-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathSignTfmImage.cmake
39 lines (36 loc) · 1.6 KB
/
SignTfmImage.cmake
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Copyright 2023-2025 Arm Limited and/or its affiliates
# SPDX-License-Identifier: MIT
list(APPEND CMAKE_MODULE_PATH ${IOT_REFERENCE_ARM_CORSTONE3XX_SOURCE_DIR}/tools/cmake)
include(ConvertElfToBin)
# This function is documented under `Image signing` section in `trusted_firmware-m.md` document located at
# `${IOT_REFERENCE_ARM_CORSTONE3XX_SOURCE_DIR}/docs/components/security/` directory.
function(iot_reference_arm_corstone3xx_tf_m_sign_image target unsigned_image_bin_name signed_bin_name signed_bin_version signature_layout_file pad)
if(${pad})
set(pad_option "--pad")
else()
set(pad_option "")
endif()
add_custom_command(
TARGET
${target}
POST_BUILD
DEPENDS
$<TARGET_FILE_DIR:${target}>/${target}.bin
COMMAND
# Sign the non-secure (application) image for TF-M bootloader (BL2)
python3 ${CONFIG_SPE_PATH}/image_signing/scripts/wrapper/wrapper.py
-v ${signed_bin_version}
--layout ${signature_layout_file}
-k ${CONFIG_SPE_PATH}/image_signing/keys/image_ns_signing_private_key.pem
--public-key-format full
--align 1 --pad-header ${pad_option} -H 0x400 -s auto
--measured-boot-record
--confirm
${SECTORS_BIN_DIR}/${unsigned_image_bin_name}.bin
$<TARGET_FILE_DIR:${target}>/${signed_bin_name}.bin
COMMAND
${CMAKE_COMMAND} -E echo "-- signed: $<TARGET_FILE_DIR:${target}>/${signed_bin_name}.bin"
VERBATIM
)
endfunction()