Merge pull request #11288 from OpenNuvoton/nuvoton_m2351_comb-sec-nonsec

M2351: Enhance secure/non-secure image build flow for non-PSA target

targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/LICENSE

@@ -46,4 +46,4 @@ TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/README.md

@@ -1,13 +1,11 @@
-# Default secure code for M2351
-
-The M2351 is a TrustZone target that requires two codes: secure and nonsecure. Secure code runs first to set up the secure environment and then brings up the nonsecure code. `NuMaker-mbed-TZ-secure-example.hex` is the default secure code, and `cmse_lib.o` is its accompanying
-secure gateway library, which exports secure functions to nonsecure code. It is built from the [secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example). Because secure and nonsecure code may start at an address other than `0x0`, we have chosen `.hex` rather than `.bin` as the output format.
+The M2351 is a TrustZone target that requires two codes: secure and nonsecure. Secure code runs first to set up the secure environment and then brings up the nonsecure code. `NuMaker-mbed-TZ-secure-example.hex` is the pre-built secure image, and `cmse_lib.o` is its accompanying
+secure gateway library, which exports secure functions to nonsecure code. It is built from the [non-PSA secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example). Because secure and nonsecure code may start at an address other than `0x0`, we have chosen `.hex` rather than `.bin` as the output format.
 
 ## Hardware partition
 
-On TrustZone targets, you need to partition the hardware first for secure code to run on secure worlds and nonsecure code to run on nonsecure worlds.
+On TrustZone targets, you need to partition the hardware first for secure code to run on secure world and nonsecure code to run on nonsecure world.
 
-The default secure code has the following hardware partition:
+The pre-built secure code has the following hardware partition:
 
 - Flash (512KiB in total): 256KiB for secure and 256KiB for nonsecure.
 - SRAM (96KiB in total): 32KiB for secure and 64KiB for nonsecure.
@@ -21,10 +19,13 @@ The default secure code has the following hardware partition:
     - **PDMA0** hardwired to secure. Implements secure asynchronous transfer.
     - **PDMA1** configured to nonsecure. Implements nonsecure asynchronous transfer.
 
-## Flash secure and nonsecure code
+## Pre-built secure code files
 
-To flash secure and nonsecure code on the M2351, drag-and-drop `NuMaker-mbed-TZ-secure-example.hex` first, and then build the user program, for example, [mbed-os-example-blinky.hex](https://github.com/ARMmbed/mbed-os-example-blinky).
+-   NuMaker-mbed-TZ-secure-example.hex
+    Pre-built secure image generated in non-PSA secure target build and to combine with non-secure image in non-PSA non-secure target post-build
+-   cmse_lib.o
+    Pre-built secure gateway library generated in non-PSA secure target build and to link with non-secure code in non-PSA non-secure target build
 
 ## Reference
 
-Please refer to the [secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example) for details.
+Please refer to the [non-PSA secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example) for details.

