1################## 2First Things First 3################## 4 5************ 6Prerequisite 7************ 8Trusted Firmware M provides a reference implementation of platform security 9architecture reference implementation aligning with PSA Certified guidelines. 10It is assumed that the reader is familiar with specifications can be found at 11`Platform Security Architecture Resources <https://developer.arm.com/architectures/security-architectures/platform-security-architecture>`__. 12 13The current TF-M implementation specifically targets TrustZone for ARMv8-M so a 14good understanding of the v8-M architecture is also necessary. A good place to 15get started with ARMv8-M is 16`developer.arm.com <https://developer.arm.com/architectures/cpu-architecture/m-profile>`__. 17 18************************** 19Build and run instructions 20************************** 21Trusted Firmware M source code is available on 22`git.trustedfirmware.org <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/>`__. 23 24To build & run TF-M: 25 26 - Follow the this guide to set up and check your environment. 27 - Follow the 28 :doc:`Build instructions </building/tfm_build_instruction>` 29 to compile and build the TF-M source. 30 - Follow the :doc:`Run TF-M examples on Arm platforms </building/run_tfm_examples_on_arm_platforms>` 31 for information on running the example. 32 33To port TF-M to a another system or OS, follow the 34:doc:`OS Integration Guide </integration_guide/index>` 35 36:doc:`Contributing Guidelines </contributing/contributing_process>` contains guidance on how to 37contribute to this project. 38 39######################### 40Set up build environments 41######################### 42 43TF-M officially supports a limited set of build environments and setups. In 44this context, official support means that the environments listed below 45are actively used by team members and active developers, hence users should 46be able to recreate the same configurations by following the instructions 47described below. In case of problems, the TF-M team provides support 48only for these environments, but building in other environments can still be 49possible. 50 51The following environments are supported: 52 53.. tabs:: 54 55 .. group-tab:: Linux 56 57 1. version supported: 58 59 Ubuntu 18.04 x64+ 60 61 2. install dependencies: 62 63 .. code-block:: bash 64 65 sudo apt-get install -y git curl wget build-essential libssl-dev python3 \ 66 python3-pip cmake make 67 68 3. verify cmake version: 69 70 .. code-block:: bash 71 72 cmake --version 73 74 .. note:: 75 76 Please download cmake 3.15 or later version from https://cmake.org/download/. 77 78 4. add CMake path into environment: 79 80 .. code-block:: bash 81 82 export PATH=<CMake path>/bin:$PATH 83 84 .. group-tab:: Windows 85 86 1. version supported: 87 88 Windows 10 x64 89 90 2. install dependecies: 91 92 - Git client latest version (https://git-scm.com/download/win) 93 - CMake (`native Windows version <https://cmake.org/download/>`__) 94 - GNU make (http://gnuwin32.sourceforge.net/packages/make.htm) 95 - Python3 `(native Windows version) <https://www.python.org/downloads/>`__ and 96 the pip package manager (from Python 3.4 it's included) 97 98 3. add CMake path into environment: 99 100 .. code-block:: bash 101 102 set PATH=<CMake_Path>\bin;%PATH% 103 104########################### 105Install python dependencies 106########################### 107 108Clone the TF-M source code, and then install the TF-M's additional Python 109dependencies. 