuboot and signed binary and overwrite mbed built binary file
mcuboot_image_size = find_bl2_size(flash_layout)
@ -145,7 +157,11 @@ def run_cmd(cmd, directory):
POPEN_INSTANCE = subprocess.Popen(
cmd,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
cwd=directory,
)
POPEN_INSTANCE.communicate()
return POPEN_INSTANCE.returncode

151
tools/targets/ARM_MUSCA_S1.py
View File

@ -1,151 +0,0 @@
#!/usr/bin/python
# Copyright (c) 2017-2021 Arm Limited
#
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
from os.path import abspath, basename, dirname, splitext, isdir
from os.path import join as path_join
import re
import subprocess
SCRIPT_DIR = dirname(abspath(__file__))
MBED_OS_ROOT = abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir))
MUSCA_S1_BASE = path_join(MBED_OS_ROOT, 'targets', 'TARGET_ARM_SSG', 'TARGET_MUSCA_S1')
def musca_tfm_bin(t_self, non_secure_bin, secure_bin):
assert os.path.isfile(secure_bin)
assert os.path.isfile(non_secure_bin)
build_dir = dirname(non_secure_bin)
tempdir = path_join(build_dir, 'temp')
if not isdir(tempdir):
os.makedirs(tempdir)
flash_layout = path_join(MUSCA_S1_BASE, 'partition', 'flash_layout.h')
mcuboot_bin = path_join(MUSCA_S1_BASE, 'bl2.bin')
image_macros_s = path_join(MUSCA_S1_BASE, 'partition', 'signing_layout_s.c')
image_macros_ns = path_join(MUSCA_S1_BASE, 'partition', 'signing_layout_ns.c')
s_bin_name, s_bin_ext = splitext(basename(secure_bin))
s_signed_bin = abspath(path_join(tempdir, s_bin_name + '_signed' + s_bin_ext))
ns_bin_name, ns_bin_ext = splitext(basename(non_secure_bin))
ns_signed_bin = abspath(path_join(tempdir, 'tfm_' + ns_bin_name + '_signed' + ns_bin_ext))
concatenated_bin = abspath(path_join(tempdir, s_bin_name + '_' + ns_bin_name + '_concat' + ns_bin_ext))
assert os.path.isfile(image_macros_s)
assert os.path.isfile(image_macros_ns)
#1. Run wrapper to sign the TF-M secure binary
cmd = [
"python3",
path_join(MBED_OS_ROOT, "tools", "psa","tfm", "bin_utils","wrapper.py"),
"-v",
'1.2.0',
"-k",
path_join(SCRIPT_DIR, 'musca_s1-root-rsa-3072.pem'),
"--layout",
image_macros_s,
"--public-key-format",
'full',
"--align",
'1',
"--pad",
"--pad-header",
"-H",
'0x400',
"--overwrite-only",
"-s",
'auto',
"-d",
'(0,0.0.0+0)',
abspath(secure_bin),
s_signed_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
#2. Run wrapper to sign the non-secure mbed binary
cmd = [
"python3",
path_join(MBED_OS_ROOT, "tools", "psa","tfm", "bin_utils","wrapper.py"),
"-v",
'1.2.0',
"-k",
path_join(SCRIPT_DIR, 'musca_s1-root-rsa-3072_1.pem'),
"--layout",
image_macros_ns,
"--public-key-format",
'full',
"--align",
'1',
"--pad",
"--pad-header",
"-H",
'0x400',
"--overwrite-only",
"-s",
'auto',
"-d",
'(1,0.0.0+0)',
abspath(non_secure_bin),
ns_signed_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
#3. Concatenate signed secure TFM and non-secure mbed binaries
cmd = [
"python3",
path_join(MBED_OS_ROOT, "tools", "psa","tfm", "bin_utils","assemble.py"),
"--layout",
image_macros_s,
"-s",
s_signed_bin,
"-n",
ns_signed_bin,
"-o",
concatenated_bin,
]
run_cmd(cmd, MBED_OS_ROOT)
#4. Concatenate mcuboot and signed binary and overwrite mbed built binary file
mcuboot_image_size = find_bl2_size(flash_layout)
with open(mcuboot_bin, "rb") as mcuboot_fh, open(concatenated_bin, "rb") as concat_fh:
with open(non_secure_bin, "w+b") as out_fh:
out_fh.write(mcuboot_fh.read())
out_fh.seek(mcuboot_image_size)
out_fh.write(concat_fh.read())
def find_bl2_size(configFile):
bl2_size_re = re.compile(r"^#define\s+FLASH_AREA_BL2_SIZE\s+\({0,1}(0x[0-9a-fA-F]+)\){0,1}")
bl2_size = None
with open(configFile, 'r') as flash_layout_file:
for line in flash_layout_file:
m = bl2_size_re.match(line)
if m is not None:
bl2_size = int(m.group(1), 0)
break
return bl2_size
def run_cmd(cmd, directory):
POPEN_INSTANCE = subprocess.Popen(
cmd,
cwd=directory,
)
POPEN_INSTANCE.communicate()

8
tools/targets/__init__.py
View File

@ -685,7 +685,7 @@ class ArmMuscaB1Code(object):
"""Musca-B1 Hooks"""
@staticmethod
def binary_hook(t_self, resources, elf, binf):
from tools.targets.ARM_MUSCA_B1 import musca_tfm_bin
from tools.targets.ARM_MUSCA import musca_tfm_bin
configured_secure_image_filename = t_self.target.secure_image_filename
secure_bin = find_secure_image(
t_self.notify,
@ -694,13 +694,13 @@ class ArmMuscaB1Code(object):
configured_secure_image_filename,
FileType.BIN
)
musca_tfm_bin(t_self, binf, secure_bin)
musca_tfm_bin(t_self, binf, secure_bin, 'MUSCA_B1')
class ArmMuscaS1Code(object):
"""Musca-S1 Hooks"""
@staticmethod
def binary_hook(t_self, resources, elf, binf):
from tools.targets.ARM_MUSCA_S1 import musca_tfm_bin
from tools.targets.ARM_MUSCA import musca_tfm_bin
configured_secure_image_filename = t_self.target.secure_image_filename
secure_bin = find_secure_image(
t_self.notify,
@ -709,7 +709,7 @@ class ArmMuscaS1Code(object):
configured_secure_image_filename,
FileType.BIN
)
musca_tfm_bin(t_self, binf, secure_bin)
musca_tfm_bin(t_self, binf, secure_bin, 'MUSCA_S1')
def find_secure_image(notify, resources, ns_image_path,
configured_s_image_filename, image_type):