1#------------------------------------------------------------------------------- 2# Copyright (c) 2020-2023, Arm Limited. All rights reserved. 3# 4# SPDX-License-Identifier: BSD-3-Clause 5# 6#------------------------------------------------------------------------------- 7 8if (NOT TFM_PARTITION_CRYPTO) 9 return() 10endif() 11 12find_package(Python3) 13 14cmake_minimum_required(VERSION 3.15) 15cmake_policy(SET CMP0079 NEW) 16 17add_library(tfm_psa_rot_partition_crypto STATIC) 18 19add_dependencies(tfm_psa_rot_partition_crypto manifest_tool) 20 21target_sources(tfm_psa_rot_partition_crypto 22 PRIVATE 23 crypto_init.c 24 crypto_alloc.c 25 crypto_cipher.c 26 crypto_hash.c 27 crypto_mac.c 28 crypto_aead.c 29 crypto_asymmetric.c 30 crypto_key_derivation.c 31 crypto_key_management.c 32 crypto_rng.c 33 crypto_library.c 34 $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:psa_driver_api/tfm_builtin_key_loader.c> 35) 36 37# The generated sources 38target_sources(tfm_psa_rot_partition_crypto 39 PRIVATE 40 ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c 41) 42target_sources(tfm_partitions 43 INTERFACE 44 ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c 45) 46 47# Set include directory 48target_include_directories(tfm_psa_rot_partition_crypto 49 PRIVATE 50 $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}> 51 ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto 52) 53target_include_directories(tfm_partitions 54 INTERFACE 55 ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto 56) 57 58# Linking to external interfaces 59target_link_libraries(tfm_psa_rot_partition_crypto 60 PRIVATE 61 platform_s 62 crypto_service_mbedcrypto 63 tfm_config 64 tfm_sprt 65) 66target_compile_definitions(tfm_psa_rot_partition_crypto 67 PUBLIC 68 MBEDTLS_PSA_CRYPTO_DRIVERS 69 $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY> 70 PRIVATE 71 $<$<STREQUAL:${CRYPTO_HW_ACCELERATOR_TYPE},cc312>:CRYPTO_HW_ACCELERATOR_CC312> 72 MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 73) 74 75############################ Partition Defs #################################### 76 77target_link_libraries(tfm_partitions 78 INTERFACE 79 tfm_psa_rot_partition_crypto 80) 81 82target_compile_definitions(tfm_config 83 INTERFACE 84 TFM_PARTITION_CRYPTO 85) 86 87target_link_libraries(tfm_config 88 INTERFACE 89 psa_crypto_config 90) 91 92############################### PSA CRYPTO CONFIG ############################## 93add_library(psa_crypto_config INTERFACE) 94target_compile_definitions(psa_crypto_config 95 INTERFACE 96 MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}" 97) 98 99############################### MBEDCRYPTO ##################################### 100 101add_library(crypto_service_mbedcrypto_config INTERFACE) 102 103target_compile_definitions(crypto_service_mbedcrypto_config 104 INTERFACE 105 MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}" 106 $<$<BOOL:${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}>:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}"> 107 PSA_CRYPTO_SECURE 108 # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077 109 $<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7> 110 $<$<BOOL:${PLATFORM_DEFAULT_NV_SEED}>:PLATFORM_DEFAULT_NV_SEED> 111 $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS> 112 MBEDTLS_PSA_CRYPTO_DRIVERS 113 $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER> 114) 115 116target_link_libraries(crypto_service_mbedcrypto_config 117 INTERFACE 118 tfm_config 119 psa_crypto_config 120) 121 122cmake_policy(SET CMP0079 NEW) 123 124set(CMAKE_POLICY_DEFAULT_CMP0077 NEW) 125set(CMAKE_POLICY_DEFAULT_CMP0048 NEW) 126set(ENABLE_TESTING OFF) 127set(ENABLE_PROGRAMS OFF) 128set(MBEDTLS_FATAL_WARNINGS OFF) 129set(ENABLE_DOCS OFF) 130set(INSTALL_MBEDTLS_HEADERS OFF) 