110 111.. tabs:: 112 113 .. group-tab:: Linux 114 115 1. get the TF-M source code: 116 117 .. code-block:: bash 118 119 cd <base folder> 120 git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git 121 122 2. TF-M's ``tools/requirements.txt`` file declares additional Python 123 dependencies. Install them with ``pip3``: 124 125 .. code-block:: bash 126 127 pip3 install --upgrade pip 128 cd trusted-firmware-m 129 pip3 install -r tools/requirements.txt 130 131 .. group-tab:: Windows 132 133 1. get the TF-M source code: 134 135 .. code-block:: bash 136 137 cd <base folder> 138 git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git 139 140 2. TF-M's ``tools/requirements.txt`` file declares additional Python 141 dependencies. Install them with ``pip3``: 142 143 .. code-block:: bash 144 145 cd trusted-firmware-m 146 pip3 install -r tools\requirements.txt 147 148################### 149Install a toolchain 150################### 151 152To compile TF-M code, at least one of the supported compiler toolchains have to 153be available in the build environment. The currently supported compiler 154versions are: 155 156 - Arm Compiler v6.10.1 ~ v6.14, v6.18+ 157 158 .. tabs:: 159 160 .. group-tab:: Linux 161 162 - Download the standalone packages from `here <https://developer.arm.com/products/software-development-tools/compilers/arm-compiler/downloads/version-6>`__. 163 - Add Arm Compiler into environment: 164 165 .. code-block:: bash 166 167 export PATH=<ARM_CLANG_PATH>/bin:$PATH 168 export ARM_PRODUCT_PATH=<ARM_CLANG_PATH>/sw/mappings 169 170 - Configure proper tool variant and license. 171 172 .. group-tab:: Windows 173 174 - Download the standalone packages from `here <https://developer.arm.com/products/software-development-tools/compilers/arm-compiler/downloads/version-6>`__. 175 - Add Arm Compiler into environment: 176 177 .. code-block:: bash 178 179 set PATH=<ARM_CLANG_PATH>\bin;%PATH% 180 set ARM_PRODUCT_PATH=<ARM_CLANG_PATH>\sw\mappings 181 182 - Configure proper tool variant and license. 183 184 .. note:: 185 186 Arm compiler v6.15 ~ v6.17 may cause MemManage fault. 187 This defect has been fixed since Arm compiler v6.18. 188 See [SDCOMP-59788] in Armclang v6.18 `release note`__ for details. 189 190 .. __: https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/Arm%20Compiler%20for%20Embedded/6-18/Release%20notes%20for%20Arm%20Compiler%20for%20Embedded%206.pdf 191 192 - GNU Arm compiler v7.3.1+ 193 194 .. tabs:: 195 196 .. group-tab:: Linux 197 198 - Download the GNU Arm compiler from `here <https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads>`__. 199 - Add GNU Arm into environment: 200 201 .. code-block:: bash 202 203 export PATH=<GNU_ARM_PATH>/bin:$PATH 204 205 .. group-tab:: Windows 206 207 - Download the GNU Arm compiler from `here <https://developer.arm.com/open-source/gnu-toolchain/gnu-rm/downloads>`__. 208 - Add GNU Arm into environment: 209 210 .. code-block:: bash 211 212 set PATH=<GNU_ARM_PATH>\bin;%PATH% 213 214 .. note:: 215 216 GNU Arm compiler version *10-2020-q4-major* has an issue in CMSE 217 support. The bug is reported in `here <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157>`__. 218 Select other GNU Arm compiler versions instead. 219 220 - IAR Arm compiler v8.42.x, v8.50.x 221 222 .. tabs:: 223 224 .. group-tab:: Linux 225 226 - Download IAR build tools from `here <https://www.iar.com/iar-embedded-workbench/build-tools-for-linux/>`__. 227 - Add IAR Arm compiler into environment: 228 229 .. code-block:: bash 230 231 export PATH=<IAR_COMPILER_PATH>/bin:$PATH 232 233 .. group-tab:: Windows 234 235 - Download IAR build tools from `here <https://www.iar.com/iar-embedded-workbench/#!?architecture=Arm>`__. 