|
| 1 | +FILESEXTRAPATHS:prepend := "${THISDIR}/tf-m-stm32mp:" |
| 2 | + |
| 3 | +PACKAGE_ARCH = "${MACHINE_ARCH}" |
| 4 | + |
| 5 | +CVE_PRODUCT = "arm:trusted_firmware-m" |
| 6 | + |
| 7 | +inherit python3native deploy external-dt |
| 8 | + |
| 9 | +# Baremetal and we bring a compiler below |
| 10 | +INHIBIT_DEFAULT_DEPS = "1" |
| 11 | + |
| 12 | +DEPENDS += "cmake-native \ |
| 13 | + ninja-native \ |
| 14 | + gcc-arm-none-eabi-native \ |
| 15 | + python3-cbor2-native \ |
| 16 | + python3-click-native \ |
| 17 | + python3-cryptography-native \ |
| 18 | + python3-pyasn1-native \ |
| 19 | + python3-imgtool-native \ |
| 20 | + python3-jinja2-native \ |
| 21 | + python3-pyyaml-native \ |
| 22 | + python3-pyelftools-native \ |
| 23 | +" |
| 24 | + |
| 25 | +S = "${WORKDIR}/git" |
| 26 | +B = "${WORKDIR}/build" |
| 27 | + |
| 28 | +# Configure TFM external sources |
| 29 | +TFM_EXTERNAL_SOURCES ??= "1" |
| 30 | + |
| 31 | +# Platform must be set, ideally in the machine configuration. |
| 32 | +TFM_PLATFORMS ?= "stm/stm32mp257f_ev1" |
| 33 | +python() { |
| 34 | + if not d.getVar("TFM_PLATFORMS"): |
| 35 | + raise bb.parse.SkipRecipe("TFM_PLATFORMS needs to be set") |
| 36 | +} |
| 37 | + |
| 38 | +# Build for debug (set TFM_DEBUG to 1 to activate) |
| 39 | +TFM_DEBUG ?= "${@bb.utils.contains('MACHINE_FEATURES', 'm33td', '0', '1', d)}" |
| 40 | + |
| 41 | +PACKAGECONFIG ??= "" |
| 42 | +# Whether to integrate the test suite |
| 43 | +PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" |
| 44 | +PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" |
| 45 | +PACKAGECONFIG[test-psa] = "-DTEST_PSA_API=ON,-DTEST_PSA_API=OFF" |
| 46 | + |
| 47 | +# Currently we only support using the Arm binary GCC |
| 48 | +EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" |
| 49 | + |
| 50 | +# Don't let FetchContent download more sources during do_configure |
| 51 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '-DFETCHCONTENT_FULLY_DISCONNECTED=ON', '', d)}" |
| 52 | + |
| 53 | +# Handle TFM_DEBUG parameter |
| 54 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '-DCMAKE_BUILD_TYPE=Relwithdebinfo', d)}" |
| 55 | + |
| 56 | +# Verbose builds |
| 57 | +EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" |
| 58 | + |
| 59 | +# Path to extra components |
| 60 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '-DMBEDCRYPTO_PATH=${S}/external/mbedtls ', '', d)}" |
| 61 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '-DTFM_TEST_REPO_PATH=${S}/external/tf-m-tests', '', d)}" |
| 62 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '-DMCUBOOT_PATH=${S}/external/mcuboot -DQCBOR_PATH=${S}/external/qcbor', '', d)}" |
| 63 | +EXTRA_OECMAKE += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '-DDDR_PHY_BIN_SRC_PATH=${S}/external/stm32-ddr-phy-binary ', '', d)}" |
| 64 | + |
| 65 | +# SCP firmware |
| 66 | +SCP_FIRMWARE_OECMAKE = "-DSCP_FW_PATH=${S}/external/scp-firmware" |
| 67 | +EXTRA_OECMAKE += " ${SCP_FIRMWARE_OECMAKE}" |
| 68 | + |
| 69 | +# M33TD |
