1#-------------------------------------------------------------------------------
2# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8############################### PSA CRYPTO CONFIG ##############################
9# Make sure these are available even if the TFM_PARTITION_CRYPTO is not defined
10
11# This defines the configuration files for the users of the client interface
12set(TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH ${TFM_MBEDCRYPTO_CONFIG_PATH})
13cmake_path(REMOVE_EXTENSION TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH)
14cmake_path(APPEND_STRING TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH "_client.h")
15
16add_library(psa_crypto_config INTERFACE)
17target_compile_definitions(psa_crypto_config
18    INTERFACE
19        MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}"
20        MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_CLIENT_PATH}"
21)
22# The following is required for tfm_plat_crypto_nv_seed.h
23target_include_directories(psa_crypto_config
24    INTERFACE
25        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../../platform/include>
26)
27# This defines the configuration files for the users of the library directly
28add_library(psa_crypto_library_config INTERFACE)
29target_compile_definitions(psa_crypto_library_config
30    INTERFACE
31        MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH}"
32        MBEDTLS_CONFIG_FILE="${TFM_MBEDCRYPTO_CONFIG_PATH}"
33)
34
35if (NOT TFM_PARTITION_CRYPTO)
36    return()
37endif()
38
39find_package(Python3)
40
41cmake_minimum_required(VERSION 3.21)
42
43add_library(tfm_psa_rot_partition_crypto STATIC)
44
45add_dependencies(tfm_psa_rot_partition_crypto manifest_tool)
46
47target_sources(tfm_psa_rot_partition_crypto
48    PRIVATE
49        crypto_init.c
50        crypto_alloc.c
51        crypto_cipher.c
52        crypto_hash.c
53        crypto_mac.c
54        crypto_aead.c
55        crypto_asymmetric.c
56        crypto_key_derivation.c
57        crypto_key_management.c
58        crypto_rng.c
59        crypto_library.c
60        $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:psa_driver_api/tfm_builtin_key_loader.c>
61)
62
63# The generated sources
64target_sources(tfm_psa_rot_partition_crypto
65    PRIVATE
66        ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/intermedia_tfm_crypto.c
67)
68target_sources(tfm_partitions
69    INTERFACE
70        ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto/auto_generated/load_info_tfm_crypto.c
71)
72
73# Set include directory
74target_include_directories(tfm_psa_rot_partition_crypto
75    PRIVATE
76        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
77        ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto
78        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../../interface/include>
79)
80target_include_directories(tfm_partitions
81    INTERFACE
82        ${CMAKE_BINARY_DIR}/generated/secure_fw/partitions/crypto
83)
84
85# Linking to external interfaces
86target_link_libraries(tfm_psa_rot_partition_crypto
87    PRIVATE
88        platform_s
89        crypto_service_mbedcrypto
90        tfm_config
91        tfm_sp_log
92)
93target_compile_definitions(tfm_psa_rot_partition_crypto
94    PRIVATE
95        $<$<STREQUAL:${CRYPTO_HW_ACCELERATOR_TYPE},cc312>:CRYPTO_HW_ACCELERATOR_CC312>
96)
97
98############################ Partition Defs ####################################
99
100target_link_libraries(tfm_partitions
101    INTERFACE
102        tfm_psa_rot_partition_crypto
103)
104
105target_compile_definitions(tfm_config
106    INTERFACE
107        TFM_PARTITION_CRYPTO
108)
109
110############################### MBEDCRYPTO #####################################
111add_library(crypto_service_mbedcrypto_config INTERFACE)
112
113target_compile_definitions(crypto_service_mbedcrypto_config
114    INTERFACE
115        $<$<BOOL:${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}>:MBEDTLS_USER_CONFIG_FILE="${TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH}">
116        # Workaround for https://github.com/ARMmbed/mbedtls/issues/1077
117        $<$<OR:$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv8-m.base>,$<STREQUAL:${TFM_SYSTEM_ARCHITECTURE},armv6-m>>:MULADDC_CANNOT_USE_R7>
118        $<$<BOOL:${PLATFORM_DEFAULT_NV_SEED}>:PLATFORM_DEFAULT_NV_SEED>
119        $<$<BOOL:${PLATFORM_DEFAULT_CRYPTO_KEYS}>:PLATFORM_DEFAULT_CRYPTO_KEYS>
