ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add default secure boot params to targets.json, add option to post build to redefine them in mbed_app.json

pull/12787/head
Roman Okhrimenko 2020-03-20 00:06:48 +02:00
parent 9294eee878
commit ae733ffc11
3 changed files with 64 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
targets/targets.json
View File

@ -14093,8 +14093,11 @@
],
"forced_reset_timeout": 5,
"hex_filename": "psoc64_02_cm0_secure.hex",
"cm0_img_id": 1,
"cm4_img_id": 16,
"policy_file": "policy_multi_CM0_CM4.json",
"post_binary_hook": {
"function": "PSOC6Code.sign_es_image"
"function": "PSOC6Code.sign_es100_image"
},
"overrides": {
"network-default-interface-type": "WIFI"

71
tools/targets/PSOC6.py
View File

@ -25,7 +25,6 @@ import json
from intelhex import IntelHex, hex2bin, bin2hex
from ..config import ConfigException
from ..settings import ROOT
# The size of the program data in Cypress HEX files is limited to 0x80000000
# Higher addresses contain additional metadata (chip protection, eFuse data, etc..)
@ -487,7 +486,7 @@ def sign_image(toolchain, binf):
toolchain.notify.info("Image UPGRADE: " + out_hex_name + "\n")
def sign_es_image(toolchain, elf, binf, m0hex):
def sign_es100_image(toolchain, resourses, elf, binf, m0hex):
"""
Adds signature to a binary file being built,
using cysecuretools python package.
@ -518,20 +517,20 @@ def sign_es_image(toolchain, elf, binf, m0hex):
from pathlib import Path, PurePath
mbed_os_root = Path(ROOT)
mbed_os_root = Path(os.getcwd())
# Use custom policy file defined in users mbed_app.json or use default
# policy if no custom policy exists
try:
policy_path = Path(str(toolchain.config.get_config_data()[0]["app.policy_file"].value))
if policy_path.is_absolute():
policy_path = Path(toolchain.target.policy_file)
if policy_path.is_absolute():
policy_file = policy_path
else:
policy_path = mbed_os_root / policy_path
if os.path.isfile(str(policy_path)):
policy_file = policy_path
else:
policy_file = mbed_os_root / policy_path
toolchain.notify.debug("[PSOC6.sign_image] Using custom policy file at: " + str(policy_file))
except KeyError as e:
policy_file = mbed_os_root / Path("targets/TARGET_Cypress/TARGET_PSOC6/TARGET_" + toolchain.target.name + "/policy_multi_CM0_CM4.json")
toolchain.notify.debug("[PSOC6.sign_image] Using default policy file at: " + str(policy_file))
policy_file = Path(find_policy(toolchain, resourses))
toolchain.notify.info("[PSOC6.sign_image] Using policy file: " + str(policy_file))
# Append cysecuretools path to sys.path and import cysecuretools. This will
# prioritize system installations of cysecuretools over the included
@ -541,12 +540,54 @@ def sign_es_image(toolchain, elf, binf, m0hex):
import cysecuretools
tools = cysecuretools.CySecureTools(secure_target, str(policy_file))
tools.sign_image(m0hex, image_id=1)
tools.sign_image(binf, image_id=16)
sign_application(toolchain, tools, m0hex, image_id=toolchain.target.cm0_img_id)
sign_application(toolchain, tools, binf, image_id=toolchain.target.cm4_img_id)
complete(toolchain, elf, hexf0=binf, hexf1=m0hex)
def sign_application(toolchain, tools, binary, image_id):
"""
Helper function for adding signature to binary
:param tools: CySecureTools object
:param binary: Path to binary file to add signature
:param image_id: ID of image slot in which binary will be flashed
"""
# Get address and size of image slot from policy for passed image_id
# UPGRADE image will be generated automatically by cysecuretools
address, size = tools.flash_map(image_id=image_id, image_type="BOOT")
tools.sign_image(binary, image_id)
toolchain.notify.debug("[PSOC6.sign_image] Slot start address and size for image ID " \
+ str(image_id) + " is " + hex(address) + ", " + hex(size))
def find_policy(toolchain, resources):
"""
Locate path to policy file, defined in targets.json
:param toolchain: toolchain object from mbed build system
:param resources: resources object from mbed build system
"""
policy_filename = toolchain.target.policy_file
if policy_filename is None:
return None
# Locate user-specified image
from tools.resources import FileType
json_files = resources.get_file_paths(FileType.JSON)
policy = next((f for f in json_files if os.path.basename(f) == policy_filename), None)
if policy:
toolchain.notify.info("Policy file found: %s." % policy)
else:
toolchain.notify.info("Policy file %s not found. Aborting." % policy_filename)
raise ConfigException("Required policy file not found.")
return policy
def complete(toolchain, elf0, hexf0, hexf1=None):
"""
Merge CM4 and CM0 images to a single binary

8
tools/targets/__init__.py
View File

@ -695,19 +695,19 @@ class PSOC6Code(object):
psoc6_sign_image(t_self, binf)
@staticmethod
def sign_es_image(t_self, resources, elf, binf):
def sign_es100_image(t_self, resources, elf, binf):
"""
Calls sign_es_image function to add signature to Secure Boot binary file.
Calls sign_es100_image function to add signature to Secure Boot binary file.
This function is used with Cypress kits, that support cysecuretools signing.
"""
from tools.targets.PSOC6 import sign_es_image as psoc6_sign_es_image
from tools.targets.PSOC6 import sign_es100_image as psoc6_sign_es100_image
if hasattr(t_self.target, "hex_filename"):
hex_filename = t_self.target.hex_filename
# Completing main image involves merging M0 image.
from tools.targets.PSOC6 import find_cm0_image
m0hexf = find_cm0_image(t_self, resources, elf, binf, hex_filename)
psoc6_sign_es_image(t_self, elf, binf, m0hexf)
psoc6_sign_es100_image(t_self, resources, elf, binf, m0hexf)
class ArmMuscaA1Code(object):