Commit fb88b0aa authored by Nolwenn Violette's avatar Nolwenn Violette Committed by Ioannis Glaropoulos
Browse files

sample: tfm_ipc: Add nucleo_l552ze_q support 



This commit adds the signing commands and the configuration required
to build a non secure image for a nucleo_l552ze_q.

Signed-off-by: default avatarNolwenn Violette <nolwenn.violette01@st.com>
parent 522235e4

boards/arm/nucleo_l552ze_q/CMakeLists.txt

+56 −0
Original line number Diff line number Diff line
@@ -5,3 +5,59 @@ zephyr_library() 
zephyr_library_sources(pinmux.c)

zephyr_library_include_directories(${ZEPHYR_BASE}/drivers)

endif()



if (CONFIG_BUILD_WITH_TFM)

	# Set default image versions if not defined elsewhere

	if (NOT DEFINED TFM_IMAGE_VERSION_S)

		set(TFM_IMAGE_VERSION_S 0.0.0+0)

	endif()



	if (NOT DEFINED TFM_IMAGE_VERSION_NS)

		set(TFM_IMAGE_VERSION_NS 0.0.0+0)

	endif()



	set(PREPROCESSED_FILE "${CMAKE_BINARY_DIR}/tfm/image_macros_preprocessed")

	set(TFM_MCUBOOT_DIR "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot")



	# Configure which format (full or hash) to include the public key in

	# the image manifest

	set(TFM_PUBLIC_KEY_FORMAT "hash")



	#Create and sign for concatenated binary image, should align with the TF-M BL2

	set_property(GLOBAL APPEND PROPERTY extra_post_build_commands



		#Sign secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py

		ARGS sign

			 --layout ${PREPROCESSED_FILE}_s.c

			 -k ${CONFIG_TFM_KEY_FILE_S}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_S}

			 ${ADD_NS_IMAGE_MIN_VER}

			 ${ADD_SECURITY_COUNTER_S}

			 -H 0x400

			 ${CMAKE_BINARY_DIR}/tfm/install/outputs/STM_NUCLEO_L552ZE_Q/tfm_s.bin

			 ${CMAKE_BINARY_DIR}/tfm_s_signed.bin



		#Sign non-secure binary image with public key

		COMMAND ${PYTHON_EXECUTABLE} ${TFM_MCUBOOT_DIR}/scripts/imgtool.py

		ARGS sign

			 --layout ${PREPROCESSED_FILE}_ns.c

			 -k ${CONFIG_TFM_KEY_FILE_NS}

			 --public-key-format ${TFM_PUBLIC_KEY_FORMAT}

			 --align 1

			 -v ${TFM_IMAGE_VERSION_NS}

			 ${ADD_S_IMAGE_MIN_VER}

			 ${ADD_SECURITY_COUNTER_NS}

			 -H 0x400

			 ${CMAKE_BINARY_DIR}/zephyr/${KERNEL_BIN_NAME}

			 ${CMAKE_BINARY_DIR}/zephyr_ns_signed.bin



		#Copy mcuboot.bin

		COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_BINARY_DIR}/tfm/bl2/ext/mcuboot/mcuboot.bin ${CMAKE_BINARY_DIR}



		#Execute post build script postbuild.sh

		COMMAND ${CMAKE_BINARY_DIR}/tfm/install/postbuild.sh

      )

endif()

boards/arm/nucleo_l552ze_q/board.cmake

+2 −0
Original line number Diff line number Diff line
@@ -5,3 +5,5 @@ board_runner_args(pyocd "--target=stm32l552zetxq") 


include(${ZEPHYR_BASE}/boards/common/pyocd.board.cmake)

include(${ZEPHYR_BASE}/boards/common/openocd.board.cmake)



set(TFM_TARGET_PLATFORM "STM_NUCLEO_L552ZE_Q")

samples/tfm_integration/tfm_ipc/CMakeLists.txt

+16 −6
Original line number Diff line number Diff line
@@ -7,13 +7,23 @@ set(QEMU_KERNEL_OPTION "-device;loader,file=${CMAKE_BINARY_DIR}/tfm_qemu.hex") 


find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})





# Add "tfm" as an external project via the TF-M module's cmake file

if(${TFM_TARGET_PLATFORM} STREQUAL "STM_NUCLEO_L552ZE_Q")

   trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm

                          BOARD ${TFM_TARGET_PLATFORM}

                          IPC

                          CFGFILE "ConfigRegressionIPCTfmLevel2"

                          OUT_VENEERS_FILE VENEERS_FILE

   )

else()

   trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm

                          BOARD ${TFM_TARGET_PLATFORM}

                          IPC

                          CFGFILE "ConfigRegressionIPC"

                          OUT_VENEERS_FILE VENEERS_FILE

  )

endif()



project(tfm_ipc)

samples/tfm_integration/tfm_ipc/README.rst

+30 −1
Original line number Diff line number Diff line
@@ -24,7 +24,7 @@ Building and Running 
********************



This project outputs test status and info to the console. It can be built and

executed on MPS2+ AN521.

executed on MPS2+ AN521 and ST Nucleo L552ZE Q.



On MPS2+ AN521:

===============
@@ -103,6 +103,35 @@ Or, post build: 


      $ ninja run



On ST Nucleo L552ZE Q:

======================



This sample was tested on Ubuntu 18.04 with Zephyr SDK 0.11.3.



Build Zephyr with a non-secure configuration:



   .. code-block:: bash



      $ west build -b nucleo_l552ze_q_ns samples/tfm_integration/tfm_ipc/



Two scripts are avalaible in the ``build/tfm/install`` folder:



  - ``regression.sh``: Sets platform option bytes config and erase platform.

  - ``TFM_UPDATE.sh``: Writes bl2, secure, and non secure image in target.



Run them in the following order to flash the board:



   .. code-block:: bash



      $ ./build/tfm/install/regression.sh

      $ ./build/tfm/install/TFM_UPDATE.sh



Reset the board.



 .. note::

      Note that ``arm-none-eabi-gcc`` should be available in the PATH variable and that ``STM32_Programmer_CLI`` is required to run ``regression.sh`` and ``TFM_UPDATE.sh`` (see https://www.st.com/en/development-tools/stm32cubeprog.html). If you are still having trouble running these scripts, check the Programming and Debugging section of the :ref:`nucleo_l552ze_q_board` documentation.





Sample Output

=============

west.yml

+1 −1
Original line number Diff line number Diff line
@@ -135,7 +135,7 @@ manifest: 
      revision: c39888ff74acf421eeff9a7514fa9b172c3373f7

    - name: trusted-firmware-m

      path: modules/tee/tfm

      revision: 7e51033f7bf4ad54a008e5c3cdf244d1d6954af0

      revision: 7b763c0dc3bd3600f7e73aecca51d82a45cf2e35



  self:

    path: zephyr

CRA Git | Maintained and supported by SUSTech CRA and CCSE