@@ -2030,6 +2030,7 @@ F: board/octavo/osd32mp1-brk/
F: board/octavo/osd32mp1-red/
F: configs/octavo_osd32mp1_brk_defconfig
F: configs/octavo_osd32mp1_red_defconfig
+F: boot/tf-m/
N: Kris Bahnsen <kris@embeddedTS.com>
F: package/wilc-firmware/
@@ -17,6 +17,7 @@ source "boot/shim/Config.in"
source "boot/syslinux/Config.in"
source "boot/ti-k3-boot-firmware/Config.in"
source "boot/ti-k3-r5-loader/Config.in"
+source "boot/tf-m/Config.in"
source "boot/uboot/Config.in"
source "boot/vexpress-firmware/Config.in"
source "boot/xilinx-prebuilt/Config.in"
new file mode 100644
@@ -0,0 +1,95 @@
+config BR2_TARGET_TF_M
+ bool "TrustedFirmware-M (TF-M)"
+ select BR2_HOST_CMAKE_AT_LEAST_3_21
+ help
+ Enable this option if you want to build the TF-M for your
+ ARMv8-M microcontroller.
+
+ https://trustedfirmware-m.readthedocs.io
+
+if BR2_TARGET_TF_M
+choice
+ prompt "TF-M Version"
+ help
+ Select the specific TF-M version you want to use
+
+config BR2_TARGET_TF_M_LATEST_VERSION
+ bool "v2.1.0"
+
+config BR2_TARGET_TF_M_CUSTOM_VERSION
+ bool "Custom version"
+ help
+ This option allows to use a specific official version
+
+config BR2_TARGET_TF_M_CUSTOM_TARBALL
+ bool "Custom tarball"
+
+config BR2_TARGET_TF_M_CUSTOM_GIT
+ bool "Custom Git repository"
+
+endchoice
+
+config BR2_TARGET_TF_M_CUSTOM_TARBALL_LOCATION
+ string "URL of custom TF-M tarball"
+ depends on BR2_TARGET_TF_M_CUSTOM_TARBALL
+
+config BR2_TARGET_TF_M_CUSTOM_VERSION_VALUE
+ string "TF-M version"
+ depends on BR2_TARGET_TF_M_CUSTOM_VERSION
+
+if BR2_TARGET_TF_M_CUSTOM_GIT
+
+config BR2_TARGET_TF_M_CUSTOM_REPO_URL
+ string "URL of custom repository"
+
+config BR2_TARGET_TF_M_CUSTOM_REPO_VERSION
+ string "Custom repository version"
+ help
+ Revision to use in the typical format used by Git
+ E.G. a sha id, a tag, ..
+
+endif
+
+config BR2_TARGET_TF_M_VERSION
+ string
+ default "0c4c99ba33b3e66deea070e149279278dc7647f4" \
+ if BR2_TARGET_TF_M_LATEST_VERSION
+ default "custom" if BR2_TARGET_TF_M_CUSTOM_TARBALL
+ default BR2_TARGET_TF_M_CUSTOM_REPO_VERSION \
+ if BR2_TARGET_TF_M_CUSTOM_GIT
+ default BR2_TARGET_TF_M_CUSTOM_VERSION_VALUE \
+ if BR2_TARGET_TF_M_CUSTOM_VERSION
+
+config BR2_TARGET_TF_M_MBEDTLS_TARBALL_LOCATION
+ string "URL of custom mbedtls tarball" \
+ if !BR2_TARGET_TF_M_LATEST_VERSION
+ default "https://github.com/Mbed-TLS/mbedtls/releases/download/v3.6.0/mbedtls-3.6.0.tar.bz2"
+
+config BR2_TARGET_TF_M_MCUBOOT_TARBALL_LOCATION
+ string "URL of mcuboot tarball" \
+ if !BR2_TARGET_TF_M_LATEST_VERSION
+ default "$(call github,mcu-tools,mcuboot,v2.1.0)/mcuboot-v2.1.0.tar.gz"
+
+config BR2_TARGET_TF_M_CMSIS_TARBALL_LOCATION
+ string "URL of cmsis tarball" \
+ if !BR2_TARGET_TF_M_LATEST_VERSION
+ default "$(call github,arm-software,cmsis_6,d0c460c169)/cmsis-d0c460c169.tar.gz"
+
+config BR2_TARGET_TF_M_QCBOR_TARBALL_LOCATION
+ string "URL of qcbor tarball" \
+ if !BR2_TARGET_TF_M_LATEST_VERSION
+ default "$(call github,laurencelundblade,qcbor,v1.2)/qcbor-v1.2.tar.gz"
+
+config BR2_TARGET_TF_M_PLATFORM
+ string "TF-M platform path"
+ help
+ Target plaform path to build for.
