1#-------------------------------------------------------------------------------
2# Copyright (c) 2023-2024, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8# This file is exported to NS side during CMake installation phase and renamed
9# to CMakeLists.txt. It instructs how to build a platform on non-secture side.
10# The structure and sources list are fully platform specific.
11
12add_library(platform_ns)
13
14target_sources(platform_ns
15    PRIVATE
16        device/source/device_definition.c
17        device/source/startup_rse.c
18        device/source/system_core_init.c
19        uart_stdout.c
20)
21
22target_include_directories(platform_ns
23    PRIVATE
24        cmsis_drivers/config
25        device/include
26        native_drivers
27        cmsis_drivers
28    PUBLIC
29        device
30        include
31        ext/cmsis/Include
32        ext/cmsis/Include/m-profile
33        ext/common
34        ext/driver
35        device/config
36)
37
38target_link_libraries(platform_ns
39    PUBLIC
40        platform_region_defs
41)
42
43target_compile_definitions(platform_region_defs
44    INTERFACE
45        $<$<BOOL:${RSE_XIP}>:RSE_XIP>
46        $<$<BOOL:${RSE_DEBUG_UART}>:RSE_DEBUG_UART>
47        $<$<BOOL:${RSE_USE_HOST_UART}>:RSE_USE_HOST_UART>
48        $<$<BOOL:${RSE_USE_HOST_FLASH}>:RSE_USE_HOST_FLASH>
49        $<$<BOOL:${RSE_GPT_SUPPORT}>:RSE_GPT_SUPPORT>
50        $<$<BOOL:${RSE_HAS_EXPANSION_PERIPHERALS}>:RSE_HAS_EXPANSION_PERIPHERALS>
51        $<$<BOOL:${PLATFORM_HAS_PS_NV_OTP_COUNTERS}>:PLATFORM_HAS_PS_NV_OTP_COUNTERS>
52        $<$<BOOL:${RSE_ENABLE_BRINGUP_HELPERS}>:RSE_ENABLE_BRINGUP_HELPERS>
53        $<$<BOOL:${RSE_OTP_TRNG}>:RSE_OTP_TRNG>
54        $<$<BOOL:${RSE_ENABLE_TRAM}>:RSE_ENABLE_TRAM>
55)
56
57# Include region_defs.h and flash_layout.h
58target_include_directories(platform_region_defs
59    INTERFACE
60        partition
61)
62
63if (RSE_XIP)
64    find_package(Python3)
65
66    add_custom_target(tfm_ns_sic_tables
67        ALL
68        SOURCES bin/tfm_ns_sic_tables.bin
69    )
70
71    add_custom_command(OUTPUT bin/tfm_ns_sic_tables.bin
72        DEPENDS $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
73        DEPENDS tfm_ns_bin
74        COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../image_signing/scripts/create_xip_tables.py
75            --input_image $<TARGET_FILE_DIR:tfm_ns>/tfm_ns.bin
76            --table_output_file tfm_ns_sic_tables.bin
77            --encrypted_image_output_file tfm_ns_encrypted.bin
78            --image_version ${MCUBOOT_SECURITY_COUNTER_NS}
79        COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_sic_tables.bin ${CMAKE_BINARY_DIR}/bin
80        COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_encrypted.bin ${CMAKE_BINARY_DIR}/bin
81    )
82
83    add_library(signing_layout_ns OBJECT ../image_signing/layout_files/signing_layout_sic_tables_ns.c)
84
85    target_compile_options(signing_layout_ns
86        PRIVATE
87            $<$<C_COMPILER_ID:GNU>:-E\;-xc>
88            $<$<C_COMPILER_ID:ARMClang>:-E\;-xc>
89            $<$<C_COMPILER_ID:IAR>:--preprocess=ns\;$<TARGET_OBJECTS:signing_layout_ns>>
90    )
91    target_compile_definitions(signing_layout_ns
92        PRIVATE
93            $<$<BOOL:${BL2}>:BL2>
94            $<$<BOOL:${MCUBOOT_IMAGE_NUMBER}>:MCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER}>
95            $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},DIRECT_XIP>:IMAGE_ROM_FIXED>
96    )
97    target_link_libraries(signing_layout_ns
98        PRIVATE
99            platform_region_defs
100    )
101
102    add_custom_target(tfm_ns_sic_tables_signed_bin
103        SOURCES bin/tfm_ns_sic_tables_signed.bin
104    )
105    add_custom_command(OUTPUT bin/tfm_ns_sic_tables_signed.bin
106        DEPENDS tfm_ns_sic_tables
107        DEPENDS tfm_ns_bin signing_layout_ns
108        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../image_signing/scripts
109
110        #Sign non-secure binary image with provided secret key
111        COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../image_signing/scripts/wrapper/wrapper.py
112            -v ${MCUBOOT_IMAGE_VERSION_NS}
113            --layout $<TARGET_OBJECTS:signing_layout_ns>
114            --key ${CMAKE_CURRENT_SOURCE_DIR}/../image_signing/keys/image_ns_signing_private_key.pem
115            --public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
116            --align ${MCUBOOT_ALIGN_VAL}
117            --pad
118            --pad-header
119            -H ${BL2_HEADER_SIZE}
120            -s ${MCUBOOT_SECURITY_COUNTER_NS}
121            -L ${MCUBOOT_ENC_KEY_LEN}
122            -d \"\(0, ${MCUBOOT_S_IMAGE_MIN_VER}\)\"
123            $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
124            $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${CMAKE_CURRENT_SOURCE_DIR}/../image_signing/keys/image_enc_key.pem>
125            $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
126            ${CMAKE_BINARY_DIR}/bin/tfm_ns_sic_tables.bin
127            $<$<STREQUAL:${MCUBOOT_UPGRADE_STRATEGY},OVERWRITE_ONLY>:--overwrite-only>
128            $<$<BOOL:${MCUBOOT_ENC_IMAGES}>:-E${MCUBOOT_KEY_ENC}>
129            $<$<BOOL:${MCUBOOT_MEASURED_BOOT}>:--measured-boot-record>
130            ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_sic_tables_signed.bin
131        COMMAND ${CMAKE_COMMAND} -E copy
132        ${CMAKE_CURRENT_BINARY_DIR}/tfm_ns_sic_tables_signed.bin ${CMAKE_BINARY_DIR}/bin
133    )
134
135    add_custom_target(signed_images
136        ALL
137        DEPENDS bin/tfm_ns_sic_tables_signed.bin
138    )
139endif()
140