236 - Add IAR Arm compiler into environment: 237 238 .. code-block:: bash 239 240 set PATH=<IAR_COMPILER_PATH>\bin;%PATH% 241 242############################# 243Build AN521 regression sample 244############################# 245 246Here, we take building TF-M for AN521 platform with regression tests using GCC 247as an example: 248 249.. tabs:: 250 251 .. group-tab:: Linux 252 253 .. code-block:: bash 254 255 cd trusted-firmware-m 256 cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug -DTEST_S=ON -DTEST_NS=ON 257 cmake --build cmake_build -- install 258 259 Alternately using traditional cmake syntax 260 261 .. code-block:: bash 262 263 cd trusted-firmware-m 264 mkdir cmake_build 265 cd cmake_build 266 cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -DTEST_S=ON -DTEST_NS=ON 267 make install 268 269 .. group-tab:: Windows 270 271 .. code-block:: bash 272 273 cd trusted-firmware-m 274 cmake -G"Unix Makefiles" -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug -DTEST_S=ON -DTEST_NS=ON 275 cmake --build cmake_build -- install 276 277 Alternately using traditional cmake syntax 278 279 .. code-block:: bash 280 281 cd trusted-firmware-m 282 mkdir cmake_build 283 cd cmake_build 284 cmake -G"Unix Makefiles" .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -DTEST_S=ON -DTEST_NS=ON 285 make install 286 287 288 .. note:: 289 The latest Windows support long paths, but if you are less lucky 290 then you can reduce paths by moving the build directory closer to 291 the root, using the 'out of tree' build. 292 For example to build in ``C:\build`` folder you can: 293 294 .. code-block:: bash 295 296 cd trusted-firmware-m 297 cmake -G"Unix Makefiles" -S . -B C:/build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug -DTEST_S=ON -DTEST_NS=ON 298 cmake --build C:/build -- install 299 300 301########################### 302Run AN521 regression sample 303########################### 304 305Run the sample code on SSE-200 Fast-Model, using FVP_MPS2_AEMv8M provided by 306Arm Development Studio. 307 308.. note:: 309 310 Arm Development Studio is not essential to develop TF-M, you can skip this 311 section if don't want to try on Arm develop boards. 312 313.. tabs:: 314 315 .. group-tab:: Linux 316 317 1. install Arm Development Studio to get the fast-model. 318 319 Download Arm Development Studio from `here <https://developer.arm.com/tools-and-software/embedded/arm-development-studio>`__. 320 321 2. Add ``bl2.axf`` and ``tfm_s_ns_signed.bin`` to symbol files in Debug 322 Configuration menu. 323 324 .. code-block:: bash 325 326 <DS_PATH>/sw/models/bin/FVP_MPS2_AEMv8M \ 327 --parameter fvp_mps2.platform_type=2 \ 328 --parameter cpu0.baseline=0 \ 329 --parameter cpu0.INITVTOR_S=0x10000000 \ 330 --parameter cpu0.semihosting-enable=0 \ 331 --parameter fvp_mps2.DISABLE_GATING=0 \ 332 --parameter fvp_mps2.telnetterminal0.start_telnet=1 \ 333 --parameter fvp_mps2.telnetterminal1.start_telnet=0 \ 334 --parameter fvp_mps2.telnetterminal2.start_telnet=0 \ 335 --parameter fvp_mps2.telnetterminal0.quiet=0 \ 336 --parameter fvp_mps2.telnetterminal1.quiet=1 \ 337 --parameter fvp_mps2.telnetterminal2.quiet=1 \ 338 --application cpu0=<build_dir>/bin/bl2.axf \ 339 --data cpu0=<build_dir>/bin/tfm_s_ns_signed.bin@0x10080000 340 341 .. group-tab:: Windows 342 343 1. install Arm Development Studio to get the fast-model. 344 345 Download Arm Development Studio from `here <https://developer.arm.com/tools-and-software/embedded/arm-development-studio>`__. 