+ E.G. 'arm/mps2/an521'
+
+config BR2_TARGET_TF_M_ADDITIONAL_VARIABLES
+ string "Additional TF-M build variables"
+ help
+ Additional parameters for the TF-M build
+ E.G. '-DTFM_ISOLATION_LEVEL=2 -DCMAKE_BUILD_TYPE=Debug'
+
+endif
new file mode 100644
@@ -0,0 +1,11 @@
+# Locally calculated
+sha256 0b8df41136d4c381787e4149f3a0c002b39a168db7995eef15ebe4f27fa16098 tf-m-0c4c99ba33b3e66deea070e149279278dc7647f4-git4.tar.gz
+sha256 c16df600171bfdae60d22a01f046d742f89ba1046e2e5ed135bbf091b21be34f license.rst
+sha256 3ecf94fcfdaacafb757786a01b7538a61750ebd85c4b024f56ff8ba1490fcd38 mbedtls-3.6.0.tar.bz2
+sha256 9b405ef4c89342f5eae1dd828882f931747f71001cfba7d114801039b52ad09b 3rd_parties/mbedcrypto/LICENSE
+sha256 bcee8c4b5a51477b27c6c587d11f46388823626aba7bd5082c77864a89dcf1b7 mcuboot-v2.1.0.tar.gz
+sha256 86438164119907debf649e2f9f18a43ad506d75421c9d9675700066b0456205d 3rd_parties/mcuboot/LICENSE
+sha256 0f706ad90ada600bd1ddbdf8dc6f2f5910e11de355bb4454b9b4123f0e4ff525 qcbor-v1.2.tar.gz
+sha256 fc6db297a2751188d9c2ece6ee468a295f285b9a24f96eab954a1a823c71be3b 3rd_parties/qcbor/README.md
+sha256 d846342840831f9124157b69b8edcdfcacc5427691f5b3341f714f0235c3cc49 cmsis-d0c460c169.tar.gz
+sha256 b40930bbcf80744c86c46a12bc9da056641d722716c378f5659b9e555ef833e1 3rd_parties/cmsis/LICENSE
new file mode 100644
@@ -0,0 +1,126 @@
+################################################################################
+#
+# TrustedFirmware-M
+#
+################################################################################
+
+TF_M_VERSION = $(call qstrip,$(BR2_TARGET_TF_M_VERSION))
+
+ifeq ($(BR2_TARGET_TF_M_CUSTOM_TARBALL),y)
+# Handle custom FT-M tarballs as specified by the configuration
+TF_M_TARBALL = $(call qstrip,$(BR2_TARGET_TF_M_CUSTOM_TARBALL_LOCATION))
+TF_M_SITE = $(patsubst %/,%,$(dir $(TF_M_TARBALL)))
+TF_M_SOURCE = $(notdir $(TF_M_TARBALL))
+else ifeq ($(BR2_TARGET_TF_M_CUSTOM_GIT),y)
+TF_M_SITE = $(call qstrip,$(BR2_TARGET_TF_M_CUSTOM_REPO_URL))
+TF_M_SITE_METHOD = git
+else
+# Handle stable official TF-M versions
+TF_M_SITE = https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git
+TF_M_SITE_METHOD = git
+# The licensing of custom or from-git versions is unknown
+# This is valid only for the latest (i.e. known) version
+ifeq ($(BR2_TARGET_TF_M_LATEST_VERSION),y)
+TF_M_LICENSE = BSD-3-Clause, Apache-2.0, GPL-2.0-or-later
+TF_M_LICENSE_FILES = \
+ license.rst \
+ 3rd_parties/cmsis/LICENSE \
+ 3rd_parties/mbedcrypto/LICENSE \
