Skip to content

Commit

Permalink
arch: arm: core: tz: Linking of secure entry functions into NS firmware
Browse files Browse the repository at this point in the history
Add Kconfig options:
 - ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
 - ARM_ENTRY_VENEERS_LIB_NAME

Use these to link the veneers lib into the Non-Secure Firmware when
needed.

Also, make the path passed to the linker absolute to make it work with
makefiles.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
  • Loading branch information
oyvindronningstad authored and carlescufi committed May 30, 2019
1 parent 42f9e0c commit f032729
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 15 deletions.
1 change: 1 addition & 0 deletions arch/arm/core/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,4 @@ add_subdirectory_ifdef(CONFIG_CPU_CORTEX_M cortex_m)
add_subdirectory_ifdef(CONFIG_ARM_MPU cortex_m/mpu)
add_subdirectory_ifdef(CONFIG_CPU_CORTEX_M_HAS_CMSE cortex_m/cmse)
add_subdirectory_ifdef(CONFIG_ARM_SECURE_FIRMWARE cortex_m/tz)
add_subdirectory_ifdef(CONFIG_ARM_NONSECURE_FIRMWARE cortex_m/tz)
31 changes: 24 additions & 7 deletions arch/arm/core/Kconfig
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,19 @@ config ARM_NONSECURE_FIRMWARE
resources of the Cortex-M MCU, and, therefore, it shall avoid
accessing them.

menu "ARM Secure Firmware Options"
depends on ARM_SECURE_FIRMWARE

menu "ARM TrustZone Options"
depends on ARM_SECURE_FIRMWARE || ARM_NONSECURE_FIRMWARE

comment "Secure firmware"
depends on ARM_SECURE_FIRMWARE

comment "Non-secure firmware"
depends on !ARM_SECURE_FIRMWARE

config ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
bool "Secure Firmware has Secure Entry functions"
depends on ARM_SECURE_FIRMWARE
help
Option indicates that ARM Secure Firmware contains
Secure Entry functions that may be called from
Expand All @@ -120,15 +128,24 @@ config ARM_NSC_REGION_BASE_ADDRESS
a Non-Secure Callable section, depending on the available
security attribution unit (SAU or IDAU) for a given SOC.

config ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
bool "Non-Secure Firmware uses Secure Entry functions"
depends on ARM_NONSECURE_FIRMWARE
help
Option indicates that ARM Non-Secure Firmware uses Secure
Entry functions provided by the Secure Firmware. The Secure
Firmware must be configured to provide these functions.

config ARM_ENTRY_VENEERS_LIB_NAME
string "Entry Veneers symbol file"
depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS \
|| ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
default "libentryveneers.a"
help
Library file to store the symbol table for
the entry veneers. The library may be used
for building a Non-Secure firmware with
access to Secure Entry functions.
Library file to find the symbol table for the entry veneers.
The library will typically come from building the Secure
Firmware that contains secure entry functions, and allows
the Non-Secure Firmware to call into the Secure Firmware.

endmenu

Expand Down
28 changes: 20 additions & 8 deletions arch/arm/core/cortex_m/tz/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,34 @@

# '-mcmse' enables the generation of code for the Secure state of the ARMv8-M
# Security Extensions. This option is required when building a Secure firmware.
zephyr_compile_options(-mcmse)
zephyr_compile_options_ifdef(CONFIG_ARM_SECURE_FIRMWARE -mcmse)

if(CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS)

# --out-implib and --cmse-implib instruct the linker to produce
# an import library that consists of a relocatable file containing
# only a symbol table with the entry veneers. The library may be used
# when building a Non-Secure image which shall have access to Secure
# Entry functions.
# --out-implib and --cmse-implib instruct the linker to produce
# an import library that consists of a relocatable file containing
# only a symbol table with the entry veneers. The library may be used
# when building a Non-Secure image which shall have access to Secure
# Entry functions.
zephyr_ld_options(
${LINKERFLAGPREFIX},--out-implib=${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
${LINKERFLAGPREFIX},--out-implib=${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)

zephyr_ld_options(
${LINKERFLAGPREFIX},--cmse-implib
)

# Indicate that the entry veneers library file is created during linking of this firmware.
set_property(
GLOBAL APPEND PROPERTY
extra_post_build_byproducts
${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)
endif()

zephyr_sources(arm_core_tz.c)
# Link the entry veneers library file with the Non-Secure Firmware that needs it.
zephyr_link_libraries_ifdef(CONFIG_ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)

zephyr_sources_ifdef(CONFIG_ARM_SECURE_FIRMWARE arm_core_tz.c)

0 comments on commit f032729

Please sign in to comment.