M2351: Support non-PSA secure/non-secure combined build

Support secure/non-secure combined build for non-PSA target:
1.  In secure post-build, deliver built secure image to TARGET_NU_PREBUILD_SECURE
    directory which is to combine later.
2.  In non-secure post-build, merge non-secure image with secure image saved in
    TARGET_NU_PREBUILD_SECURE directory.
3.  In non-secure post-build, user can also drop pre-built secure image saved in
    TARGET_NU_PREBUILD_SECURE directory and provide its own by adding the line below
    in mbed_app.json:
    "target.extra_labels_remove": ["NU_PREBUILD_SECURE"]

targets/targets.json

@@ -8742,12 +8742,15 @@
         "core": "Cortex-M23-NS",
         "trustzone": true,
         "extra_labels_add": [
-            "M23_NS"
+            "M23_NS",
+            "NU_PREBUILD_SECURE"
         ],
         "macros_add": [
             "MBED_TZ_DEFAULT_ACCESS=1"
         ],
         "components_add": ["FLASHIAP"],
+        "post_binary_hook": {"function": "M2351Code.merge_secure"},
+        "secure_image_filename": "NuMaker-mbed-TZ-secure-example.hex",
         "mbed_rom_start"        : "0x10040000",
         "mbed_rom_size"         : "0x40000",
         "mbed_ram_start"        : "0x30008000",
@@ -8762,6 +8765,8 @@
         ],
         "device_has_remove": ["TRNG", "SERIAL", "SERIAL_ASYNCH", "SERIAL_FC", "STDIO_MESSAGES"],
         "components_add": ["FLASHIAP"],
+        "deliver_to_target": "NU_PFM_M2351_NPSA_NS",
+        "delivery_dir": "TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE",
         "mbed_rom_start"        : "0x0",
         "mbed_rom_size"         : "0x40000",
         "mbed_ram_start"        : "0x20000000",

tools/targets/__init__.py

@@ -725,6 +725,54 @@ class LPC55S69Code:
         )
         lpc55s69_complete(t_self, binf, secure_bin)
 
+class M2351Code:
+    """M2351 Hooks"""
+    @staticmethod
+    def merge_secure(t_self, resources, ns_elf, ns_hex):
+        t_self.notify.info("Merging non-secure image with secure image")
+        configured_secure_image_filename = t_self.target.secure_image_filename
+        t_self.notify.info("Non-secure elf image %s" % ns_elf)
+        t_self.notify.info("Non-secure hex image %s" % ns_hex)
+        t_self.notify.info("Finding secure image %s" % configured_secure_image_filename)
+        s_hex = find_secure_image(
+            t_self.notify,
+            resources,
+            ns_hex,
+            configured_secure_image_filename,
+            FileType.HEX
+        )
+        t_self.notify.info("Found secure image %s" % s_hex)
+
+        _, ext = os.path.splitext(s_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(s_hex):
+            t_self.notify.debug("Secure image %s must be regular file" % s_hex)
+            return
+
+        ns_main, ext = os.path.splitext(ns_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Non-secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(ns_hex):
+            t_self.notify.debug("Non-secure image %s must be regular file" % s_hex)
+            return
+
+        # Keep original non-secure before merge with secure
+        ns_nosecure_hex = ns_main + "_no-secure-merge" + ext
+        t_self.notify.info("Keep no-secure-merge image %s" % ns_nosecure_hex)
+        shutil.copy2(ns_hex, ns_nosecure_hex)
+
+        # Merge secure and non-secure and save to non-secure (override it)
+        from intelhex import IntelHex
+        s_ih = IntelHex()
+        s_ih.loadhex(s_hex)
+        ns_ih = IntelHex()
+        ns_ih.loadhex(ns_hex)
+        ns_ih.start_addr = None
+        s_ih.merge(ns_ih)
+        s_ih.tofile(ns_hex, 'hex')
 
 # End Target specific section
 ###############################################################################