346 347 2. Add ``bl2.axf`` and ``tfm_s_ns_signed.bin`` to symbol files in Debug 348 Configuration menu. 349 350 .. code-block:: bash 351 352 <DS_PATH>\sw\models\bin\FVP_MPS2_AEMv8M \ 353 --parameter fvp_mps2.platform_type=2 \ 354 --parameter cpu0.baseline=0 \ 355 --parameter cpu0.INITVTOR_S=0x10000000 \ 356 --parameter cpu0.semihosting-enable=0 \ 357 --parameter fvp_mps2.DISABLE_GATING=0 \ 358 --parameter fvp_mps2.telnetterminal0.start_telnet=1 \ 359 --parameter fvp_mps2.telnetterminal1.start_telnet=0 \ 360 --parameter fvp_mps2.telnetterminal2.start_telnet=0 \ 361 --parameter fvp_mps2.telnetterminal0.quiet=0 \ 362 --parameter fvp_mps2.telnetterminal1.quiet=1 \ 363 --parameter fvp_mps2.telnetterminal2.quiet=1 \ 364 --application cpu0=<build_dir>/bin/bl2.axf \ 365 --data cpu0=<build_dir>/bin/tfm_s_ns_signed.bin@0x10080000 366 367After completing the procedure you should see the following messages on the 368DAPLink UART (baud 115200 8n1):: 369 370 [INF] Starting bootloader 371 [INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff 372 [INF] Scratch: magic=bad, copy_done=0x5, image_ok=0x9 373 [INF] Boot source: primary slot 374 [INF] Swap type: none 375 [INF] Bootloader chainload address offset: 0x20000 376 [INF] Jumping to the first image slot 377 [Sec Thread] Secure image initializing! 378 379 #### Execute test suites for the protected storage service #### 380 Running Test Suite PS secure interface tests (TFM_PS_TEST_2XXX)... 381 > Executing 'TFM_PS_TEST_2001' 382 Description: 'Create interface' 383 TEST PASSED! 384 > Executing 'TFM_PS_TEST_2002' 385 Description: 'Get handle interface (DEPRECATED)' 386 This test is DEPRECATED and the test execution was SKIPPED 387 TEST PASSED! 388 > Executing 'TFM_PS_TEST_2003' 389 Description: 'Get handle with null handle pointer (DEPRECATED)' 390 This test is DEPRECATED and the test execution was SKIPPED 391 TEST PASSED! 392 > Executing 'TFM_PS_TEST_2004' 393 Description: 'Get attributes interface' 394 TEST PASSED! 395 > Executing 'TFM_PS_TEST_2005' 396 Description: 'Get attributes with null attributes struct pointer' 397 .... 398 399########################## 400Tool & Dependency overview 401########################## 402 403To build the TF-M firmware the following tools are needed: 404 405 - C compiler of supported toolchains 406 - CMake version 3.15 or later 407 - Git 408 - gmake, aka GNU Make 409 - Python v3.x 410 - a set of python modules listed in ``tools/requiremtns.txt`` 411 412**************** 413Dependency chain 414**************** 415 416.. uml:: 417 418 @startuml 419 skinparam state { 420 BackgroundColor #92AEE0 421 FontColor black 422 FontSize 16 423 AttributeFontColor black 424 AttributeFontSize 16 425 } 426 state fw as "Firmware" : TF-M binary 427 state c_comp as "C Compiler" : C99 428 state python as "Python" : v3.x 429 430 fw --> c_comp 431 fw --> CMake 432 CMake --> gmake 433 CMake --> Ninja 434 fw --> cryptography 435 fw --> pyasn1 436 fw --> yaml 437 fw --> jinja2 438 fw --> cbor2 439 fw --> click 440 fw --> imgtool 441 c_comp --> GCC 442 c_comp --> CLANG 443 c_comp --> IAR 444 cryptography --> python 445 pyasn1 --> python 446 yaml --> python 447 jinja2 --> python 448 cbor2 --> python 449 click --> python 450 imgtool --> python 451 kconfiglib --> python 452 @enduml 453 454.. rubric:: Next steps 455 456Here are some next steps for exploring TF-M: 457 458 - Detailed :doc:`Build instructions </building/tfm_build_instruction>`. 459 - :doc:`IAR Build instructions </building/tfm_build_instruction_iar>`. 460 - Try other :doc:`Samples and Demos </building/run_tfm_examples_on_arm_platforms>`. 461 - :doc:`Documentation generation </building/documentation_generation>`. 462 463-------------- 464 465*Copyright (c) 2017-2022, Arm Limited. All rights reserved.* 466
