1#-------------------------------------------------------------------------------
2# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8cmake_minimum_required(VERSION 3.21)
9
10project("Bootloader" VERSION 0.1.0 LANGUAGES C ASM)
11
12add_executable(bl2
13    src/flash_map.c
14    $<$<BOOL:${DEFAULT_MCUBOOT_SECURITY_COUNTERS}>:src/security_cnt.c>
15    $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:src/default_flash_map.c>
16    $<$<BOOL:${MCUBOOT_DATA_SHARING}>:src/shared_data.c>
17    $<$<BOOL:${PLATFORM_DEFAULT_PROVISIONING}>:src/provisioning.c>
18    $<$<BOOL:${MCUBOOT_USE_PSA_CRYPTO}>:src/thin_psa_crypto_core.c>
19    $<$<BOOL:${CONFIG_GNU_SYSCALL_STUB_ENABLED}>:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c>
20)
21
22add_subdirectory(ext/mcuboot)
23
24set_target_properties(bl2
25    PROPERTIES
26        SUFFIX ".axf"
27        RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin"
28)
29
30target_include_directories(bl2
31    PRIVATE
32        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
33        $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot/bootutil/src>
34)
35
36target_link_libraries(bl2
37    PRIVATE
38        tfm_boot_status
39        $<$<BOOL:${TEST_BL2}>:mcuboot_tests>
40        platform_bl2
41)
42
43target_compile_options(bl2
44    PRIVATE
45        ${BL2_COMPILER_CP_FLAG}
46)
47
48target_link_options(bl2
49    PRIVATE
50        $<$<C_COMPILER_ID:GNU>:-Wl,-Map=${CMAKE_BINARY_DIR}/bin/bl2.map>
51        $<$<C_COMPILER_ID:ARMClang>:--map>
52        $<$<C_COMPILER_ID:IAR>:--map\;${CMAKE_BINARY_DIR}/bin/bl2.map>
53        ${BL2_LINKER_CP_OPTION}
54)
55
56target_compile_definitions(bl2
57    PRIVATE
58        $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
59        $<$<BOOL:${PLATFORM_PSA_ADAC_SECURE_DEBUG}>:PLATFORM_PSA_ADAC_SECURE_DEBUG>
60        $<$<BOOL:${TEST_BL2}>:TEST_BL2>
61        $<$<BOOL:${TFM_PARTITION_FIRMWARE_UPDATE}>:TFM_PARTITION_FIRMWARE_UPDATE>
62        $<$<AND:$<BOOL:${CONFIG_TFM_BOOT_STORE_MEASUREMENTS}>,$<NOT:$<BOOL:${CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS}>>>:TFM_MEASURED_BOOT_API>
63)
64
65add_convert_to_bin_target(bl2)
66
67############################### BOOT HAL # #####################################
68
69add_library(bl2_hal INTERFACE)
70
71target_include_directories(bl2_hal
72    INTERFACE
73        include
74)
75
76############################### MBEDCRYPTO #####################################
77
78add_library(bl2_mbedcrypto_config INTERFACE)
79
80if(NOT ${MCUBOOT_SIGNATURE_TYPE} STREQUAL "")
81    string(REGEX MATCH "[0-9]*$" SIG_LEN ${MCUBOOT_SIGNATURE_TYPE})
82    string(REGEX MATCH "^[A-Z]*" SIG_TYPE ${MCUBOOT_SIGNATURE_TYPE})
83endif()
84
85# FixMe: The MBEDTLS_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_CONFIG_FILE should be
86# put in a dedicated target that can be linked by other targets, for example
87# bl2 provisioning related targets, to be able to include correctly psa/crypto.h
88target_compile_definitions(bl2_mbedcrypto_config
89    INTERFACE
90        $<$<STREQUAL:${SIG_TYPE},RSA>:MCUBOOT_SIGN_RSA>
91        $<$<STREQUAL:${SIG_TYPE},RSA>:MCUBOOT_SIGN_RSA_LEN=${SIG_LEN}>
92        $<$<BOOL:${MCUBOOT_USE_PSA_CRYPTO}>:MCUBOOT_USE_PSA_CRYPTO>
93        $<$<BOOL:${MCUBOOT_BUILTIN_KEY}>:MCUBOOT_BUILTIN_KEY>
94        $<$<STREQUAL:${SIG_TYPE},EC>:MCUBOOT_SIGN_EC${SIG_LEN}>
95        MBEDTLS_CONFIG_FILE="${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}"
96        MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH}"
97        # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
98        $<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
99        $<$<BOOL:${CC312_LEGACY_DRIVER_API_ENABLED}>:CC312_LEGACY_DRIVER_API_ENABLED>
100)
101
102set(CMAKE_POLICY_DEFAULT_CMP0077 NEW)
103set(CMAKE_POLICY_DEFAULT_CMP0048 NEW)
104set(ENABLE_TESTING OFF)
105set(ENABLE_PROGRAMS OFF)
106set(MBEDTLS_FATAL_WARNINGS OFF)
107set(ENABLE_DOCS OFF)
108set(INSTALL_MBEDTLS_HEADERS OFF)
109set(LIB_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto/install)
110set(GEN_FILES OFF)
111
112# Set the prefix to be used by mbedTLS targets
113set(MBEDTLS_TARGET_PREFIX bl2_)
114
115# Mbedcrypto in Debug builds uses too much memory. As a compromise, if `Debug` build type
116# is selected mbedcrypto will build under `RelWithDebInfo` which preserves debug
117# symbols while optimizing space.
118set(SAVED_BUILD_TYPE ${CMAKE_BUILD_TYPE})
119set(CMAKE_BUILD_TYPE ${MBEDCRYPTO_BUILD_TYPE})
120add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto EXCLUDE_FROM_ALL)
121set(CMAKE_BUILD_TYPE ${SAVED_BUILD_TYPE} CACHE STRING "Build type: [Debug, Release, RelWithDebInfo, MinSizeRel]" FORCE)
122
123if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto)
124    message(FATAL_ERROR "Target ${MBEDTLS_TARGET_PREFIX}mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ?
125    Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`")
126endif()
127
128target_link_libraries(${MBEDTLS_TARGET_PREFIX}mbedcrypto
129    PUBLIC
130        bl2_mbedcrypto_config
131)
132
133target_link_libraries(${MBEDTLS_TARGET_PREFIX}p256m
134    PUBLIC
135        ${MBEDTLS_TARGET_PREFIX}mbedcrypto
136)
137
138target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto
139    PUBLIC
140        ${MBEDCRYPTO_PATH}/library
141)
142
143target_compile_options(${MBEDTLS_TARGET_PREFIX}mbedcrypto
144    PRIVATE
145        ${BL2_COMPILER_CP_FLAG}
146)
147
148target_compile_options(${MBEDTLS_TARGET_PREFIX}p256m
149    PRIVATE
150        ${BL2_COMPILER_CP_FLAG}
151)
152
153############################### CODE SHARING ###################################
154
155if (TFM_CODE_SHARING)
156    target_share_symbols(bl2 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_shared_symbols.txt)
157
158    if (NOT EXISTS ${MBEDCRYPTO_PATH}/library/code_share.c)
159        message(FATAL_ERROR "File ${MBEDCRYPTO_PATH}/library/code_share.c does not exist.
160        Have the patch ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
161        been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH}?
162        Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`")
163    endif()
164endif()
165