mbed-os/tools/psa/README.md

PSA tools

This document describes the following scripts:

• __init__.py
• generate_partition_code.py
• mbed_spm_tfm_common.py
• generate_mbed_spm_partition_code.py
• generate_tfm_partition_code.py
• release.py

__init__.py

This file holds common functions dedicated to help SiP with their postbuild logic.

• find_secure_image - Scans a Resource object to find the correct binary of the secure image to merge with the nonsecure build.

Code generation scripts

Mbed OS holds two implementations of PSA:

• MBED_SPM - Implementation for dual-core v7 targets.
• TF-M - Implementation for v8 targets.

Each implementation requires a set of autogenerated files describing the secure partitions:

• generate_partition_code.py - Generate files for both implementations.
• generate_mbed_spm_partition_code.py - Generate files for MBED_SPM.
• generate_tfm_partition_code.py - Generate files for TF-M.
• mbed_spm_tfm_common.py - Holds common functions for both.

Secure image generation

release.py is the script assigned with compiling the secure images:

usage: release.py [-h] [-m MCU] [-d] [--commit]

optional arguments:
  -h, --help         show this help message and exit
  -m MCU, --mcu MCU  build for the given MCU
  -d, --debug        set build profile to debug
  --commit           create a git commit for each platform

• When MCU is not specified, the script compiles all the images for all the targets.
• When -d/--debug is not specified, the script compiles the images using the release profile.
• When --commit is not specified, the script will not commit the images to git.

This script should be run in following scenarios:

• Release.
• Update to files originating in the secure side.
• Drivers update.
• PSA updates.