ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #10070 from kfnta/tool_options 

PSA more options in release tool
pull/9904/head
Cruz Monrreal 2019-03-27 00:37:14 -05:00 committed by GitHub
parent 54e1ec6ea5 42a9d485e7
commit 7e7f4f561b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 181 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tools/psa/README.md
View File

@ -11,9 +11,9 @@ This document describes the following scripts:
## \_\_init\_\_.py
This file holds common functions dedicated to help SiP with their postbuild logic.
This file holds common functions dedicated to help SiP with their post-build logic.
* find_secure_image - Scans a Resource object to find the correct binary of the secure image to merge with the nonsecure build.
* find_secure_image - Scans a Resource object to find the correct binary of the secure image to merge with the non-secure build.
## Code generation scripts
@ -22,30 +22,36 @@ Mbed OS holds two implementations of PSA:
* MBED_SPM - Implementation for dual-core v7 targets.
* TF-M - Implementation for v8 targets.
Each implementation requires a set of autogenerated files describing the secure partitions:
Each implementation requires a set of auto-generated files describing the secure partitions:
* `generate_partition_code.py` - Generate files for both implementations.
* `generate_mbed_spm_partition_code.py` - Generate files for MBED_SPM.
* `generate_tfm_partition_code.py` - Generate files for TF-M.
* `mbed_spm_tfm_common.py` - Holds common functions for both.
* `mbed_spm_tfm_common.py` - Holds common functions for both.
## Secure image generation
`release.py` is the script assigned with compiling the secure images:
```
usage: release.py [-h] [-m MCU] [-d] [--commit]
usage: release.py [-h] [-m MCU] [-d] [-q] [-l] [--commit] [--skip-tests]
[-x ...]
optional arguments:
-h, --help show this help message and exit
-m MCU, --mcu MCU build for the given MCU
-d, --debug set build profile to debug
--commit create a git commit for each platform
-h, --help show this help message and exit
-m MCU, --mcu MCU build for the given MCU
-d, --debug set build profile to debug
-q, --quiet No Build log will be printed
-l, --list Print supported PSA secure targets
--commit create a git commit for each platform
--skip-tests skip the test build phase
-x ..., --extra ... additional build parameters
```
* When `MCU ` is not specified, the script compiles all the images for all the targets.
* When `-d/--debug` is not specified, the script compiles the images using the release profile.
* When `--commit` is not specified, the script will not commit the images to git.
* A user can specify additional commands that will be passed on to the build commands (Ex. -D for compilation defines).
This script should be run in following scenarios:

231
tools/psa/release.py
View File

@ -19,13 +19,23 @@ import os
import subprocess
import sys
import shutil
from argparse import ArgumentParser
import logging
import argparse
FNULL = open(os.devnull, 'w')
ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__),
os.pardir, os.pardir))
sys.path.insert(0, ROOT)
from tools.targets import Target, TARGET_MAP, TARGET_NAMES
logging.basicConfig(level=logging.DEBUG,
format='[%(name)s] %(asctime)s: %(message)s.',
datefmt='%H:%M:%S')
logger = logging.getLogger('PSA release tool')
subprocess_output = None
subprocess_err = None
MAKE_PY_LOCATTION = os.path.join(ROOT, 'tools', 'make.py')
TEST_PY_LOCATTION = os.path.join(ROOT, 'tools', 'test.py')
TFM_MBED_APP = os.path.join(ROOT, 'tools', 'psa', 'tfm', 'mbed_app.json')
@ -69,6 +79,59 @@ def _get_target_info(target):
delivery_dir])
def _get_psa_secure_targets_list():
"""
Creates a list of PSA secure targets.
:return: List of PSA secure targets.
"""
return [str(t) for t in TARGET_NAMES if
Target.get_target(t).is_PSA_secure_target]
def _get_default_image_build_command(target, toolchain, profile, args):
"""
Creates a build command for a default image.
:param target: target to be built.
:param toolchain: toolchain to be used.
:param profile: build profile.
:param args: list of extra arguments.
:return: Build command in a list form.
"""
cmd = [
sys.executable, MAKE_PY_LOCATTION,
'-t', toolchain,
'-m', target,
'--profile', profile,
'--source', ROOT,
'--build', os.path.join(ROOT, 'BUILD', target)
]
if _psa_backend(target) is 'TFM':
cmd += ['--app-config', TFM_MBED_APP]
else:
cmd += ['--artifact-name', 'psa_release_1.0']
return cmd + args
def verbose_check_call(cmd, check_call=True):
"""
Calls a shell command and logs the call.
