trusted-firmware-m: Set --confirm when signing

nandojve · nandojve · commit 3bc5390a6246 · 2025-08-13T18:06:35.000+02:00
The current behaviour from signing an image add --pad but do not confirm
the image. This seems to be a mistake because user should inspect in the
Firmware Upgrade software the image status. This means that if an image
is not --confirmed the FSM can not infer correct states. This set the
image as confirmed to fix this issue.

Signed-off-by: BUDKE Gerson Fernando &lt;gerson.budke@leica-geosystems.com&gt;
diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt
@@ -472,14 +472,18 @@ if (CONFIG_BUILD_WITH_TFM)
   math(EXPR S_MAX_SECTORS "${s_partition_size} / ${flash_erase_block_size}")
   math(EXPR NS_MAX_SECTORS "${ns_partition_size} / ${flash_erase_block_size}")
 
-  function(tfm_sign OUT_ARG SUFFIX HEADER TRAILER MAX_SECTORS INPUT_FILE OUTPUT_FILE)
+  function(tfm_sign OUT_ARG SUFFIX HEADER TRAILER CONFIRM MAX_SECTORS INPUT_FILE OUTPUT_FILE)
     if(HEADER AND TRAILER)
       set(pad_args --pad --pad-header)
     elseif(HEADER)
       set(pad_args --pad-header)
     elseif(TRAILER)
       set(pad_args --pad)
     endif()
+    if(CONFIRM)
+      # --confirm imply PAD
+      set(confim --confirm)
+    endif()
     # Secure + Non-secure images are signed the same way as a secure only
     # build, but with a different layout file.
     set(layout_file ${PREPROCESSED_FILE_${SUFFIX}})
@@ -499,6 +503,7 @@ if (CONFIG_BUILD_WITH_TFM)
       --max-sectors ${MAX_SECTORS}
       -v ${CONFIG_TFM_IMAGE_VERSION_${SUFFIX}}
       ${pad_args}
+      ${confim}
       ${HEX_ADDR_ARGS_${SUFFIX}}
       ${ADD_${SUFFIX}_IMAGE_MIN_VER}
       -s ${CONFIG_TFM_IMAGE_SECURITY_COUNTER}
@@ -537,7 +542,7 @@ if (CONFIG_BUILD_WITH_TFM)
     )
 
   elseif(CONFIG_TFM_MCUBOOT_IMAGE_NUMBER STREQUAL "1")
-    tfm_sign(sign_cmd S_NS TRUE TRUE ${S_MAX_SECTORS} ${S_NS_FILE} ${S_NS_SIGNED_FILE})
+    tfm_sign(sign_cmd S_NS TRUE TRUE TRUE ${S_MAX_SECTORS} ${S_NS_FILE} ${S_NS_SIGNED_FILE})
 
     set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
       COMMAND ${PYTHON_EXECUTABLE} ${ZEPHYR_BASE}/scripts/build/mergehex.py
@@ -562,12 +567,12 @@ if (CONFIG_BUILD_WITH_TFM)
 
   else()
     if (CONFIG_TFM_USE_NS_APP)
-      tfm_sign(sign_cmd_ns NS TRUE TRUE ${NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
+      tfm_sign(sign_cmd_ns NS TRUE TRUE TRUE ${NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
     else()
-      tfm_sign(sign_cmd_ns NS FALSE TRUE ${NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
+      tfm_sign(sign_cmd_ns NS FALSE TRUE TRUE ${NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
     endif()
 
-    tfm_sign(sign_cmd_s S TRUE TRUE ${S_MAX_SECTORS} $<TARGET_PROPERTY:tfm,TFM_S_HEX_FILE> ${S_SIGNED_FILE})
+    tfm_sign(sign_cmd_s S TRUE TRUE TRUE ${S_MAX_SECTORS} $<TARGET_PROPERTY:tfm,TFM_S_HEX_FILE> ${S_SIGNED_FILE})
 
     #Create and sign for concatenated binary image, should align with the TF-M BL2
     set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