131set(LIB_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto/install) 132set(GEN_FILES OFF) 133 134# Set the prefix to be used by mbedTLS targets 135set(MBEDTLS_TARGET_PREFIX crypto_service_) 136# CMake should be aware of the config files being used 137# FixMe: comment these until the config files are cleaned up to be self-contained 138#set(MBEDTLS_PSA_CRYPTO_CONFIG_FILE "${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}") 139#set(MBEDTLS_CONFIG_FILE "${TFM_MBEDCRYPTO_CONFIG_PATH}") 140 141# Check if the p256m driver is enabled in the config file, as that will require a 142# dedicated target to be linked in. Note that 0 means SUCCESS here, 1 means FAILURE 143set(MBEDTLS_P256M_NOT_FOUND 1) 144execute_process(COMMAND 145 ${Python3_EXECUTABLE} 146 ${MBEDCRYPTO_PATH}/scripts/config.py -f "${TFM_MBEDCRYPTO_CONFIG_PATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED 147 RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND) 148 149if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0) 150 message(STATUS "[Crypto service] Using P256M software driver in PSA Crypto backend") 151 set(MBEDTLS_P256M_ENABLED true) 152else() 153 set(MBEDTLS_P256M_ENABLED false) 154endif() 155 156# Mbedcrypto is quite a large lib, and it uses too much memory for it to be 157# reasonable to build it in debug info. As a compromise, if `debug` build type 158# is selected mbedcrypto will build under `relwithdebinfo` which preserved debug 159# symbols whild optimizing space. 160set(SAVED_BUILD_TYPE ${CMAKE_BUILD_TYPE}) 161set(CMAKE_BUILD_TYPE ${MBEDCRYPTO_BUILD_TYPE}) 162add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto EXCLUDE_FROM_ALL) 163set(CMAKE_BUILD_TYPE ${SAVED_BUILD_TYPE} CACHE STRING "Build type: [Debug, Release, RelWithDebInfo, MinSizeRel]" FORCE) 164 165if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto) 166 message(FATAL_ERROR "[Crypto service] Target ${MBEDTLS_TARGET_PREFIX}mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ? 167 Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`") 168endif() 169 170target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto 171 PUBLIC 172 ${CMAKE_CURRENT_SOURCE_DIR} 173 ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api 174) 175 176# Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking 177set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3) 178 179target_sources(${MBEDTLS_TARGET_PREFIX}mbedcrypto 180 PRIVATE 181 $<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_mbedcrypto_alt.c> 182) 183 184target_compile_options(${MBEDTLS_TARGET_PREFIX}mbedcrypto 185 PRIVATE 186 $<$<C_COMPILER_ID:GNU>:-Wno-unused-const-variable> 187 $<$<C_COMPILER_ID:GNU>:-Wno-unused-parameter> 188 $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-const-variable> 189 $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-parameter> 190) 191 192target_compile_definitions(${MBEDTLS_TARGET_PREFIX}mbedcrypto 193 PRIVATE 194 MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 195) 196 197# FixMe: The p256m CmakeLists.txt in version 3.5.0 has an issue with target 198# names and for this reason we need to force those defines at this stage 199target_compile_definitions(${MBEDTLS_TARGET_PREFIX}p256m 200 PRIVATE 201 MBEDTLS_PSA_P256M_DRIVER_ENABLED 202 MBEDTLS_PSA_CRYPTO_SPM 203) 204 205# The crypto_spe.h to be passed to p256m is here 206target_include_directories(${MBEDTLS_TARGET_PREFIX}p256m 207 PRIVATE 208 . 209) 210 211# FPU flags for p256m 212target_compile_options(${MBEDTLS_TARGET_PREFIX}p256m 213 PRIVATE 214 ${COMPILER_CP_FLAG} 215) 216 217target_link_libraries(${MBEDTLS_TARGET_PREFIX}mbedcrypto 218 PRIVATE 219 psa_interface 220 platform_s 221 $<$<BOOL:${MBEDTLS_P256M_ENABLED}>:${MBEDTLS_TARGET_PREFIX}p256m> 222 PUBLIC 223 crypto_service_mbedcrypto_config 224 INTERFACE 225 platform_common_interface 226) 227
