LPC55S69: Use find_secure_image in post-build and add prebuilt secure images

targets/TARGET_NXP/TARGET_MCUXpresso_MCUS/TARGET_LPC55S69/TARGET_M33_NS/prebuilt/LICENSE-permissive-binary-license-1.0.txt

@@ -0,0 +1,49 @@
+Permissive Binary License
+
+Version 1.0, December 2018
+
+Redistribution.  Redistribution and use in binary form, without
+modification, are permitted provided that the following conditions are
+met:
+
+1) Redistributions must reproduce the above copyright notice and the
+   following disclaimer in the documentation and/or other materials
+   provided with the distribution.
+
+2) Unless to the extent explicitly permitted by law, no reverse
+   engineering, decompilation, or disassembly of this software is
+   permitted.
+
+3) Redistribution as part of a software development kit must include the
+   accompanying file named DEPENDENCIES and any dependencies listed in
+   that file.
+
+4) Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+Limited patent license. The copyright holders (and contributors) grant a
+worldwide, non-exclusive, no-charge, royalty-free patent license to
+make, have made, use, offer to sell, sell, import, and otherwise
+transfer this software, where such license applies only to those patent
+claims licensable by the copyright holders (and contributors) that are
+necessarily infringed by this software. This patent license shall not
+apply to any combinations that include this software.  No hardware is
+licensed hereunder.
+
+If you institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the software
+itself infringes your patent(s), then your rights granted under this
+license shall terminate as of the date such litigation is filed.
+
+DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
+NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

targets/TARGET_NXP/TARGET_MCUXpresso_MCUS/TARGET_LPC55S69/TARGET_M33_NS/prebuilt/README.md

@@ -0,0 +1,33 @@
+# LPC55S69_NS prebuilt secure binaries
+
+This directory tree contains Secure images released under Permissive Binary License.
+
+Built by mbed-cli using ARM Compiler 6.10.1
+
+These images were compiled by the following command:
+
+## tfm.bin
+
+```sh
+mbed compile -t ARMC6 -m LPC55S69_S --app-config tools/psa/tfm/mbed_app.json --profile release
+```
+
+## spm_smoke.bin
+
+```sh
+mbed test --compile -t ARMC6 -m LPC55S69_S --app-config tools/psa/tfm/mbed_app.json -n tests-psa-spm_smoke -DUSE_PSA_TEST_PARTITIONS -DUSE_SMOKE_TESTS_PART1 --profile release
+```
+
+## spm_client.bin
+
+```sh
+mbed test --compile -t ARMC6 -m LPC55S69_S --app-config tools/psa/tfm/mbed_app.json -n tests-psa-spm_client -DUSE_PSA_TEST_PARTITIONS -DUSE_CLIENT_TESTS_PART1 --profile release
+```
+
+## spm_server.bin
+
+```sh
+mbed test --compile -t ARMC6 -m LPC55S69_S --app-config tools/psa/tfm/mbed_app.json -n tests-psa-spm_server -DUSE_PSA_TEST_PARTITIONS -DUSE_SERVER_TESTS_PART1 -DUSE_SERVER_TESTS_PART2 --profile release
+```
+
+To update the prebuilt binaries run the previous commands.

targets/targets.json

@@ -2090,6 +2090,7 @@
             "STDIO_MESSAGES"
         ],
         "post_binary_hook": {"function": "LPC55S69Code.binary_hook"},
+        "secure_image_filename": "tfm.bin",
         "overrides": {
             "non-secure-rom-start": "0x00040000",
             "non-secure-rom-size": "0x58000",
@@ -2124,7 +2125,7 @@
             "TRNG"
         ],
         "deliver_to_target": "LPC55S69_NS",
-        "delivery_dir": "TARGET_NXP/TARGET_MCUXpresso_MCUS/TARGET_LPC55S69/TARGET_M33_NS/device",
+        "delivery_dir": "TARGET_NXP/TARGET_MCUXpresso_MCUS/TARGET_LPC55S69/TARGET_M33_NS/prebuilt",
         "overrides": {
             "non-secure-rom-start": "0x00040000",
             "non-secure-rom-size": "0x58000",

tools/targets/LPC55S69.py

@@ -25,13 +25,16 @@ SCRIPT_DIR = dirname(abspath(__file__))
 MBED_OS_ROOT = abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir))
 LPC55S69_BASE = path_join(MBED_OS_ROOT, 'targets', 'TARGET_NXP', 'TARGET_MCUXpresso_MCUS', 'TARGET_LPC55S69')
 
-def lpc55s69_tfm_bin(t_self, non_secure_bin):
+def lpc55s69_tfm_bin(t_self, non_secure_bin, secure_bin):
     tempdir = tempfile.mkdtemp()
     flash_layout = path_join(LPC55S69_BASE, 'partition', 'flash_layout.h')
-    secure_bin = path_join(LPC55S69_BASE, 'TARGET_M33_NS', 'device', 'tfm.bin')
     ns_bin_name, ns_bin_ext = splitext(basename(non_secure_bin))
     concatenated_bin = path_join(tempdir, 'tfm_' + ns_bin_name + ns_bin_ext)
 
+    assert os.path.isfile(flash_layout)
+    assert os.path.isfile(secure_bin)
+    assert os.path.isfile(non_secure_bin)
+
     #1. Concatenate secure TFM and non-secure mbed binaries
     output = Assembly(flash_layout, concatenated_bin)
     output.add_image(secure_bin, "SECURE")

tools/targets/__init__.py

@@ -30,6 +30,7 @@ from tools.resources import FileType
 from tools.targets.LPC import patch
 from tools.paths import TOOLS_BOOTLOADERS
 from tools.utils import json_file_to_dict, NotSupportedException
+from tools.psa import find_secure_image
 
 __all__ = ["target", "TARGETS", "TARGET_MAP", "TARGET_NAMES", "CORE_LABELS",
            "CORE_ARCH", "HookError", "generate_py_target", "Target",
@@ -603,7 +604,9 @@ class LPC55S69Code:
     @staticmethod
     def binary_hook(t_self, resources, elf, binf):
         from tools.targets.LPC55S69 import lpc55s69_tfm_bin
-        lpc55s69_tfm_bin(t_self, binf)
+        configured_secure_image_filename = t_self.target.secure_image_filename
+        secure_bin = find_secure_image(t_self.notify, resources, binf, configured_secure_image_filename, FileType.BIN)
+        lpc55s69_tfm_bin(t_self, binf, secure_bin)
 
 ################################################################################