mirror of https://github.com/ARMmbed/mbed-os.git
bc7331b96e
To help with the integration of Musca B1 into Mbed OS, python signing scripts and MCUBoot image and RSA private key for Musca A has been updated from latest TF-M (https://git.trustedfirmware.org/trusted-firmware-m.git/commit/?id=6c5be4a98e4d7055ee49076ca4e515fb4b172e66). Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com> |
||
|---|---|---|
| .. | ||
| templates | ||
| tfm | ||
| README.md | ||
| __init__.py | ||
| generate_partition_code.py | ||
| mbed_spm_tfm_common.py | ||
| partition_description_schema.json | ||
| release.py | ||
| spm_template_file_list.json | ||
README.md
PSA tools
Code generation script
Mbed-OS contains two implementations of PSA Firmware Framework:
- Mbed-SPM - Implementation for dual-core v7 targets.
- TF-M - Implementation for v8 targets.
Both PSA Firmware Framework implementation impose the following requirements:
- PSA manifests must be valid according to the JSON schema file provided by PSA FF spec.
- There are no conflicts between various PSA manifests (duplicate SIDs and PIDs, dependencies, etc.)
- Secure partition initialization code to be present at mbed-os core compile time.
To satisfy the requirement listed above, Mbed-OS build system invokes generate_partition_code.py script
during the build process for PSA targets.
PSA code generation step has the following effects:
- Scan the whole source tree for PSA manifest files, including application (in case invoked from application directory) and all the
TESTSdirectories. - All found PSA manifest files get parsed and validated.
- Source and header files for initializing SPM are generated. Test related partitions and SIDs are disabled by default by
#ifndefguards. To enable them following defines must be passed to build command (typically done automatically via release.py):-DUSE_PSA_TEST_PARTITIONS-DUSE_<name>where<name>corresponds to the name in PSA manifest file ("name"property).
Secure image generation
release.py is the script assigned with compiling the default secure images.
For an application with custom secure portions, the secure image should be generated by invoking mbed-cli directly.
Note: when building targets utilizing TF-M PSA implementations, add the following arguments to a build command for the secure image:
--app-config <mbed-os-root>/tools/psa/tfm/mbed_app.json
Usage
usage: release.py [-h] [-m MCU] [-t TC] [-d] [-q] [-l] [--commit]
[--skip-tests] [-x ...]
optional arguments:
-h, --help show this help message and exit
-m MCU, --mcu MCU build for the given MCU
-t TC, --tc TC build for the given tool chain (default is
default_toolchain)
-d, --debug set build profile to debug
-q, --quiet No Build log will be printed
-l, --list Print supported PSA secure targets
--commit create a git commit for each platform
--skip-tests skip the test build phase
-x ..., --extra ... additional build parameters
- The script must be run from the mbed-os folder via
tools/psa/release.py, otherwise the list of available tests will not be accurate and the test partitions will not be properly generated. - When
MCUis not specified, the script compiles all the images for all the targets. - When
-t/--tcis not specified, the script compiles with the default_toolchain speciified in targets.json. - When
-d/--debugis not specified, the script compiles the images using the release profile. - When
--commitis not specified, the script will not commit the images to git and any auto-generated PSA related components and services. - A user can specify additional commands that will be passed on to the build commands (Ex. -D for compilation defines).
This script should be run in following scenarios:
- Release.
- Update to files originating in the secure side.
- Drivers update.
- PSA updates.