ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

M2354: Fix compile error with TF-M integration (#325) 

* M2354: Fix compile error with TF-M

In CMake, mbed-psa moves out of mbed-core, its library type changing to
STATIC from INTERFACE. Following this modification, the platform TF-M
code relying on mbed-psa needs to explicitly specify the dependency
through target_link_libraries().

* M2354: Enable OUTPUT_EXT set to either bin or hex

Update post-build script to enable OUTPUT_EXT can be set to "bin" or
"hex" in targets.json5.

* NUVOTON: Locate correct python3 command path across platforms

shutil.which("python3") can locate incorrect path when there are multiple
python3 installations. Instead, follow the link below, use sys.executable.
https://docs.python.org/3/library/sys.html#sys.executable
pull/15530/head
ccli8 2024-08-23 10:40:30 +08:00 committed by GitHub
parent c3802999db
commit 88de6a1070
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 28 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
targets/TARGET_NUVOTON/TARGET_M2354/TARGET_TFM/CMakeLists.txt
View File

@ -18,3 +18,8 @@ target_sources(mbed-m2354-tfm
platform_extra_secure_compat.c platform_extra_secure_compat.c
tfm_ns_interface.c tfm_ns_interface.c
) )
target_link_libraries(mbed-m2354-tfm
INTERFACE
mbed-psa
)

34
targets/TARGET_NUVOTON/scripts/NUVOTON.py
View File

@ -24,20 +24,21 @@ import shutil
import argparse import argparse
from intelhex import IntelHex from intelhex import IntelHex
from datetime import datetime from datetime import datetime
import sys
SCRIPT_DIR = dirname(abspath(__file__)) SCRIPT_DIR = dirname(abspath(__file__))
MBED_OS_ROOT = abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir, os.pardir)) MBED_OS_ROOT = abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir, os.pardir))
def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_bin): def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_binhex):
SECURE_ROOT = abspath(tfm_import_path) SECURE_ROOT = abspath(tfm_import_path)
secure_bin = path_join(SECURE_ROOT, 'tfm_s.bin') secure_bin = path_join(SECURE_ROOT, 'tfm_s.bin')
assert os.path.isfile(secure_bin) assert os.path.isfile(secure_bin)
non_secure_bin = abspath(non_secure_bin) non_secure_binhex = abspath(non_secure_binhex)
assert os.path.isfile(non_secure_bin) assert os.path.isfile(non_secure_binhex)
build_dir = dirname(non_secure_bin) build_dir = dirname(non_secure_binhex)
tempdir = path_join(build_dir, 'temp') tempdir = path_join(build_dir, 'temp')
if not isdir(tempdir): if not isdir(tempdir):
os.makedirs(tempdir) os.makedirs(tempdir)
@ -46,13 +47,20 @@ def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_bin):
bl2_bin = path_join(SECURE_ROOT, 'bl2.bin') bl2_bin = path_join(SECURE_ROOT, 'bl2.bin')
s_bin_basename = splitext(basename(secure_bin))[0] s_bin_basename = splitext(basename(secure_bin))[0]
ns_bin_basename = splitext(basename(non_secure_bin))[0] ns_bin_basename = splitext(basename(non_secure_binhex))[0]
signing_key = path_join(SECURE_ROOT, 'signing_key', signing_key) signing_key = path_join(SECURE_ROOT, 'signing_key', signing_key)
assert os.path.isfile(signing_key) assert os.path.isfile(signing_key)
# Create non_secure_bin for signing if non_secure_binhex is hex
non_secure_bin = splitext(non_secure_binhex)[0] + ".bin"
if os.path.splitext(non_secure_binhex)[1].lower() == ".hex":
non_secure_ih = IntelHex()
non_secure_ih.loadhex(non_secure_binhex)
non_secure_ih.tobinfile(non_secure_bin)
# Find Python 3 command name across platforms # Find Python 3 command name across platforms
python3_cmd = "python3" if shutil.which("python3") is not None else "python" python3_cmd = sys.executable
# Specify image version # Specify image version
# #
@ -162,7 +170,7 @@ def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_bin):
signed_concat_bin = abspath(path_join(tempdir, 'tfm_s_signed_' + ns_bin_basename + '_signed_concat' + '.bin')) signed_concat_bin = abspath(path_join(tempdir, 'tfm_s_signed_' + ns_bin_basename + '_signed_concat' + '.bin'))
s_update_bin = abspath(path_join(build_dir, s_bin_basename + '_update' + '.bin')) s_update_bin = abspath(path_join(build_dir, s_bin_basename + '_update' + '.bin'))
ns_update_bin = abspath(path_join(build_dir, ns_bin_basename + '_update' + '.bin')) ns_update_bin = abspath(path_join(build_dir, ns_bin_basename + '_update' + '.bin'))
#1. Run wrapper to sign the secure TF-M binary #1. Run wrapper to sign the secure TF-M binary
cmd_wrapper[pos_wrapper_signing_key] = signing_key cmd_wrapper[pos_wrapper_signing_key] = signing_key
cmd_wrapper[pos_wrapper_layout] = image_macros_s cmd_wrapper[pos_wrapper_layout] = image_macros_s
@ -206,8 +214,8 @@ def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_bin):
out_ih = IntelHex() out_ih = IntelHex()
out_ih.loadbin(bl2_bin) out_ih.loadbin(bl2_bin)
out_ih.loadbin(signed_concat_bin, flash_area_0_offset) out_ih.loadbin(signed_concat_bin, flash_area_0_offset)
out_ih.tofile(splitext(non_secure_bin)[0] + ".hex", 'hex') out_ih.tofile(splitext(non_secure_binhex)[0] + ".bin", 'bin')
out_ih.tobinfile(non_secure_bin) out_ih.tofile(splitext(non_secure_binhex)[0] + ".hex", 'hex')
# Generate firmware update file for PSA Firmware Update # Generate firmware update file for PSA Firmware Update
shutil.copy(s_signed_bin, s_update_bin) shutil.copy(s_signed_bin, s_update_bin)
@ -250,8 +258,8 @@ def tfm_sign_image(tfm_import_path, signing_key, signing_key_1, non_secure_bin):
out_ih = IntelHex() out_ih = IntelHex()
out_ih.loadbin(bl2_bin) out_ih.loadbin(bl2_bin)
out_ih.loadbin(concat_signed_bin, flash_area_0_offset) out_ih.loadbin(concat_signed_bin, flash_area_0_offset)
out_ih.tofile(splitext(non_secure_bin)[0] + ".hex", 'hex') out_ih.tofile(splitext(non_secure_binhex)[0] + ".bin", 'bin')
out_ih.tobinfile(non_secure_bin) out_ih.tofile(splitext(non_secure_binhex)[0] + ".hex", 'hex')
# Generate firmware update file for PSA Firmware Update # Generate firmware update file for PSA Firmware Update
shutil.copy(concat_signed_bin, update_bin) shutil.copy(concat_signed_bin, update_bin)
@ -357,7 +365,7 @@ def parse_args():
) )
parser_tfm_sign_image.add_argument( parser_tfm_sign_image.add_argument(
"--non-secure-bin", "--non-secure-binhex",
help="Path to the non-secure binary", help="Path to the non-secure binary",
required=True required=True
) )
@ -368,4 +376,4 @@ def parse_args():
if __name__ == "__main__": if __name__ == "__main__":
args = parse_args() args = parse_args()
args.func(args.tfm_import_path, args.signing_key, args.signing_key_1, args.non_secure_bin) args.func(args.tfm_import_path, args.signing_key, args.signing_key_1, args.non_secure_binhex)