targets/targets.json

@@ -8669,8 +8669,7 @@
         "macros_add": ["CMSDK_CM7"],
         "device_has_add": ["MPU"]
     },
-    "NUMAKER_PFM_M2351": {
-        "core": "Cortex-M23-NS",
+    "NU_PFM_M2351_CM": {
         "default_toolchain": "ARMC6",
         "extra_labels": [
             "NUVOTON",
@@ -8684,7 +8683,6 @@
             "MBED_TZ_DEFAULT_ACCESS=1",
             "LPTICKER_DELAY_TICKS=4"
         ],
-        "trustzone": true,
         "is_disk_virtual": true,
         "supported_toolchains": ["ARMC6"],
         "config": {
@@ -8707,6 +8705,7 @@
         },
         "overrides": {
             "deep-sleep-latency": 1,
+            "tickless-from-us-ticker": true,
             "mpu-rom-end": "0x1fffffff"
         },
         "inherits": ["Target"],
@@ -8736,17 +8735,48 @@
             "FLASH",
             "MPU"
         ],
-        "components_add": ["FLASHIAP"],
         "detect_code": ["1305"],
         "release_versions": ["5"],
         "device_name": "M2351KIAAEES",
         "bootloader_supported": true,
         "tickless-from-us-ticker": true,
         "forced_reset_timeout": 3,
-        "mbed_rom_start"    : "0x10040000",
-        "mbed_rom_size"     : "0x40000",
-        "mbed_ram_start"    : "0x30008000",
-        "mbed_ram_size"     : "0x10000"
+        "public": false
+    },
+    "NU_PFM_M2351_NPSA_NS": {
+        "inherits": ["NU_PFM_M2351_CM"],
+        "core": "Cortex-M23-NS",
+        "trustzone": true,
+        "extra_labels_add": [
+            "M23_NS",
+            "NU_PREBUILD_SECURE"
+        ],
+        "macros_add": [
+            "MBED_TZ_DEFAULT_ACCESS=1"
+        ],
+        "components_add": ["FLASHIAP"],
+        "post_binary_hook": {"function": "M2351Code.merge_secure"},
+        "secure_image_filename": "NuMaker-mbed-TZ-secure-example.hex",
+        "mbed_rom_start"        : "0x10040000",
+        "mbed_rom_size"         : "0x40000",
+        "mbed_ram_start"        : "0x30008000",
+        "mbed_ram_size"         : "0x10000"
+    },
+    "NU_PFM_M2351_NPSA_S": {
+        "inherits": ["NU_PFM_M2351_CM"],
+        "core": "Cortex-M23",
+        "trustzone": true,
+        "extra_labels_add": [
+            "M23_S"
+        ],
+        "device_has_remove": ["TRNG"],
+        "components_add": ["FLASHIAP"],
+        "deliver_to_target": "NU_PFM_M2351_NPSA_NS",
+        "delivery_dir": "TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE",
+        "mbed_rom_start"        : "0x0",
+        "mbed_rom_size"         : "0x40000",
+        "mbed_ram_start"        : "0x20000000",
+        "mbed_ram_size"         : "0x8000"
     },
     "TMPM3H6": {
         "inherits": ["Target"],

tools/export/uvision/__init__.py

@@ -139,7 +139,8 @@ class Uvision(Exporter):
         "MTSCode.combine_bins_mts_dot",
         "MTSCode.combine_bins_mts_dragonfly",
         "NCS36510TargetCode.ncs36510_addfib",
-        "LPC55S69Code.binary_hook"
+        "LPC55S69Code.binary_hook",
+        "M2351Code.merge_secure"
     ])
 
     # File associations within .uvprojx file

tools/targets/__init__.py

@@ -725,6 +725,54 @@ class LPC55S69Code:
         )
         lpc55s69_complete(t_self, binf, secure_bin)
 
+class M2351Code:
+    """M2351 Hooks"""
+    @staticmethod
+    def merge_secure(t_self, resources, ns_elf, ns_hex):
+        t_self.notify.info("Merging non-secure image with secure image")
+        configured_secure_image_filename = t_self.target.secure_image_filename
+        t_self.notify.info("Non-secure elf image %s" % ns_elf)
+        t_self.notify.info("Non-secure hex image %s" % ns_hex)
+        t_self.notify.info("Finding secure image %s" % configured_secure_image_filename)
+        s_hex = find_secure_image(
+            t_self.notify,
+            resources,
+            ns_hex,
+            configured_secure_image_filename,
+            FileType.HEX
+        )
+        t_self.notify.info("Found secure image %s" % s_hex)
+
+        _, ext = os.path.splitext(s_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(s_hex):
+            t_self.notify.debug("Secure image %s must be regular file" % s_hex)
+            return
+
+        ns_main, ext = os.path.splitext(ns_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Non-secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(ns_hex):
+            t_self.notify.debug("Non-secure image %s must be regular file" % s_hex)
+            return
+
+        # Keep original non-secure before merge with secure
+        ns_nosecure_hex = ns_main + "_no-secure-merge" + ext
+        t_self.notify.info("Keep no-secure-merge image %s" % ns_nosecure_hex)
+        shutil.copy2(ns_hex, ns_nosecure_hex)
+
+        # Merge secure and non-secure and save to non-secure (override it)
+        from intelhex import IntelHex
+        s_ih = IntelHex()
+        s_ih.loadhex(s_hex)
+        ns_ih = IntelHex()
+        ns_ih.loadhex(ns_hex)
+        ns_ih.start_addr = None
+        s_ih.merge(ns_ih)
+        s_ih.tofile(ns_hex, 'hex')
 
 # End Target specific section
 ###############################################################################