boards: nucleo_l552ze_q: Leverage consolidated TFM signing code

endif()

if (CONFIG_BUILD_WITH_TFM)

	# Set default image versions if not defined elsewhere

	if (NOT DEFINED TFM_IMAGE_VERSION_S)

		set(TFM_IMAGE_VERSION_S 0.0.0+0)

	endif()

	if (NOT DEFINED TFM_IMAGE_VERSION_NS)

		set(TFM_IMAGE_VERSION_NS 0.0.0+0)

	endif()

	set(PREPROCESSED_FILE_S "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_s.dir/signing_layout_s.o")

	set(PREPROCESSED_FILE_NS "${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/CMakeFiles/signing_layout_ns.dir/signing_layout_ns.o")

	set(TFM_MCUBOOT_DIR "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/trusted-firmware-m/bl2/ext/mcuboot")

	# Configure which format (full or hash) to include the public key in

	# the image manifest

	set(TFM_PUBLIC_KEY_FORMAT "full")

	#Create and sign for concatenated binary image, should align with the TF-M BL2

	set_property(GLOBAL APPEND PROPERTY extra_post_build_commands

		#Sign secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py

			 --layout ${PREPROCESSED_FILE_S}

			 -k ${CONFIG_TFM_KEY_FILE_S}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_S}

			 --pad

			 --pad-header

			 ${ADD_NS_IMAGE_MIN_VER}

			 -s auto

			 -H 0x400

			 $<TARGET_PROPERTY:tfm,TFM_S_BIN_FILE>

			 ${CMAKE_BINARY_DIR}/tfm_s_signed.bin

		#Sign non-secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/wrapper/wrapper.py

			 --layout ${PREPROCESSED_FILE_NS}

			 -k ${CONFIG_TFM_KEY_FILE_NS}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_NS}

			 -s auto

			 ${ADD_S_IMAGE_MIN_VER}

			 -H 0x400

			 ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_BIN_NAME}

			 ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin

		#Copy mcuboot.bin

		COMMAND ${CMAKE_COMMAND} -E copy $<TARGET_PROPERTY:tfm,BL2_BIN_FILE> ${CMAKE_BINARY_DIR}/mcuboot.bin

	set_property(GLOBAL APPEND PROPERTY extra_post_build_byproducts

		#Execute post build script postbuild.sh

		COMMAND ${CMAKE_BINARY_DIR}/tfm/postbuild.sh ${COMPILER_FULL_PATH}

	)

if(CONFIG_BUILD_WITH_TFM)

  set(FLASH_BASE_ADDRESS_S 0x0C000000)

  if (CONFIG_HAS_FLASH_LOAD_OFFSET)

    MATH(EXPR TFM_HEX_BASE_ADDRESS_NS "${FLASH_BASE_ADDRESS_S}+${CONFIG_FLASH_LOAD_OFFSET}")

  else()

    set(TFM_HEX_BASE_ADDRESS_NS ${TFM_FLASH_BASE_ADDRESS_S})

  endif()

endif()

set_ifndef(BOARD_DEBUG_RUNNER pyocd)

set_ifndef(BOARD_FLASH_RUNNER pyocd)

Building a secure/non-secure with Arm |reg| TrustZone |reg|

-----------------------------------------------------------

The TF-M integration sample :ref:`tfm_ipc` can be run by a Nucleo L552ZE Q, using the ``nucleo_l552ze_q_ns`` target. When building a ``*_ns`` image with TF-M, a ``build/tfm/install/postbuild.sh`` bash script will be run as a post-build step to make some required flash layout changes. The ``build/tfm/install/postbuild.sh`` script will also be used to flash the board. Check the ``build/tfm/install`` directory to ensure that the commands required by these scripts (``readlink``, etc.) are available on your system.

The TF-M integration sample :ref:`tfm_ipc` can be run by a Nucleo L552ZE Q,

using the ``nucleo_l552ze_q_ns`` target. When building a ``*_ns`` image with TF-M,

a ``build/tfm/install/postbuild.sh`` bash script will be run as a post-build step

to make some required flash layout changes. The ``build/tfm/regression.sh`` script

will need to be run to perform device initialization, and then run ``west flash --hex-file build/tfm_merged.hex``

to flash the board.

Check the ``build/tfm/`` directory to ensure that the commands required by these scripts

(``readlink``, etc.) are available on your system. Please also check ``STM32_Programmer_CLI``

used for initialization is available in the PATH.

Debugging

=========