diff --git a/boards/arm/mps2_an521/CMakeLists.txt b/boards/arm/mps2_an521/CMakeLists.txt index d7f2168d782..39913a0915b 100644 --- a/boards/arm/mps2_an521/CMakeLists.txt +++ b/boards/arm/mps2_an521/CMakeLists.txt @@ -1,5 +1,5 @@ # -# Copyright (c) 2019 Linaro Limited +# Copyright (c) 2019,2020 Linaro Limited # # SPDX-License-Identifier: Apache-2.0 # @@ -7,3 +7,82 @@ zephyr_library() zephyr_library_sources(pinmux.c) zephyr_library_include_directories(${ZEPHYR_BASE}/drivers) + +if (CONFIG_BUILD_WITH_TFM) + # Set default image versions if not defined elsewhere + if (NOT DEFINED TFM_IMAGE_VERSION_S) + set(TFM_IMAGE_VERSION_S 0.0.0+0) + endif() + + if (NOT DEFINED TFM_IMAGE_VERSION_NS) + set(TFM_IMAGE_VERSION_NS 0.0.0+0) + endif() + + set(PREPROCESSED_FILE "${CMAKE_BINARY_DIR}/tfm/image_macros_preprocessed") + set(TFM_MCUBOOT_DIR "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot") + + # Configure which format (full or hash) to include the public key in + # the image manifest + set(TFM_PUBLIC_KEY_FORMAT "full") + + # Set srec_cat binary name + find_program(SREC_CAT srec_cat) + if(${SREC_CAT} STREQUAL SREC_CAT-NOTFOUND) + message(FATAL_ERROR "'srec_cat' not found. Please install it, or add it to $PATH.") + endif() + + #Create and sign for concatenated binary image, should align with the TF-M BL2 + set_property(GLOBAL APPEND PROPERTY extra_post_build_commands + + #Sign secure binary image with public key + COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py + ARGS sign + --layout ${PREPROCESSED_FILE}_s.c + -k ${CONFIG_TFM_KEY_FILE_S} + --public-key-format ${TFM_PUBLIC_KEY_FORMAT} + --align 1 + -v ${TFM_IMAGE_VERSION_S} + ${ADD_NS_IMAGE_MIN_VER} + ${ADD_SECURITY_COUNTER_S} + -H 0x400 + ${CMAKE_BINARY_DIR}/tfm/install/outputs/AN521/tfm_s.bin + ${CMAKE_BINARY_DIR}/tfm_s_signed.bin + + #Sign non-secure binary image with public key + COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py + ARGS sign + --layout ${PREPROCESSED_FILE}_ns.c + -k ${CONFIG_TFM_KEY_FILE_NS} + --public-key-format ${TFM_PUBLIC_KEY_FORMAT} + --align 1 + -v ${TFM_IMAGE_VERSION_NS} + ${ADD_S_IMAGE_MIN_VER} + ${ADD_SECURITY_COUNTER_NS} + -H 0x400 + ${CMAKE_BINARY_DIR}/zephyr/zephyr.bin + ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin + + #Create concatenated binary image from the two independently signed binary file + COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/assemble.py + ARGS --layout ${PREPROCESSED_FILE}_s.c + -s ${CMAKE_BINARY_DIR}/tfm_s_signed.bin + -n ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin + -o ${CMAKE_BINARY_DIR}/tfm_sign.bin + + #Copy mcuboot.bin + COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/mcuboot.bin ${CMAKE_BINARY_DIR} + + #Merge mcuboot.bin and tfm_sign.bin for QEMU + COMMAND ${SREC_CAT} + ARGS ${CMAKE_BINARY_DIR}/mcuboot.bin -Binary + ${CMAKE_BINARY_DIR}/tfm_sign.bin -Binary + -offset 0x80000 + -o ${CMAKE_BINARY_DIR}/tfm_qemu.bin -Binary + + #Convert tfm_qemu.bin to .hex with an appropriate offset + COMMAND ${SREC_CAT} + ARGS ${CMAKE_BINARY_DIR}/tfm_qemu.bin -binary + -offset 0x10000000 + -o ${CMAKE_BINARY_DIR}/tfm_qemu.hex -intel --line-length=44 + ) +endif() diff --git a/boards/arm/mps2_an521/board.cmake b/boards/arm/mps2_an521/board.cmake index 6b6180fdc64..f4e9733ffa5 100644 --- a/boards/arm/mps2_an521/board.cmake +++ b/boards/arm/mps2_an521/board.cmake @@ -1,6 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 set(EMU_PLATFORM qemu) +set(TFM_TARGET_PLATFORM "AN521") set(QEMU_CPU_TYPE_${ARCH} cortex-m33) set(QEMU_FLAGS_${ARCH} diff --git a/boards/arm/mps2_an521/doc/index.rst b/boards/arm/mps2_an521/doc/index.rst index c84f7be2d51..bde95407fbf 100644 --- a/boards/arm/mps2_an521/doc/index.rst +++ b/boards/arm/mps2_an521/doc/index.rst @@ -30,7 +30,7 @@ More information about the board can be found at the `MPS2 FPGA Website`_. This board configuration makes no claims about its suitability for use with actual MPS2 hardware systems using AN521, or any other hardware system. It has been tested on actual hardware, but its primary purpose is - for use with QEMU and unit tests. + for use with QEMU and unit tests for the ARM Cortex-M33. Hardware ******** @@ -380,9 +380,10 @@ The process requires five steps: 4. Merge the two binaries together and sign them. 5. Concatenate the bootloader with the signed image blob. -To build tfm as secure image, refer to `Trusted Firmware M Guide`_. -Follow the build steps for AN521 target while replacing the platform with -``-DTARGET_PLATFORM=AN521`` and compiler (if required) with ``-DCOMPILER=GNUARM`` +To build tfm, refer to `Trusted Firmware M Guide`_. Follow the build steps +for the AN521 target while replacing the platform with +``-DTARGET_PLATFORM=AN521`` and the compiler (if required) with +``-DCOMPILER=GNUARM``. Copy over tfm as a library to the Zephyr project source and create a shortcut for the secure veneers and necessary header files. All files are in the install @@ -391,15 +392,15 @@ folder after TF-M has been built. Uploading an application to MPS2+ AN521 --------------------------------------- -Applications can be elf, hex or bin format. The binaries were flashed while -the board boot up, all files were stored in the on-board Micro SD card in -advance. The Motherboard Configuration Controller (MCC) will responsible for -loading the FPGA image and binaries. +Applications can be in elf, hex or bin format. The binaries are flashed when +the board boots up, using files stored on the on-board Micro SD card. The +Motherboard Configuration Controller (MCC) is responsible for loading the FPGA +image and binaries. Connect the MPS2+ to your host computer using the USB port. You should see a USB connection exposing a Mass Storage (``V2M_MPS2`` by default). -The update needs 3 steps: +The update requires 3 steps: 1. Copy application files to ``/SOFTWARE/``. 2. Open ``/MB/HBI0263C/AN521/images.txt``.