4
targets/TARGET_NUVOTON/scripts/mbed_set_post_build_nuvoton.cmake
View File

@ -30,7 +30,7 @@ macro(mbed_post_build_nuvoton_tfm_sign_image
--tfm-import-path ${tfm_import_path} --tfm-import-path ${tfm_import_path}
--signing_key ${signing_key} --signing_key ${signing_key}
--signing_key_1 ${signing_key_1} --signing_key_1 ${signing_key_1}
--non-secure-bin $<TARGET_FILE_DIR:${target}>/$<TARGET_FILE_BASE_NAME:${target}>.bin --non-secure-binhex $<TARGET_FILE_DIR:${target}>/$<TARGET_FILE_BASE_NAME:${target}>.${MBED_OUTPUT_EXT}
) )
else() else()
add_custom_command( add_custom_command(
@ -43,7 +43,7 @@ macro(mbed_post_build_nuvoton_tfm_sign_image
tfm_sign_image tfm_sign_image
--tfm-import-path ${tfm_import_path} --tfm-import-path ${tfm_import_path}
--signing_key ${signing_key} --signing_key ${signing_key}
--non-secure-bin $<TARGET_FILE_DIR:${target}>/$<TARGET_FILE_BASE_NAME:${target}>.bin --non-secure-binhex $<TARGET_FILE_DIR:${target}>/$<TARGET_FILE_BASE_NAME:${target}>.${MBED_OUTPUT_EXT}
) )
endif() endif()
endfunction() endfunction()