1#-------------------------------------------------------------------------------
2# SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8cmake_minimum_required(VERSION 3.21)
9
10find_package(Python3)
11
12project("Bootloader" VERSION 0.1.0 LANGUAGES C ASM)
13
14############################### BL2_CRYPTO_CONFIG ##############################
15
16if(NOT ${MCUBOOT_SIGNATURE_TYPE} STREQUAL "")
17    string(REGEX MATCH "[0-9]*$" SIG_LEN ${MCUBOOT_SIGNATURE_TYPE})
18    string(REGEX MATCH "^[A-Z]*" SIG_TYPE ${MCUBOOT_SIGNATURE_TYPE})
19endif()
20
21set(is_ec_signature  "$<STREQUAL:${SIG_TYPE},EC>")
22set(is_rsa_signature "$<STREQUAL:${SIG_TYPE},RSA>")
23
24add_library(bl2_crypto_config INTERFACE)
25
26target_compile_definitions(bl2_crypto_config
27    INTERFACE
28        MBEDTLS_CONFIG_FILE="${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}"
29        MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${MCUBOOT_PSA_CRYPTO_CONFIG_FILEPATH}"
30        # The config files have conditional includes based on these four definitions
31        $<${is_rsa_signature}:MCUBOOT_SIGN_RSA>
32        $<${is_rsa_signature}:MCUBOOT_SIGN_RSA_LEN=${SIG_LEN}>
33        $<${is_ec_signature}:MCUBOOT_SIGN_EC${SIG_LEN}>
34        $<$<BOOL:${MCUBOOT_USE_PSA_CRYPTO}>:MCUBOOT_USE_PSA_CRYPTO>
35)
36
37target_include_directories(bl2_crypto_config
38    INTERFACE
39        ${CMAKE_SOURCE_DIR}/interface/include
40)
41
42# Check if the p256m driver is enabled in the config file, as that will require
43# to build some 3rd party specific source code in addition to Mbed TLS source.
44# Note that 0 means SUCCESS here, 1 means FAILURE
45set(MBEDTLS_P256M_NOT_FOUND 1)
46execute_process(COMMAND
47    ${Python3_EXECUTABLE}
48    ${MBEDCRYPTO_PATH}/scripts/config.py -f "${MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH}" get MBEDTLS_PSA_P256M_DRIVER_ENABLED
49    RESULT_VARIABLE MBEDTLS_P256M_NOT_FOUND)
50
51# If the enablement is conditional, the script would still mark it as found
52if (${MBEDTLS_P256M_NOT_FOUND} EQUAL 0)
53    set(MBEDTLS_P256M_ENABLED true)
54else()
55    set(MBEDTLS_P256M_ENABLED false)
56endif()
57
58############################### BL2_CRYPTO #####################################
59
60# Adds a static library target named 'bl2_fallback_rng' which includes the source file
61# 'src/psa_stub_rng.c'. This source file contains only the __weak stub implementation,
62# serving as a fallback for random number generation in case no other RNG is provided.
63if(NOT CRYPTO_HW_ACCELERATOR)
64    add_library(bl2_fallback_rng STATIC
65        src/psa_stub_rng.c
66    )
67    target_link_libraries(bl2_fallback_rng
68        PUBLIC
69            bl2_crypto_config
70    )
71endif()
72
73set(is_384_bit_curve "$<STREQUAL:${SIG_LEN},384>")
74set(is_256_bit_curve "$<STREQUAL:${SIG_LEN},256>")
75set(build_sha_384    "$<AND:${is_ec_signature},${is_384_bit_curve}>")
76set(build_sha_256    "$<NOT:${build_sha_384}>")
77set(build_p256m      "$<IF:$<BOOL:${MBEDTLS_P256M_ENABLED}>,$<AND:${is_ec_signature},${is_256_bit_curve}>,0>")
78
79list(APPEND BL2_CRYPTO_SRC
80    $<$<BOOL:${MCUBOOT_USE_PSA_CRYPTO}>:${CMAKE_SOURCE_DIR}/lib/ext/thin-psa-crypto-core/thin_psa_crypto_core.c>
81    ${MBEDCRYPTO_PATH}/library/platform.c
82    ${MBEDCRYPTO_PATH}/library/platform_util.c
83    ${MBEDCRYPTO_PATH}/library/memory_buffer_alloc.c
84    ${MBEDCRYPTO_PATH}/library/psa_crypto_hash.c
85    $<${build_sha_256}:${MBEDCRYPTO_PATH}/library/sha256.c>
86    $<${build_sha_384}:${MBEDCRYPTO_PATH}/library/sha512.c>
87    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/psa_crypto_ecp.c>
88    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp.c>
89    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecp_curves.c>
90    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/ecdsa.c>
91    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum.c>
92    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/bignum_core.c>
93    $<$<AND:${is_ec_signature},$<NOT:${build_p256m}>>:${MBEDCRYPTO_PATH}/library/constant_time.c>
94    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/psa_crypto_rsa.c>
95    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa.c>
96    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/rsa_alt_helpers.c>
97    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/bignum.c>
98    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/bignum_core.c>
99    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/constant_time.c>
