trusted-firmware-m: Set --max-sectors when signing

The --max-sectors option helps catch problems with flash overlap when
merging images. If there is a misalignment in flash partitions, the
merge process usually fails. This uses information from Zephyr flash
partitions and the flash controller to automatically determine the
max sectors value and apply it when signing an image.

Signed-off-by: BUDKE Gerson Fernando <[email protected]>

Author: nandojve

modules/trusted-firmware-m/CMakeLists.txt

@@ -453,15 +453,17 @@ if (CONFIG_BUILD_WITH_TFM)
   if(CONFIG_TFM_BL2)
     set(image_alignment 1)
     set(flash_write_block_size 1)
+    set(flash_erase_block_size 1)
 
     dt_chosen(chosen_flash PROPERTY "zephyr,flash")
     if(DEFINED chosen_flash AND chosen_flash)
       dt_prop(flash_write_block_size PATH ${chosen_flash} PROPERTY write-block-size)
+      dt_prop(flash_erase_block_size PATH ${chosen_flash} PROPERTY erase-block-size)
     else()
       message(WARNING
         "The 'zephyr,flash' chosen property is not defined!
-        Using flash_write_block_size default value possible differs from
-        TF-M board definitions resulting in improver sign."
+        Using flash_write_block_size and flash_erase_block_size default values
+        that may differ from TF-M board definitions resulting in invalid signatures."
         )
     endif()
 
@@ -481,9 +483,26 @@ if (CONFIG_BUILD_WITH_TFM)
         set(image_alignment ${flash_write_block_size})
       endif()
     endif()
+
+    # Calculate the maximum number of sectors necessary to store the image.
+    dt_nodelabel(s_partition_node NODELABEL "slot0_partition" REQUIRED)
+    dt_nodelabel(ns_partition_node NODELABEL "slot0_ns_partition" REQUIRED)
+    dt_reg_size(s_partition_size PATH ${s_partition_node})
+    dt_reg_size(ns_partition_size PATH ${ns_partition_node})
+    math(EXPR S_MAX_SECTORS "${s_partition_size} / ${flash_erase_block_size}")
+    math(EXPR NS_MAX_SECTORS "${ns_partition_size} / ${flash_erase_block_size}")
+    if(CONFIG_TFM_MCUBOOT_IMAGE_NUMBER STREQUAL "1")
+      math(EXPR S_NS_MAX_SECTORS "${S_MAX_SECTORS} + ${NS_MAX_SECTORS}")
+    else()
+      if(${S_MAX_SECTORS} GREATER ${NS_MAX_SECTORS})
+        set(S_NS_MAX_SECTORS ${S_MAX_SECTORS})
+      else()
+        set(S_NS_MAX_SECTORS ${NS_MAX_SECTORS})
+      endif()
+    endif()
   endif()
 
-  function(tfm_sign OUT_ARG SUFFIX PAD INPUT_FILE OUTPUT_FILE)
+  function(tfm_sign OUT_ARG SUFFIX PAD MAX_SECTORS INPUT_FILE OUTPUT_FILE)
     if(PAD)
       set(pad_args --pad --pad-header)
     endif()
@@ -503,6 +522,7 @@ if (CONFIG_BUILD_WITH_TFM)
       -k ${CONFIG_TFM_KEY_FILE_${SUFFIX}}
       --public-key-format ${TFM_PUBLIC_KEY_FORMAT}
       --align ${image_alignment}
+      --max-sectors ${MAX_SECTORS}
       -v ${CONFIG_TFM_IMAGE_VERSION_${SUFFIX}}
       ${pad_args}
       ${HEX_ADDR_ARGS_${SUFFIX}}
@@ -543,7 +563,7 @@ if (CONFIG_BUILD_WITH_TFM)
     )
 
   elseif(CONFIG_TFM_MCUBOOT_IMAGE_NUMBER STREQUAL "1")
-    tfm_sign(sign_cmd S_NS TRUE ${S_NS_FILE} ${S_NS_SIGNED_FILE})
+    tfm_sign(sign_cmd S_NS TRUE ${S_NS_MAX_SECTORS} ${S_NS_FILE} ${S_NS_SIGNED_FILE})
 
     set_property(GLOBAL APPEND PROPERTY extra_post_build_commands
       COMMAND ${PYTHON_EXECUTABLE} ${ZEPHYR_BASE}/scripts/build/mergehex.py
@@ -568,12 +588,13 @@ if (CONFIG_BUILD_WITH_TFM)
 
   else()
     if (CONFIG_TFM_USE_NS_APP)
-      tfm_sign(sign_cmd_ns NS TRUE ${NS_APP_FILE} ${NS_SIGNED_FILE})
+      tfm_sign(sign_cmd_ns NS TRUE ${S_NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
     else()
-      tfm_sign(sign_cmd_ns NS FALSE ${NS_APP_FILE} ${NS_SIGNED_FILE})
+      tfm_sign(sign_cmd_ns NS FALSE ${S_NS_MAX_SECTORS} ${NS_APP_FILE} ${NS_SIGNED_FILE})
     endif()
 
-    tfm_sign(sign_cmd_s S TRUE $<TARGET_PROPERTY:tfm,TFM_S_HEX_FILE> ${S_SIGNED_FILE})
+    tfm_sign(sign_cmd_s S TRUE ${S_NS_MAX_SECTORS} $<TARGET_PROPERTY:tfm,TFM_S_HEX_FILE>
+      ${S_SIGNED_FILE})
 
     #Create and sign for concatenated binary image, should align with the TF-M BL2
     set_property(GLOBAL APPEND PROPERTY extra_post_build_commands