+ 3rd_parties/mcuboot/LICENSE \
+ 3rd_parties/qcbor/README.md
+endif
+endif
+
+ifeq ($(BR3_TARGET_TF_M):$(BR2_TARGET_TF_M_LATEST_VERSION),y:)
+BR_NO_CHECK_HASH_FOR += $(TF_M_SOURCE)
+endif
+
+# Use mbedcrypto naming from TF-M instead of mbedtl for easier 3rd
+# parties management
+TF_M_MBEDCRYPTO_TARBALL = $(call qstrip,$(BR2_TARGET_TF_M_MBEDTLS_TARBALL_LOCATION))
+TF_M_MCUBOOT_TARBALL = $(call qstrip,$(BR2_TARGET_TF_M_MCUBOOT_TARBALL_LOCATION))
+TF_M_CMSIS_TARBALL = $(call qstrip,$(BR2_TARGET_TF_M_CMSIS_TARBALL_LOCATION))
+TF_M_QCBOR_TARBALL = $(call qstrip,$(BR2_TARGET_TF_M_QCBOR_TARBALL_LOCATION))
+TF_M_EXTRA_DOWNLOADS += \
+ $(TF_M_MBEDCRYPTO_TARBALL) \
+ $(TF_M_MCUBOOT_TARBALL) \
+ $(TF_M_CMSIS_TARBALL) \
+ $(TF_M_QCBOR_TARBALL)
+
+TF_M_DEPENDENCIES += \
+ $(BR2_CMAKE_HOST_DEPENDENCY) \
+ host-arm-gnu-toolchain \
+ host-python-cbor2 \
+ host-python-click \
+ host-python-cryptography \
+ host-python-jinja2 \
+ host-python-intelhex \
+ host-python-pyyaml
+
+TF_M_3RD_PARTIES = mbedcrypto mcuboot cmsis qcbor
+
+define TF_M_EXTRACT_3RD_PARTIES
+ $(foreach f, $(TF_M_3RD_PARTIES), \
+ mkdir -p $(@D)/3rd_parties/$(f) ; \
+ $(call suitable-extractor,$(notdir $(TF_M_$(call UPPERCASE,$(f))_TARBALL))) \
+ $(TF_M_DL_DIR)/$(notdir $(TF_M_$(call UPPERCASE,$(f))_TARBALL)) | \
+ $(TAR) --strip-components=1 -C $(@D)/3rd_parties/$(f) $(TAR_OPTIONS) -
+ )
+endef
+TF_M_POST_EXTRACT_HOOKS += TF_M_EXTRACT_3RD_PARTIES
+
+define TF_M_PATCH_3RD_PARTIES
+ $(foreach f, $(TF_M_3RD_PARTIES), \
+ if [ -d $(@D)/lib/ext/$(f) ]; then \
+ $(APPLY_PATCHES) $(@D)/3rd_parties/$(f) $(@D)/lib/ext/$(f) \*.patch; \
+ fi;
+ )
+endef
+TF_M_POST_PATCH_HOOKS += TF_M_PATCH_3RD_PARTIES
+
+TF_M_CONF_OPTS += \
+ -DFETCHCONTENT_FULLY_DISCONNECTED=ON \
+ -DCROSS_COMPILE=$(HOST_DIR)/bin/arm-none-eabi \
+ -DMBEDCRYPTO_PATH=$(@D)/3rd_parties/mbedcrypto \
+ -DMCUBOOT_PATH=$(@D)/3rd_parties/mcuboot \
+ -DQCBOR_PATH=$(@D)/3rd_parties/qcbor \
+ -DCMSIS_PATH=$(@D)/3rd_parties/cmsis \
+ -DTFM_PLATFORM=$(call qstrip,$(BR2_TARGET_TF_M_PLATFORM))
+
+define TF_M_CONFIGURE_CMDS
+ rm -f $(@D)/CMakeCache.txt
+ PATH=$(BR_PATH) \
+ $(BR2_CMAKE) -S $(@D) -B $(@D) \
+ $(TF_M_CONF_OPTS) \
+ $(call qstrip,$(BR2_TARGET_TF_M_ADDITIONAL_VARIABLES))
+endef
+
+define TF_M_BUILD_CMDS
+ PATH=$(BR_PATH) \
+ $(BR2_CMAKE) --build $(@D) -- install
+endef
+
+define TF_M_INSTALL_TARGET_CMDS
+ mkdir -p $(BINARIES_DIR)/tf-m
+ $(INSTALL) -D -m 0755 $(@D)/api_ns/bin/*.bin $(BINARIES_DIR)/tf-m
