1#-------------------------------------------------------------------------------
2# Copyright (c) 2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8
9find_package(Python3)
10
11add_executable(provisioning_bundle)
12
13if(${TFM_DUMMY_PROVISIONING})
14    include(${CMAKE_SOURCE_DIR}/platform/ext/target/arm/mps3/common/provisioning/provisioning_config.cmake)
15else()
16    include("${PROVISIONING_KEYS_CONFIG}" OPTIONAL RESULT_VARIABLE PROVISIONING_KEYS_CONFIG_PATH)
17    if(NOT PROVISIONING_KEYS_CONFIG_PATH)
18        message(WARNING "The PROVISIONING_KEYS_CONFIG is not set. If the keys are not passed via the command line then \
19                        random numbers will be used for HUK/IAK etc. \
20                        To create and use a PROVISIONING_KEYS_CONFIG file, \
21                        see the example in: tf-m/platform/ext/target/arm/mps3/common/provisioning/provisioning_config.cmake")
22    endif()
23endif()
24
25set_target_properties(provisioning_bundle
26    PROPERTIES
27        SUFFIX ".axf"
28        RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin"
29)
30
31target_add_scatter_file(provisioning_bundle
32    $<$<C_COMPILER_ID:ARMClang>:${CMAKE_CURRENT_SOURCE_DIR}/provisioning_bundle.sct>
33    $<$<C_COMPILER_ID:GNU>:${CMAKE_CURRENT_SOURCE_DIR}/provisioning_bundle.ld>
34    $<$<C_COMPILER_ID:IAR>:${CMAKE_CURRENT_SOURCE_DIR}/provisioning_bundle.icf>
35)
36
37target_link_options(provisioning_bundle
38    PRIVATE
39        $<$<C_COMPILER_ID:GNU>:-Wl,-Map=${CMAKE_BINARY_DIR}/bin/provisioning_bundle.map>
40        $<$<C_COMPILER_ID:ARMClang>:--map>
41        $<$<C_COMPILER_ID:IAR>:--map\;${CMAKE_BINARY_DIR}/bin/provisioning_bundle.map>
42)
43
44target_link_options(provisioning_bundle
45    PRIVATE
46        --entry=do_provision
47)
48
49target_sources(provisioning_bundle
50    PRIVATE
51        ./provisioning_code.c
52        ./provisioning_data.c
53        $<$<BOOL:${CONFIG_GNU_SYSCALL_STUB_ENABLED}>:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c>
54)
55
56target_include_directories(provisioning_bundle
57    PRIVATE
58        .
59)
60
61target_link_libraries(provisioning_bundle
62    platform_s
63    psa_interface
64)
65
66target_compile_definitions(provisioning_bundle
67    PRIVATE
68        $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
69        $<$<BOOL:${PLATFORM_DEFAULT_OTP}>:PLATFORM_DEFAULT_OTP>
70        $<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
71        $<$<BOOL:${TFM_DUMMY_PROVISIONING}>:TFM_DUMMY_PROVISIONING>
72        $<$<BOOL:${PLATFORM_DEFAULT_NV_COUNTERS}>:PLATFORM_DEFAULT_NV_COUNTERS>
73        $<$<BOOL:${PLATFORM_DEFAULT_OTP_WRITEABLE}>:OTP_WRITEABLE>
74)
75
76add_custom_target(encrypted_provisioning_bundle
77    ALL
78    SOURCES encrypted_provisioning_bundle.bin
79)
80
81add_custom_command(OUTPUT encrypted_provisioning_bundle.bin
82    DEPENDS $<TARGET_FILE_DIR:provisioning_bundle>/provisioning_bundle.axf
83    DEPENDS provisioning_bundle
84    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/create_provisioning_bundle.py
85    COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/create_provisioning_bundle.py
86                    --provisioning_bundle_axf ${CMAKE_BINARY_DIR}/bin/provisioning_bundle.axf
87                    --bundle_output_file encrypted_provisioning_bundle.bin
88                    --code_pad_size ${PROVISIONING_CODE_PADDED_SIZE}
89                    --data_pad_size ${PROVISIONING_DATA_PADDED_SIZE}
90                    --values_pad_size ${PROVISIONING_VALUES_PADDED_SIZE}
91                    --magic "0xC0DEFEED"
92    COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/encrypted_provisioning_bundle.bin ${CMAKE_BINARY_DIR}/bin/encrypted_provisioning_bundle.bin
93)
94
95target_sources(platform_s
96    PRIVATE
97        ./runtime_stub_provisioning.c
98)
99
100target_sources(platform_bl2
101    PRIVATE
102        ./bl2_provisioning.c
103)
104
105target_include_directories(platform_bl2
106    INTERFACE
107        .
108)
109
110add_custom_target(provisioning_data
111    SOURCES
112        provisioning_data.c
113)
114
115add_custom_command(OUTPUT provisioning_data.c
116    DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,${MCUBOOT_KEY_S}>
117    DEPENDS $<IF:$<BOOL:${MCUBOOT_GENERATE_SIGNING_KEYPAIR}>,generated_private_key,${MCUBOOT_KEY_NS}>
118    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/provisioning_data_template.jinja2
119    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/create_provisioning_data.py
120    WORKING_DIRECTORY ${MCUBOOT_PATH}/scripts
121    COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/create_provisioning_data.py
122        ${CMAKE_CURRENT_BINARY_DIR}/provisioning_data.c
123        --bl2_rot_priv_key_0=${MCUBOOT_KEY_S}
124        --bl2_rot_priv_key_1=${MCUBOOT_KEY_NS}
125        --template_path=${CMAKE_CURRENT_SOURCE_DIR}
126        --secure_debug_pk=${SECURE_DEBUG_PK}
127        --huk=${HUK}
128        --iak=${IAK}
129        --boot_seed=${BOOT_SEED}
130        --implementation_id=${IMPLEMENTATION_ID}
131        --certification_reference=${CERTIFICATION_REFERENCE}
132        --verification_service_url=${VERIFICATION_SERVICE_URL}
133        --entropy_seed=${ENTROPY_SEED}
134
135)
136