Merge pull request #11288 from OpenNuvoton/nuvoton_m2351_comb-sec-nonsec

M2351: Enhance secure/non-secure image build flow for non-PSA target
2019-09-17 12:18:16 +02:00 · 2019-09-17 12:18:16 +02:00 · ffbd92c5a9
parent 50b75295c0 0ed126ba79
commit ffbd92c5a9
8 changed files with 1907 additions and 1812 deletions
--- a/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/LICENSE
+++ b/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/LICENSE
--- a/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/NuMaker-mbed-TZ-secure-example.hex
+++ b/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/NuMaker-mbed-TZ-secure-example.hex
--- a/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/README.md
+++ b/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/README.md
@ -1,13 +1,11 @@
-# Default secure code for M2351
-
-The M2351 is a TrustZone target that requires two codes: secure and nonsecure. Secure code runs first to set up the secure environment and then brings up the nonsecure code. `NuMaker-mbed-TZ-secure-example.hex` is the default secure code, and `cmse_lib.o` is its accompanying
-secure gateway library, which exports secure functions to nonsecure code. It is built from the [secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example). Because secure and nonsecure code may start at an address other than `0x0`, we have chosen `.hex` rather than `.bin` as the output format.
+The M2351 is a TrustZone target that requires two codes: secure and nonsecure. Secure code runs first to set up the secure environment and then brings up the nonsecure code. `NuMaker-mbed-TZ-secure-example.hex` is the pre-built secure image, and `cmse_lib.o` is its accompanying
+secure gateway library, which exports secure functions to nonsecure code. It is built from the [non-PSA secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example). Because secure and nonsecure code may start at an address other than `0x0`, we have chosen `.hex` rather than `.bin` as the output format.

 ## Hardware partition

-On TrustZone targets, you need to partition the hardware first for secure code to run on secure worlds and nonsecure code to run on nonsecure worlds.
+On TrustZone targets, you need to partition the hardware first for secure code to run on secure world and nonsecure code to run on nonsecure world.

-The default secure code has the following hardware partition:
+The pre-built secure code has the following hardware partition:

 - Flash (512KiB in total): 256KiB for secure and 256KiB for nonsecure.
 - SRAM (96KiB in total): 32KiB for secure and 64KiB for nonsecure.
@ -21,10 +19,13 @@ The default secure code has the following hardware partition:
    - **PDMA0** hardwired to secure. Implements secure asynchronous transfer.
    - **PDMA1** configured to nonsecure. Implements nonsecure asynchronous transfer.

-## Flash secure and nonsecure code
+## Pre-built secure code files

-To flash secure and nonsecure code on the M2351, drag-and-drop `NuMaker-mbed-TZ-secure-example.hex` first, and then build the user program, for example, [mbed-os-example-blinky.hex](https://github.com/ARMmbed/mbed-os-example-blinky).
+-   NuMaker-mbed-TZ-secure-example.hex
+    Pre-built secure image generated in non-PSA secure target build and to combine with non-secure image in non-PSA non-secure target post-build
+-   cmse_lib.o
+    Pre-built secure gateway library generated in non-PSA secure target build and to link with non-secure code in non-PSA non-secure target build