+ $(INSTALL) -D -m 0755 $(@D)/api_ns/bin/*.elf $(BINARIES_DIR)/tf-m
+endef
+
+# Configuration check
+ifeq ($(BR2_TARGET_TF_M)$(BR_BUILDING),yy)
+
+ifeq ($(BR2_TARGET_TF_M_CUSTOM_TARBALL),y)
+ifeq ($(call qstrip,$(BR2_TARGET_TF_M_CUSTOM_TARBALL_LOCATION)),)
+$(error No tarball location specified. Please check BR2_TARGET_TF_M_CUSTOM_TARBALL_LOCATION)
+endif
+endif
+
+ifeq ($(BR2_TARGET_TF_M_CUSTOM_GIT),y)
+ifeq ($(call qstrip,$(BR2_TARGET_TF_M_CUSTOM_REPO_URL)),)
+$(error No repository specified. Please check BR2_TARGET_TF_M_CUSTOM_REPO_URL)
+endif
+endif
+
+endif
+
+$(eval $(generic-package))
@@ -371,6 +371,9 @@ async def fixup_config(sysinfo, configfile):
configlines.remove('BR2_TARGET_S500_BOOTLOADER=y\n')
configlines.remove('BR2_TARGET_S500_BOOTLOADER_BOARD=""\n')
+ if 'BR2_TARGET_TF_M=y\n' in configlines:
+ configlines.append('BR2_TARGET_TF_M_PLATFORM="arm/mps2/an521"\n')
+
if 'BR2_TARGET_TI_K3_R5_LOADER=y\n' in configlines and \
'BR2_TARGET_TI_K3_R5_LOADER_USE_DEFCONFIG=y\n' in configlines and \
'BR2_TARGET_TI_K3_R5_LOADER_BOARD_DEFCONFIG=""\n' in configlines:
Add support for TrustedFirmware-M: https://trustedfirmware-m.readthedocs.io https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE) for Armv8-M, Armv8.1-M architectures (e.g. the Cortex-M33, Cortex-M23, Cortex-M55, Cortex-M85 processors) or dual-core platforms. Signed-off-by: Kory Maincent <kory.maincent@bootlin.com> --- Changes in v5: - Use EXTRA_DOWNLOAD instead of subpackages for 3rd parties. - Remove TF-M tests 3rd parties. - Remove 3rd parties submenu in Kconfig. - Remove useless environment to have a cleaner cmake command. - Replace the build test by a genrandconfig update. Changes in v4: - Fix a recursive dependency loop issue. TF-M was depend on 3rd parties which where was patch dependent on TF-M to have access to their patches. Instead patch the 3rd parties sources in the TF-M packages. Changes in v3: - Add select BR2_HOST_CMAKE_AT_LEAST_3_21 to avoid cmake configure error due to old cmake version. - Fix a Kconfig check-package too long line warning. Changes in v2: - Add TF-M to DEVELOPERS file - Fix few nit. --- DEVELOPERS | 1 + boot/Config.in | 1 + boot/tf-m/Config.in | 95 +++++++++++++++++++++++++++++++++ boot/tf-m/tf-m.hash | 11 ++++ boot/tf-m/tf-m.mk | 126 ++++++++++++++++++++++++++++++++++++++++++++ utils/genrandconfig | 3 ++ 6 files changed, 237 insertions(+) create mode 100644 boot/tf-m/Config.in create mode 100644 boot/tf-m/tf-m.hash create mode 100644 boot/tf-m/tf-m.mk