| 70 | +EXTRA_OECMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'm33td', '-DSTM32_M33TDCID=ON', '-DSTM32_M33TDCID=OFF', d)}" |
| 71 | + |
| 72 | +# TFM Profile: medium |
| 73 | +TFM_PROFILE ??= "profile_medium" |
| 74 | +EXTRA_OECMAKE += " ${@'-DTFM_PROFILE=${TFM_PROFILE}' if ((d.getVar('TFM_PROFILE') or '') != '') else ''}" |
| 75 | + |
| 76 | +export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" |
| 77 | + |
| 78 | +# Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application |
| 79 | +CFLAGS[unexport] = "1" |
| 80 | +LDFLAGS[unexport] = "1" |
| 81 | +AS[unexport] = "1" |
| 82 | +LD[unexport] = "1" |
| 83 | + |
| 84 | + |
| 85 | +# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the |
| 86 | +# right path until this is relocated automatically. |
| 87 | +export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" |
| 88 | + |
| 89 | +# Configure for external source download directly from cmake compile |
| 90 | +do_compile[network] = "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', '0', '1', d)}" |
| 91 | +do_compile:prepend() { |
| 92 | + if [ "${TFM_EXTERNAL_SOURCES}" -eq "0" ]; then |
| 93 | + # Used to download cmake dependencies when behind a proxy |
| 94 | + if [ -n "${http_proxy}" ]; then |
| 95 | + export HTTP_PROXY=${http_proxy} |
| 96 | + fi |
| 97 | + if [ -n "${https_proxy}" ]; then |
| 98 | + export HTTPS_PROXY=${https_proxy} |
| 99 | + fi |
| 100 | + fi |
| 101 | +} |
| 102 | + |
| 103 | +# TF-M ships patches that it needs applied to mbedcrypto, so apply them |
| 104 | +# as part of do_patch. |
| 105 | +# Need to apply patches in submodule to avoid failure with 'devtool modify' |
| 106 | +apply_local_patches() { |
| 107 | + cd ${S}/external/mbedtls |
| 108 | + for fp in ${S}/lib/ext/mbedcrypto/*.patch; do |
| 109 | + git am ${fp} |
| 110 | + done |
| 111 | + cd - |
| 112 | +} |
| 113 | +do_patch[postfuncs] += "${@bb.utils.contains('TFM_EXTERNAL_SOURCES', '1', 'apply_local_patches', '', d)}" |
| 114 | + |
| 115 | +do_configure() { |
| 116 | + : |
| 117 | +} |
| 118 | + |
| 119 | +# Invoke install here as there's no point in splitting compile from install: the |
| 120 | +# first thing the build does is 'install' inside the build tree thus causing a |
| 121 | +# rebuild. It also overrides the install prefix to be in the build tree, so you |
| 122 | +# can't use the usual install prefix variables. |
| 123 | +TF_M_DTS_SUB_PATH="platform/ext/target/stm/common/devicetree/dts/arm/stm" |
| 124 | + |
| 125 | +EXTRA_OECMAKE_NS ?= "${@bb.utils.contains('MACHINE_FEATURES','m33td','-DNS=ON','-DNS=OFF',d)} " |
| 126 | + |
| 127 | +do_compile() { |
| 128 | + export PATH=$PATH:${STAGING_DATADIR_NATIVE}/gcc-arm-none-eabi/bin |
| 129 | + for platform in ${TFM_PLATFORMS}; |
| 130 | + do |
| 131 | + for dt in ${TF_M_DEVICETREE}; do |
| 132 | + export PATH=$PATH:${STAGING_DATADIR_NATIVE}/gcc-arm-none-eabi/bin |
| 133 | + EXTRA_OECMAKE_BL2="" |
| 134 | + if ${@bb.utils.contains('MACHINE_FEATURES','m33td','true','false',d)}; then |
| 135 | + EXTRA_OECMAKE_BL2="-DDTS_BOARD_BL2=${dt}-bl2.dts" |
