sample: tfm_ipc: Add nucleo_l552ze_q support

This commit adds the signing commands and the configuration required to build a non secure image for a nucleo_l552ze_q. Signed-off-by: Nolwenn Violette <nolwenn.violette01@st.com>
2020-08-12 14:41:25 +02:00 · 2020-08-12 14:41:25 +02:00 · fb88b0aafc
commit fb88b0aafc
parent 522235e418
5 changed files with 105 additions and 8 deletions
--- a/boards/arm/nucleo_l552ze_q/CMakeLists.txt
+++ b/boards/arm/nucleo_l552ze_q/CMakeLists.txt
@ -5,3 +5,59 @@ zephyr_library()
 zephyr_library_sources(pinmux.c)
 zephyr_library_include_directories(${ZEPHYR_BASE}/drivers)
 endif()
+
+if (CONFIG_BUILD_WITH_TFM)
+	# Set default image versions if not defined elsewhere
+	if (NOT DEFINED TFM_IMAGE_VERSION_S)
+		set(TFM_IMAGE_VERSION_S 0.0.0+0)
+	endif()
+
+	if (NOT DEFINED TFM_IMAGE_VERSION_NS)
+		set(TFM_IMAGE_VERSION_NS 0.0.0+0)
+	endif()
+
+	set(PREPROCESSED_FILE "${CMAKE_BINARY_DIR}/tfm/image_macros_preprocessed")
+	set(TFM_MCUBOOT_DIR "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot")
+
+	# Configure which format (full or hash) to include the public key in
+	# the image manifest
+	set(TFM_PUBLIC_KEY_FORMAT "hash")
+
+	#Create and sign for concatenated binary image, should align with the TF-M BL2
+	set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
+
+		#Sign secure binary image with public key
+		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py
+		ARGS sign
+			 --layout ${PREPROCESSED_FILE}_s.c
+			 -k ${CONFIG_TFM_KEY_FILE_S}
+			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}
+			 --align 1
+			 -v ${TFM_IMAGE_VERSION_S}
+			 ${ADD_NS_IMAGE_MIN_VER}
+			 ${ADD_SECURITY_COUNTER_S}
+			 -H 0x400
+			 ${CMAKE_BINARY_DIR}/tfm/install/outputs/STM_NUCLEO_L552ZE_Q/tfm_s.bin
+			 ${CMAKE_BINARY_DIR}/tfm_s_signed.bin
+
+		#Sign non-secure binary image with public key
+		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py
+		ARGS sign
+			 --layout ${PREPROCESSED_FILE}_ns.c
+			 -k ${CONFIG_TFM_KEY_FILE_NS}
+			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}
+			 --align 1
+			 -v ${TFM_IMAGE_VERSION_NS}
+			 ${ADD_S_IMAGE_MIN_VER}
+			 ${ADD_SECURITY_COUNTER_NS}
+			 -H 0x400
+			 ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_BIN_NAME}
+			 ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin
+
+		#Copy mcuboot.bin
+		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/mcuboot.bin ${CMAKE_BINARY_DIR}
+
+		#Execute post build script postbuild.sh
+		COMMAND ${CMAKE_BINARY_DIR}/tfm/install/postbuild.sh
+      )
+endif()
--- a/boards/arm/nucleo_l552ze_q/board.cmake
+++ b/boards/arm/nucleo_l552ze_q/board.cmake
@ -5,3 +5,5 @@ board_runner_args(pyocd "--target=stm32l552zetxq")

 include(${ZEPHYR_BASE}/boards/common/pyocd.board.cmake)
 include(${ZEPHYR_BASE}/boards/common/openocd.board.cmake)
+
+set(TFM_TARGET_PLATFORM "STM_NUCLEO_L552ZE_Q")
--- a/samples/tfm_integration/tfm_ipc/CMakeLists.txt
+++ b/samples/tfm_integration/tfm_ipc/CMakeLists.txt
@ -7,13 +7,23 @@ set(QEMU_KERNEL_OPTION "-device;loader,file=${CMAKE_BINARY_DIR}/tfm_qemu.hex")

 find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})

+
 # Add "tfm" as an external project via the TF-M module's cmake file
-trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
-                       BOARD ${TFM_TARGET_PLATFORM}
-                       IPC
-                       CFGFILE "ConfigRegressionIPC"
-                       OUT_VENEERS_FILE VENEERS_FILE
-)
+if(${TFM_TARGET_PLATFORM} STREQUAL "STM_NUCLEO_L552ZE_Q")
+   trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
+                          BOARD ${TFM_TARGET_PLATFORM}
+                          IPC
+                          CFGFILE "ConfigRegressionIPCTfmLevel2"
+                          OUT_VENEERS_FILE VENEERS_FILE
+   )
+else()
+   trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
+                          BOARD ${TFM_TARGET_PLATFORM}
+                          IPC
+                          CFGFILE "ConfigRegressionIPC"
+                          OUT_VENEERS_FILE VENEERS_FILE
+  )
+endif()

 project(tfm_ipc)

--- a/samples/tfm_integration/tfm_ipc/README.rst
+++ b/samples/tfm_integration/tfm_ipc/README.rst
@ -24,7 +24,7 @@ Building and Running
 ********************

 This project outputs test status and info to the console. It can be built and
-executed on MPS2+ AN521.
+executed on MPS2+ AN521 and ST Nucleo L552ZE Q.

 On MPS2+ AN521:
 ===============
@ -103,6 +103,35 @@ Or, post build:

      $ ninja run

+On ST Nucleo L552ZE Q:
+======================
+
+This sample was tested on Ubuntu 18.04 with Zephyr SDK 0.11.3.
+
+Build Zephyr with a non-secure configuration:
+
+   .. code-block:: bash
+
+      $ west build -b nucleo_l552ze_q_ns samples/tfm_integration/tfm_ipc/
+
+Two scripts are avalaible in the ``build/tfm/install`` folder:
+
+  - ``regression.sh``: Sets platform option bytes config and erase platform.
+  - ``TFM_UPDATE.sh``: Writes bl2, secure, and non secure image in target.
+
+Run them in the following order to flash the board:
+
+   .. code-block:: bash
+
+      $ ./build/tfm/install/regression.sh
+      $ ./build/tfm/install/TFM_UPDATE.sh
+
+Reset the board.
+
+ .. note::
+      Note that ``arm-none-eabi-gcc`` should be available in the PATH variable and that ``STM32_Programmer_CLI`` is required to run ``regression.sh`` and ``TFM_UPDATE.sh`` (see https://www.st.com/en/development-tools/stm32cubeprog.html). If you are still having trouble running these scripts, check the Programming and Debugging section of the :ref:`nucleo_l552ze_q_board` documentation.
+
+
 Sample Output
 =============

--- a/west.yml
+++ b/west.yml
@ -135,7 +135,7 @@ manifest:
      revision: c39888ff74acf421eeff9a7514fa9b172c3373f7
    - name: trusted-firmware-m
      path: modules/tee/tfm
-      revision: 7e51033f7bf4ad54a008e5c3cdf244d1d6954af0
+      revision: 7b763c0dc3bd3600f7e73aecca51d82a45cf2e35

  self:
    path: zephyr