Skip to content
Permalink
Browse files

arch: arm: core: tz: Linking of secure entry functions into NS firmware

Add Kconfig options:
 - ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
 - ARM_ENTRY_VENEERS_LIB_NAME

Use these to link the veneers lib into the Non-Secure Firmware when
needed.

Also, make the path passed to the linker absolute to make it work with
makefiles.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
  • Loading branch information...
oyvindronningstad authored and carlescufi committed May 10, 2019
1 parent 42f9e0c commit f032729c918383163198ea92885e7a6414c9781d
Showing with 45 additions and 15 deletions.
  1. +1 −0 arch/arm/core/CMakeLists.txt
  2. +24 −7 arch/arm/core/Kconfig
  3. +20 −8 arch/arm/core/cortex_m/tz/CMakeLists.txt
@@ -33,3 +33,4 @@ add_subdirectory_ifdef(CONFIG_CPU_CORTEX_M cortex_m)
add_subdirectory_ifdef(CONFIG_ARM_MPU cortex_m/mpu)
add_subdirectory_ifdef(CONFIG_CPU_CORTEX_M_HAS_CMSE cortex_m/cmse)
add_subdirectory_ifdef(CONFIG_ARM_SECURE_FIRMWARE cortex_m/tz)
add_subdirectory_ifdef(CONFIG_ARM_NONSECURE_FIRMWARE cortex_m/tz)
@@ -92,11 +92,19 @@ config ARM_NONSECURE_FIRMWARE
resources of the Cortex-M MCU, and, therefore, it shall avoid
accessing them.

menu "ARM Secure Firmware Options"
depends on ARM_SECURE_FIRMWARE

menu "ARM TrustZone Options"
depends on ARM_SECURE_FIRMWARE || ARM_NONSECURE_FIRMWARE

comment "Secure firmware"
depends on ARM_SECURE_FIRMWARE

comment "Non-secure firmware"
depends on !ARM_SECURE_FIRMWARE

config ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
bool "Secure Firmware has Secure Entry functions"
depends on ARM_SECURE_FIRMWARE
help
Option indicates that ARM Secure Firmware contains
Secure Entry functions that may be called from
@@ -120,15 +128,24 @@ config ARM_NSC_REGION_BASE_ADDRESS
a Non-Secure Callable section, depending on the available
security attribution unit (SAU or IDAU) for a given SOC.

config ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
bool "Non-Secure Firmware uses Secure Entry functions"
depends on ARM_NONSECURE_FIRMWARE
help
Option indicates that ARM Non-Secure Firmware uses Secure
Entry functions provided by the Secure Firmware. The Secure
Firmware must be configured to provide these functions.

config ARM_ENTRY_VENEERS_LIB_NAME
string "Entry Veneers symbol file"
depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS
depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS \
|| ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
default "libentryveneers.a"
help
Library file to store the symbol table for
the entry veneers. The library may be used
for building a Non-Secure firmware with
access to Secure Entry functions.
Library file to find the symbol table for the entry veneers.
The library will typically come from building the Secure
Firmware that contains secure entry functions, and allows
the Non-Secure Firmware to call into the Secure Firmware.

endmenu

@@ -2,22 +2,34 @@

# '-mcmse' enables the generation of code for the Secure state of the ARMv8-M
# Security Extensions. This option is required when building a Secure firmware.
zephyr_compile_options(-mcmse)
zephyr_compile_options_ifdef(CONFIG_ARM_SECURE_FIRMWARE -mcmse)

if(CONFIG_ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS)

# --out-implib and --cmse-implib instruct the linker to produce
# an import library that consists of a relocatable file containing
# only a symbol table with the entry veneers. The library may be used
# when building a Non-Secure image which shall have access to Secure
# Entry functions.
# --out-implib and --cmse-implib instruct the linker to produce
# an import library that consists of a relocatable file containing
# only a symbol table with the entry veneers. The library may be used
# when building a Non-Secure image which shall have access to Secure
# Entry functions.
zephyr_ld_options(
${LINKERFLAGPREFIX},--out-implib=${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
${LINKERFLAGPREFIX},--out-implib=${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)

zephyr_ld_options(
${LINKERFLAGPREFIX},--cmse-implib
)

# Indicate that the entry veneers library file is created during linking of this firmware.
set_property(
GLOBAL APPEND PROPERTY
extra_post_build_byproducts
${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)
endif()

zephyr_sources(arm_core_tz.c)
# Link the entry veneers library file with the Non-Secure Firmware that needs it.
zephyr_link_libraries_ifdef(CONFIG_ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS
${CMAKE_BINARY_DIR}/${CONFIG_ARM_ENTRY_VENEERS_LIB_NAME}
)

zephyr_sources_ifdef(CONFIG_ARM_SECURE_FIRMWARE arm_core_tz.c)

0 comments on commit f032729

Please sign in to comment.
You can’t perform that action at this time.