| 136 | + fi |
| 137 | + platform_path=$(echo "$(basename $platform)_${dt}") |
| 138 | + # strategy |
| 139 | + # test devicetree exits: use it |
| 140 | + # else |
| 141 | + # * devicetree not exist * |
| 142 | + # test devicetree with extenstion _s.dts exist: use it |
| 143 | + # else |
| 144 | + # test is external dt |
| 145 | + # if devicetree on external dt exist: use it |
| 146 | + # else |
| 147 | + # use platform |
| 148 | + # else |
| 149 | + # use platform |
| 150 | + if [ -e ${S}/${TF_M_DTS_SUB_PATH}/${dt}.dts ]; then |
| 151 | + echo "cmake -GNinja \ |
| 152 | + -S ${S} -B ${B}/$platform_path \ |
| 153 | + ${EXTRA_OECMAKE} \ |
| 154 | + -DTFM_PLATFORM=$platform \ |
| 155 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 156 | + -DDTS_BOARD_S=${dt}.dts \ |
| 157 | + ${EXTRA_OECMAKE_BL2} \ |
| 158 | + -DDTS_EXT_DIR=${S}/${TF_M_DTS_SUB_PATH}/ \ |
| 159 | + ${EXTRA_OECMAKE_NS} \ |
| 160 | + ${PACKAGECONFIG_CONFARGS}" |
| 161 | + cmake -GNinja \ |
| 162 | + -S ${S} -B ${B}/$platform_path \ |
| 163 | + ${EXTRA_OECMAKE} \ |
| 164 | + -DTFM_PLATFORM=$platform \ |
| 165 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 166 | + -DDTS_BOARD_S=${dt}.dts \ |
| 167 | + ${EXTRA_OECMAKE_BL2} \ |
| 168 | + -DDTS_EXT_DIR=${S}/${TF_M_DTS_SUB_PATH}/ \ |
| 169 | + ${EXTRA_OECMAKE_NS} \ |
| 170 | + ${PACKAGECONFIG_CONFARGS} |
| 171 | + cmake --build ${B}/$platform_path -- install |
| 172 | + else |
| 173 | + if [ -e ${S}/${TF_M_DTS_SUB_PATH}/${dt}-s.dts ]; then |
| 174 | + echo "cmake -GNinja \ |
| 175 | + -S ${S} -B ${B}/$platform_path \ |
| 176 | + ${EXTRA_OECMAKE} \ |
| 177 | + -DTFM_PLATFORM=$platform \ |
| 178 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 179 | + -DDTS_BOARD_S=${dt}-s.dts \ |
| 180 | + ${EXTRA_OECMAKE_BL2} \ |
| 181 | + -DDTS_EXT_DIR=${S}/${TF_M_DTS_SUB_PATH}/ \ |
| 182 | + ${EXTRA_OECMAKE_NS} \ |
| 183 | + ${PACKAGECONFIG_CONFARGS}" |
| 184 | + cmake -GNinja \ |
| 185 | + -S ${S} -B ${B}/$platform_path \ |
| 186 | + ${EXTRA_OECMAKE} \ |
| 187 | + -DTFM_PLATFORM=$platform \ |
| 188 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 189 | + -DDTS_BOARD_S=${dt}-s.dts \ |
| 190 | + ${EXTRA_OECMAKE_BL2} \ |
| 191 | + -DDTS_EXT_DIR=${S}/${TF_M_DTS_SUB_PATH}/ \ |
| 192 | + ${EXTRA_OECMAKE_NS} \ |
| 193 | + ${PACKAGECONFIG_CONFARGS} |
| 194 | + cmake --build ${B}/$platform_path -- install |
| 195 | + else |
| 196 | + if ${@bb.utils.contains('EXTERNAL_DT_ENABLED','1','true','false',d)}; then |
| 197 | + #FIXME need alignment between a35 and m33 namming |
| 198 | + EXTDT_DTS_S="${dt}.dts" |
| 199 | + if ${@bb.utils.contains('MACHINE_FEATURES','m33td','true','false',d)}; then |
| 200 | + EXTDT_DTS_S="${dt}-s.dts" |
| 201 | + fi |
| 202 | + if [ -e ${STAGING_EXTDT_DIR}/${EXTDT_DIR_TF_M}/${EXTDT_DTS_S} ]; then |
| 203 | + echo "cmake -GNinja \ |
| 204 | + -S ${S} -B ${B}/$platform_path \ |
| 205 | + ${EXTRA_OECMAKE} \ |
| 206 | + -DTFM_PLATFORM=$platform \ |
| 207 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 208 | + -DDTS_BOARD_S=${EXTDT_DTS_S} \ |