 ## Reference

-Please refer to the [secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example) for details.
+Please refer to the [non-PSA secure code template](https://github.com/OpenNuvoton/NuMaker-mbed-TZ-secure-example) for details.
--- a/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/cmse_lib.o
+++ b/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE/cmse_lib.o
--- a/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_NUMAKER_PFM_M2351/TARGET_M23_NS/NuMaker-mbed-TZ-secure-example.hex
+++ b/targets/TARGET_NUVOTON/TARGET_M2351/TARGET_NUMAKER_PFM_M2351/TARGET_M23_NS/NuMaker-mbed-TZ-secure-example.hex
--- a/targets/targets.json
+++ b/targets/targets.json
@ -8669,8 +8669,7 @@
        "macros_add": ["CMSDK_CM7"],
        "device_has_add": ["MPU"]
    },
-    "NUMAKER_PFM_M2351": {
-        "core": "Cortex-M23-NS",
+    "NU_PFM_M2351_CM": {
        "default_toolchain": "ARMC6",
        "extra_labels": [
            "NUVOTON",
@ -8684,7 +8683,6 @@
            "MBED_TZ_DEFAULT_ACCESS=1",
            "LPTICKER_DELAY_TICKS=4"
        ],
-        "trustzone": true,
        "is_disk_virtual": true,
        "supported_toolchains": ["ARMC6"],
        "config": {
@ -8707,6 +8705,7 @@
        },
        "overrides": {
            "deep-sleep-latency": 1,
+            "tickless-from-us-ticker": true,
            "mpu-rom-end": "0x1fffffff"
        },
        "inherits": ["Target"],
@ -8736,17 +8735,48 @@
            "FLASH",
            "MPU"
        ],
-        "components_add": ["FLASHIAP"],
        "detect_code": ["1305"],
        "release_versions": ["5"],
        "device_name": "M2351KIAAEES",
        "bootloader_supported": true,
        "tickless-from-us-ticker": true,
        "forced_reset_timeout": 3,
-        "mbed_rom_start"    : "0x10040000",
-        "mbed_rom_size"     : "0x40000",
-        "mbed_ram_start"    : "0x30008000",
-        "mbed_ram_size"     : "0x10000"
+        "public": false
+    },
+    "NU_PFM_M2351_NPSA_NS": {
+        "inherits": ["NU_PFM_M2351_CM"],
+        "core": "Cortex-M23-NS",
+        "trustzone": true,
+        "extra_labels_add": [
+            "M23_NS",
+            "NU_PREBUILD_SECURE"
+        ],
+        "macros_add": [
+            "MBED_TZ_DEFAULT_ACCESS=1"
+        ],
+        "components_add": ["FLASHIAP"],
+        "post_binary_hook": {"function": "M2351Code.merge_secure"},
+        "secure_image_filename": "NuMaker-mbed-TZ-secure-example.hex",
+        "mbed_rom_start"        : "0x10040000",
+        "mbed_rom_size"         : "0x40000",
+        "mbed_ram_start"        : "0x30008000",
+        "mbed_ram_size"         : "0x10000"
+    },
+    "NU_PFM_M2351_NPSA_S": {
+        "inherits": ["NU_PFM_M2351_CM"],
+        "core": "Cortex-M23",
+        "trustzone": true,
+        "extra_labels_add": [
+            "M23_S"
+        ],
+        "device_has_remove": ["TRNG"],
+        "components_add": ["FLASHIAP"],
+        "deliver_to_target": "NU_PFM_M2351_NPSA_NS",
+        "delivery_dir": "TARGET_NUVOTON/TARGET_M2351/TARGET_M23_NS/TARGET_NU_PFM_M2351_NPSA_NS/TARGET_NU_PREBUILD_SECURE",
+        "mbed_rom_start"        : "0x0",
+        "mbed_rom_size"         : "0x40000",
+        "mbed_ram_start"        : "0x20000000",
+        "mbed_ram_size"         : "0x8000"
    },
    "TMPM3H6": {
        "inherits": ["Target"],
--- a/tools/export/uvision/init.py
+++ b/tools/export/uvision/init.py
@ -139,7 +139,8 @@ class Uvision(Exporter):
        "MTSCode.combine_bins_mts_dot",
        "MTSCode.combine_bins_mts_dragonfly",
        "NCS36510TargetCode.ncs36510_addfib",
-        "LPC55S69Code.binary_hook"
+        "LPC55S69Code.binary_hook",
+        "M2351Code.merge_secure"
    ])

    # File associations within .uvprojx file
--- a/tools/targets/init.py
+++ b/tools/targets/init.py
@ -725,6 +725,54 @@ class LPC55S69Code:
        )
        lpc55s69_complete(t_self, binf, secure_bin)

+class M2351Code:
+    """M2351 Hooks"""
+    @staticmethod
+    def merge_secure(t_self, resources, ns_elf, ns_hex):
+        t_self.notify.info("Merging non-secure image with secure image")
+        configured_secure_image_filename = t_self.target.secure_image_filename
+        t_self.notify.info("Non-secure elf image %s" % ns_elf)
+        t_self.notify.info("Non-secure hex image %s" % ns_hex)
+        t_self.notify.info("Finding secure image %s" % configured_secure_image_filename)
+        s_hex = find_secure_image(
+            t_self.notify,
+            resources,
+            ns_hex,
+            configured_secure_image_filename,
+            FileType.HEX
+        )
+        t_self.notify.info("Found secure image %s" % s_hex)
+
+        _, ext = os.path.splitext(s_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(s_hex):
+            t_self.notify.debug("Secure image %s must be regular file" % s_hex)
+            return
+
+        ns_main, ext = os.path.splitext(ns_hex)
+        if ext != ".hex":
+            t_self.notify.debug("Non-secure image %s must be in Intel HEX format" % s_hex)
+            return
+        if not os.path.isfile(ns_hex):
+            t_self.notify.debug("Non-secure image %s must be regular file" % s_hex)
+            return
+
+        # Keep original non-secure before merge with secure
+        ns_nosecure_hex = ns_main + "_no-secure-merge" + ext
+        t_self.notify.info("Keep no-secure-merge image %s" % ns_nosecure_hex)
+        shutil.copy2(ns_hex, ns_nosecure_hex)
+
+        # Merge secure and non-secure and save to non-secure (override it)
+        from intelhex import IntelHex
+        s_ih = IntelHex()
+        s_ih.loadhex(s_hex)
+        ns_ih = IntelHex()
+        ns_ih.loadhex(ns_hex)
+        ns_ih.start_addr = None
+        s_ih.merge(ns_ih)
+        s_ih.tofile(ns_hex, 'hex')

 # End Target specific section
 ###############################################################################