:param cmd: command to run as a list
:param check_call: choose subprocess method (call/check_call)
:return: return code of the executed command
"""
logger.info('Running: {}'.format(' '.join(cmd)))
if check_call:
return subprocess.check_call(cmd, stdout=subprocess_output,
stderr=subprocess_err)
return subprocess.call(cmd, stdout=subprocess_output, stderr=subprocess_err)
def get_mbed_official_psa_release(target=None):
"""
Creates a list of PSA targets with default toolchain and
@ -77,18 +140,13 @@ def get_mbed_official_psa_release(target=None):
:param target: Ask for specific target, None for all targets.
:return: List of tuples (target, toolchain, delivery directory).
"""
psa_targets_release_list = []
psa_secure_targets = [t for t in TARGET_NAMES if
Target.get_target(t).is_PSA_secure_target]
psa_secure_targets = _get_psa_secure_targets_list()
logger.debug("Found the following PSA targets: {}".format(
', '.join(psa_secure_targets)))
if target is not None:
if target not in psa_secure_targets:
raise Exception("{} is not a PSA secure target".format(target))
psa_targets_release_list.append(_get_target_info(target))
else:
for t in psa_secure_targets:
psa_targets_release_list.append(_get_target_info(t))
return [_get_target_info(target)]
return psa_targets_release_list
return [_get_target_info(t) for t in psa_secure_targets]
def create_mbed_ignore(build_dir):
@ -97,19 +155,24 @@ def create_mbed_ignore(build_dir):
:param build_dir: Directory to create .mbedignore file.
"""
logger.debug('Created .mbedignore in {}'.format(build_dir))
with open(os.path.join(build_dir, '.mbedignore'), 'w') as f:
f.write('*\n')
def build_mbed_spm_platform(target, toolchain, profile='release'):
def build_tests_mbed_spm_platform(target, toolchain, profile, args):
"""
Builds Secure images for MBED-SPM target.
:param target: target to be built.
:param toolchain: toolchain to be used.
:param profile: build profile.
:param args: list of extra arguments.
"""
subprocess.check_call([
logger.info(
"Building tests images({}) for {} using {} with {} profile".format(
MBED_PSA_TESTS, target, toolchain, profile))
cmd = [
sys.executable, TEST_PY_LOCATTION,
'--greentea',
'--profile', profile,
@ -121,40 +184,30 @@ def build_mbed_spm_platform(target, toolchain, profile='release'):
target, 'test_spec.json'),
'--build-data', os.path.join(ROOT, 'BUILD', 'tests',
target, 'build_data.json'),
'-n', MBED_PSA_TESTS
])
'-n', MBED_PSA_TESTS] + args
subprocess.check_call([
sys.executable, MAKE_PY_LOCATTION,
'-t', toolchain,
'-m', target,
'--profile', profile,
'--source', ROOT,
'--build', os.path.join(ROOT, 'BUILD', target),
'--artifact-name', 'psa_release_1.0'
])
verbose_check_call(cmd)
logger.info(
"Finished building tests images({}) for {} successfully".format(
MBED_PSA_TESTS, target))
def _tfm_test_defines(test):
"""
Creates a define list to enable test partitions on TF-M.
:param test: Test name.
:return: List of defines with a leading -D.
"""
return ['-D{}'.format(define) for define in TFM_TESTS[test]]
def build_tfm_platform(target, toolchain, profile='release'):
def build_tests_tfm_platform(target, toolchain, profile, args):
"""
Builds Secure images for TF-M target.
:param target: target to be built.
:param toolchain: toolchain to be used.
:param profile: build profile.
:param args: list of extra arguments.
"""
for test in TFM_TESTS.keys():
subprocess.check_call([
logger.info(
"Building tests image({}) for {} using {} with {} profile".format(
test, target, toolchain, profile))
test_defines = ['-D{}'.format(define) for define in TFM_TESTS[test]]
cmd = [
sys.executable, TEST_PY_LOCATTION,
'--greentea',
'--profile', profile,
@ -166,18 +219,12 @@ def build_tfm_platform(target, toolchain, profile='release'):
target, 'test_spec.json'),
'--build-data', os.path.join(ROOT, 'BUILD', 'tests',
target, 'build_data.json'),
'--app-config', TFM_MBED_APP, '-n', test] + _tfm_test_defines(test),
stdout=subprocess.PIPE)
'-n', test,
'--app-config', TFM_MBED_APP] + test_defines + args
subprocess.check_call([
sys.executable, MAKE_PY_LOCATTION,
'-t', toolchain,
'-m', target,
'--profile', profile,
'--source', ROOT,
'--build', os.path.join(ROOT, 'BUILD', target),
'--app-config', TFM_MBED_APP
])
verbose_check_call(cmd)
logger.info(
"Finished Building tests image({}) for {}".format(test, target))
def commit_binaries(target, delivery_dir):
@ -188,31 +235,33 @@ def commit_binaries(target, delivery_dir):
:param delivery_dir: Secure images should be moved to this folder
by the build system.