100    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/asn1parse.c>
101    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/asn1write.c>
102    $<${is_rsa_signature}:${MBEDCRYPTO_PATH}/library/md.c>
103    $<$<AND:${is_ec_signature},${build_p256m}>:${MBEDCRYPTO_PATH}/3rdparty/p256-m/p256-m_driver_entrypoints.c>
104    $<$<AND:${is_ec_signature},${build_p256m}>:${MBEDCRYPTO_PATH}/3rdparty/p256-m/p256-m/p256-m.c>
105    ${MBEDCRYPTO_PATH}/library/aes.c
106)
107
108add_library(bl2_crypto STATIC ${BL2_CRYPTO_SRC})
109
110target_compile_definitions(bl2_crypto
111    PRIVATE
112        $<$<BOOL:${MCUBOOT_ROTPK_SIGN_POLICY}>:MCUBOOT_ROTPK_SIGN_POLICY>
113)
114
115target_include_directories(bl2_crypto
116    PUBLIC
117        ${MBEDCRYPTO_PATH}/library
118)
119
120target_compile_options(bl2_crypto
121    PRIVATE
122        ${BL2_COMPILER_CP_FLAG}
123)
124
125target_link_libraries(bl2_crypto
126    PUBLIC
127        bl2_crypto_config
128)
129
130string(TOLOWER "${CMAKE_BUILD_TYPE}" BUILD_TYPE_LOWER)
131# IAR only allows 1 optimization option for the compilation unit
132if (${BUILD_TYPE_LOWER} STREQUAL "debug" AND NOT ${CMAKE_C_COMPILER_ID} STREQUAL "IAR")
133    set_source_files_properties(${BL2_CRYPTO_SRC}
134        PROPERTIES COMPILE_FLAGS -Os
135    )
136endif()
137
138############################### BL2 ############################################
139
140add_executable(bl2
141    src/flash_map.c
142    src/crt_exit.c
143    $<$<BOOL:${DEFAULT_MCUBOOT_SECURITY_COUNTERS}>:src/security_cnt.c>
144    $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:src/default_flash_map.c>
145    $<$<BOOL:${MCUBOOT_DATA_SHARING}>:src/shared_data.c>
146    $<$<BOOL:${PLATFORM_DEFAULT_PROVISIONING}>:src/provisioning.c>
147    $<$<BOOL:${CONFIG_GNU_SYSCALL_STUB_ENABLED}>:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c>
148)
149
150add_subdirectory(ext/mcuboot)
151
152set_target_properties(bl2
153    PROPERTIES
154        SUFFIX ".axf"
155        RUNTIME_OUTPUT_DIRECTORY "${CMAKE_BINARY_DIR}/bin"
156        ADDITIONAL_CLEAN_FILES "${CMAKE_BINARY_DIR}/generated;${CMAKE_BINARY_DIR}/bin/bl2.map"
157)
158
159target_include_directories(bl2
160    PRIVATE
161        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
162        $<BUILD_INTERFACE:${MCUBOOT_PATH}/boot/bootutil/src>
163)
164
165target_link_libraries(bl2
166    PRIVATE
167        tfm_boot_status
168        $<$<BOOL:${TEST_BL2}>:mcuboot_tests>
169    PUBLIC
170        bl2_crypto
171        $<$<NOT:$<BOOL:${CRYPTO_HW_ACCELERATOR}>>:bl2_fallback_rng>
172)
173
174target_compile_options(bl2
175    PRIVATE
176        ${BL2_COMPILER_CP_FLAG}
177)
178
179target_link_options(bl2
180    PRIVATE
181        $<$<C_COMPILER_ID:GNU>:-Wl,-Map=${CMAKE_BINARY_DIR}/bin/bl2.map>
182        $<$<C_COMPILER_ID:ARMClang>:--map>
183        $<$<C_COMPILER_ID:IAR>:--map\;${CMAKE_BINARY_DIR}/bin/bl2.map>
184        $<$<C_COMPILER_ID:Clang>:LINKER:-Map=${CMAKE_BINARY_DIR}/bin/bl2.map>
185        ${BL2_LINKER_CP_OPTION}
186)
187
188target_compile_definitions(bl2
189    PRIVATE
190        $<$<BOOL:${DEFAULT_MCUBOOT_FLASH_MAP}>:DEFAULT_MCUBOOT_FLASH_MAP>
191        $<$<BOOL:${PLATFORM_PSA_ADAC_SECURE_DEBUG}>:PLATFORM_PSA_ADAC_SECURE_DEBUG>
192        $<$<BOOL:${TEST_BL2}>:TEST_BL2>
193        $<$<BOOL:${TFM_PARTITION_FIRMWARE_UPDATE}>:TFM_PARTITION_FIRMWARE_UPDATE>
194        $<$<AND:$<BOOL:${CONFIG_TFM_BOOT_STORE_MEASUREMENTS}>,$<NOT:$<BOOL:${CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS}>>>:TFM_MEASURED_BOOT_API>
195        $<$<BOOL:${MCUBOOT_BUILTIN_KEY}>:MCUBOOT_BUILTIN_KEY>
196)
197
198add_convert_to_bin_target(bl2)
199
200############################### BOOT HAL # #####################################
201
202add_library(bl2_hal INTERFACE)
203
204target_include_directories(bl2_hal
205    INTERFACE
206        include
207)
208
209############################### CODE SHARING ###################################
210
211if (TFM_CODE_SHARING)
212    target_share_symbols(bl2 ${CMAKE_CURRENT_SOURCE_DIR}/bl2_shared_symbols.txt)
213
214    if (NOT EXISTS ${MBEDCRYPTO_PATH}/library/code_share.c)
215        message(FATAL_ERROR "File ${MBEDCRYPTO_PATH}/library/code_share.c does not exist.
216        Have the patch ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch
217        been applied to the mbedcrypto repo at ${MBEDCRYPTO_PATH}?
218        Hint: The command might be `cd ${MBEDCRYPTO_PATH} && git apply ${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/*.patch`")
219    endif()
220endif()
221