120        $<$<BOOL:${CRYPTO_TFM_BUILTIN_KEYS_DRIVER}>:PSA_CRYPTO_DRIVER_TFM_BUILTIN_KEY_LOADER>
121)
122
123target_link_libraries(crypto_service_mbedcrypto_config
124    INTERFACE
125        tfm_config
126        psa_crypto_library_config
127)
128
129set(CMAKE_POLICY_DEFAULT_CMP0077 NEW)
130set(CMAKE_POLICY_DEFAULT_CMP0048 NEW)
131set(ENABLE_TESTING OFF)
132set(ENABLE_PROGRAMS OFF)
133set(MBEDTLS_FATAL_WARNINGS OFF)
134set(ENABLE_DOCS OFF)
135set(INSTALL_MBEDTLS_HEADERS OFF)
136set(LIB_INSTALL_DIR ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto/install)
137set(GEN_FILES OFF)
138
139# Set the prefix to be used by mbedTLS targets
140set(MBEDTLS_TARGET_PREFIX crypto_service_)
141
142# Check if the p256m driver is enabled in the config file, as that will require a
143# dedicated target to be linked in. Note that 0 means SUCCESS here, 1 means FAILURE
144set(MBEDTLS_P256M_NOT_FOUND 1)
145execute_process(COMMAND
146    ${Python3_EXECUTABLE}
147    ${MBEDCRYPTO_PATH}/scripts/config.py -f "${TFM_MBEDCRYPTO_CONFIG_PATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED
148    RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND)
149
150if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0)
151    message(STATUS "[Crypto service] Using P256M software driver in PSA Crypto backend")
152    set(MBEDTLS_P256M_ENABLED true)
153else()
154    set(MBEDTLS_P256M_ENABLED false)
155endif()
156
157# If the project is configured with CMAKE_BUILD_TYPE="Debug", the value of
158# MBEDCRYPTO_BUILD_TYPE will be set "RelWithDebInfo" to optimize the space
159# of the Debug build. If the goal is to debug Mbed TLS code itself, the
160# MBEDCRYPTO_BUILD_TYPE must be set manually here
161set(SAVED_BUILD_TYPE ${CMAKE_BUILD_TYPE})
162set(CMAKE_BUILD_TYPE ${MBEDCRYPTO_BUILD_TYPE})
163add_subdirectory(${MBEDCRYPTO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto EXCLUDE_FROM_ALL)
164set(CMAKE_BUILD_TYPE ${SAVED_BUILD_TYPE} CACHE STRING "Build type: [Debug, Release, RelWithDebInfo, MinSizeRel]" FORCE)
165
166if(NOT TARGET ${MBEDTLS_TARGET_PREFIX}mbedcrypto)
167    message(FATAL_ERROR "[Crypto service] Target ${MBEDTLS_TARGET_PREFIX}mbedcrypto does not exist. Have the patches in ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH} ?
168    Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`")
169endif()
170
171target_include_directories(${MBEDTLS_TARGET_PREFIX}mbedcrypto
172    PUBLIC
173        ${CMAKE_CURRENT_SOURCE_DIR}
174        ${CMAKE_CURRENT_SOURCE_DIR}/psa_driver_api
175        # The following is required for psa/error.h
176        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../../interface/include>
177)
178
179# Fix platform_s and crypto_service_mbedcrypto libraries cyclic linking
180set_target_properties(${MBEDTLS_TARGET_PREFIX}mbedcrypto PROPERTIES LINK_INTERFACE_MULTIPLICITY 3)
181
182target_sources(${MBEDTLS_TARGET_PREFIX}mbedcrypto
183    PRIVATE
184        $<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:${CMAKE_CURRENT_SOURCE_DIR}/tfm_mbedcrypto_alt.c>
185)
186
187target_compile_options(${MBEDTLS_TARGET_PREFIX}mbedcrypto
188    PRIVATE
189        $<$<C_COMPILER_ID:GNU>:-Wno-unused-const-variable>
190        $<$<C_COMPILER_ID:GNU>:-Wno-unused-parameter>
191        $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-const-variable>
192        $<$<C_COMPILER_ID:ARMClang>:-Wno-unused-parameter>
193)
194
195if(MBEDTLS_P256M_ENABLED)
196    # FixMe: The p256m CmakeLists.txt in version 3.5.0 has an issue with target
197    # names and for this reason we need to force those defines at this stage
198    target_compile_definitions(${MBEDTLS_TARGET_PREFIX}p256m
199        PRIVATE
200            MBEDTLS_PSA_P256M_DRIVER_ENABLED
201            MBEDTLS_PSA_CRYPTO_SPM
202    )
203
204    # The crypto_spe.h to be passed to p256m is here
205    target_include_directories(${MBEDTLS_TARGET_PREFIX}p256m
206        PRIVATE
207            ${CMAKE_CURRENT_SOURCE_DIR}
208    )
209
210    # FPU flags for p256m
211    target_compile_options(${MBEDTLS_TARGET_PREFIX}p256m
212        PRIVATE
213            ${COMPILER_CP_FLAG}
214    )
215endif()
216
217target_link_libraries(${MBEDTLS_TARGET_PREFIX}mbedcrypto
218    PRIVATE
219        platform_s
220        $<$<BOOL:${MBEDTLS_P256M_ENABLED}>:${MBEDTLS_TARGET_PREFIX}p256m>
221    PUBLIC
222        crypto_service_mbedcrypto_config
223    INTERFACE
224        platform_common_interface
225)
226