| 209 | + ${EXTRA_OECMAKE_BL2} \ |
| 210 | + -DDTS_EXT_DIR=${STAGING_EXTDT_DIR}/${EXTDT_DIR_TF_M} \ |
| 211 | + ${EXTRA_OECMAKE_NS} \ |
| 212 | + ${PACKAGECONFIG_CONFARGS}" |
| 213 | + cmake -GNinja \ |
| 214 | + -S ${S} -B ${B}/$platform_path \ |
| 215 | + ${EXTRA_OECMAKE} \ |
| 216 | + -DTFM_PLATFORM=$platform \ |
| 217 | + -DDTS_BOARD_NS=${dt}-ns.dts \ |
| 218 | + -DDTS_BOARD_S=${EXTDT_DTS_S} \ |
| 219 | + ${EXTRA_OECMAKE_BL2} \ |
| 220 | + -DDTS_EXT_DIR=${STAGING_EXTDT_DIR}/${EXTDT_DIR_TF_M} \ |
| 221 | + ${EXTRA_OECMAKE_NS} \ |
| 222 | + ${PACKAGECONFIG_CONFARGS} |
| 223 | + cmake --build ${B}/$platform_path -- install |
| 224 | + else |
| 225 | + bbwarn "TF-M:EXTERNAL-DT: devicetree not found (${EXTDT_DTS_S}) NO TF-M binaries generated" |
| 226 | + fi |
| 227 | + else |
| 228 | + bbwarn "TF-M: devicetree not found (${dt}.dts) NO TF-M binaries generated" |
| 229 | + fi |
| 230 | + fi |
| 231 | + fi |
| 232 | + done |
| 233 | + done |
| 234 | +} |
| 235 | + |
| 236 | +do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" |
| 237 | + |
| 238 | +do_install() { |
| 239 | + # TODO install headers and static libraries when we know how they're used |
| 240 | + # TODO: need to install only binary needed by platform |
| 241 | + install -d -m 755 ${D}/firmware |
| 242 | + for platform in ${TFM_PLATFORMS}; |
| 243 | + do |
| 244 | + for dt in ${TF_M_DEVICETREE}; do |
| 245 | + dt_plat=$(echo ${dt} | sed "s/-/_/g") |
| 246 | + platform_path=$(echo "$(basename $platform)_${dt}") |
| 247 | + for file in $(ls -1 ${B}/$platform_path/bin/tf*); |
| 248 | + do |
| 249 | + file_name=$(basename $file) |
| 250 | + file_renamed=$(echo $file_name | sed "s/tfm/tfm-${dt}/") |
| 251 | + install -m 0644 ${B}/$platform_path/bin/$file_name ${D}/firmware/$file_renamed |
| 252 | + done |
| 253 | + for file in $(ls -1 ${B}/$platform_path/bin/bl2*); |
| 254 | + do |
| 255 | + file_name=$(basename $file) |
| 256 | + file_renamed=$(echo $file_name | sed "s/bl2/bl2-${dt}/") |
| 257 | + install -m 0644 ${B}/$platform_path/bin/$file_name ${D}/firmware/$file_renamed |
| 258 | + done |
| 259 | + for file in $(ls -1 ${B}/$platform_path/bin/ddr*); |
| 260 | + do |
| 261 | + file_name=$(basename $file) |
| 262 | + file_renamed=$(echo $file_name | sed "s/ddr_phy/ddr_phy-${dt}/") |
| 263 | + install -m 0644 ${B}/$platform_path/bin/$file_name ${D}/firmware/$file_renamed |
| 264 | + done |
| 265 | + done |
| 266 | + done |
| 267 | +} |
| 268 | + |
| 269 | +FILES:${PN} = "/firmware" |
| 270 | +SYSROOT_DIRS += "/firmware" |
| 271 | + |
| 272 | +addtask deploy after do_install |
| 273 | +do_deploy() { |
| 274 | + install -d ${DEPLOYDIR}/arm-trusted-firmware-m |
| 275 | + if [ $(find ${D}/firmware/ -type f | wc -l) -gt 0 ]; then |
| 276 | + cp -rf ${D}/firmware/* ${DEPLOYDIR}/arm-trusted-firmware-m |
| 277 | + fi |
| 278 | +} |
| 279 | + |
| 280 | +# Build paths are currently embedded |
| 281 | +INSANE_SKIP:${PN} += "buildpaths" |
| 282 | +INSANE_SKIP:${PN} += "arch" |
0 commit comments