"""
changes_made = subprocess.call([
changes_made = verbose_check_call([
'git',
'-C', ROOT,
'diff', '--exit-code', '--quiet',
delivery_dir
])
delivery_dir], check_call=False)
if changes_made:
subprocess.check_call([
logger.info("Change in images for {} has been detected".format(target))
verbose_check_call([
'git',
'-C', ROOT,
'add', os.path.relpath(delivery_dir, ROOT)
])
'add', os.path.relpath(delivery_dir, ROOT)])
commit_message = '-m\"Update secure binaries for {}\"'.format(target)
subprocess.check_call([
logger.info("Committing images for {}".format(target))
commit_message = '--message="Update secure binaries for {}"'.format(
target)
verbose_check_call([
'git',
'-C', ROOT,
'commit',
commit_message
])
commit_message])
else:
logger.info("No changes detected in {}, Skipping commit".format(target))
def build_psa_platform(target, toolchain, delivery_dir, debug=False,
git_commit=False):
def build_psa_platform(target, toolchain, delivery_dir, debug, git_commit,
skip_tests, args):
"""
Calls the correct build function and commits if requested.
@ -221,22 +270,34 @@ def build_psa_platform(target, toolchain, delivery_dir, debug=False,
:param delivery_dir: Artifact directory, where images should be placed.
:param debug: Build with debug profile.
:param git_commit: Commit the changes.
:param skip_tests: skip the test images build phase.
:param args: list of extra arguments.
"""
profile = 'debug' if debug else 'release'
if _psa_backend(target) is 'TFM':
build_tfm_platform(target, toolchain, profile)
else:
build_mbed_spm_platform(target, toolchain, profile)
if not skip_tests:
if _psa_backend(target) is 'TFM':
build_tests_tfm_platform(target, toolchain, profile, args)
else:
build_tests_mbed_spm_platform(target, toolchain, profile, args)
logger.info("Building default image for {} using {} with {} profile".format(
target, toolchain, profile))
cmd = _get_default_image_build_command(target, toolchain, profile, args)
verbose_check_call(cmd)
logger.info(
"Finished building default image for {} successfully".format(target))
if git_commit:
commit_binaries(target, delivery_dir)
def get_parser():
parser = ArgumentParser()
parser = argparse.ArgumentParser()
parser.add_argument("-m", "--mcu",
help="build for the given MCU",
default=None,
choices=_get_psa_secure_targets_list(),
metavar="MCU")
parser.add_argument("-d", "--debug",
@ -244,11 +305,32 @@ def get_parser():
action="store_true",
default=False)
parser.add_argument('-q', '--quiet',
action="store_true",
default=False,
help="No Build log will be printed")
parser.add_argument('-l', '--list',
action="store_true",
default=False,
help="Print supported PSA secure targets")
parser.add_argument("--commit",
help="create a git commit for each platform",
action="store_true",
default=False)
parser.add_argument('--skip-tests',
action="store_true",
default=False,
help="skip the test build phase")
parser.add_argument('-x', '--extra',
dest='extra_args',
default=[],
nargs=argparse.REMAINDER,
help="additional build parameters")
return parser
@ -258,20 +340,39 @@ def prep_build_dir():
"""
build_dir = os.path.join(ROOT, 'BUILD')
if os.path.exists(build_dir):
logger.debug("BUILD directory already exists... Deleting")
shutil.rmtree(build_dir)
os.makedirs(build_dir)
logger.info("BUILD directory created in {}".format(build_dir))
create_mbed_ignore(build_dir)
def main():
parser = get_parser()
options = parser.parse_args()
if options.quiet:
logger.setLevel(logging.INFO)
global subprocess_output, subprocess_err
subprocess_output = FNULL
subprocess_err = subprocess.STDOUT
if options.list:
logger.info("Available platforms are: {}".format(
', '.join([t for t in _get_psa_secure_targets_list()])))
return
prep_build_dir()
psa_platforms_list = get_mbed_official_psa_release(options.mcu)
logger.info("Building the following platforms: {}".format(
', '.join([t[0] for t in psa_platforms_list])))
for target, tc, directory in psa_platforms_list:
build_psa_platform(target, tc, directory, options.debug, options.commit)
build_psa_platform(target, tc, directory, options.debug,
options.commit, options.skip_tests,
options.extra_args)
logger.info("Finished Updating PSA images")
if __name__ == '__main__':