Brad Bishop | bec4ebc | 2022-08-03 09:55:16 -0400 | [diff] [blame] | 1 | # SPDX-License-Identifier: MIT |
| 2 | # |
| 3 | # Copyright (c) 2020 Arm Limited |
| 4 | # |
| 5 | |
| 6 | SUMMARY = "Trusted Firmware for Cortex-M" |
| 7 | DESCRIPTION = "Trusted Firmware-M" |
| 8 | HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" |
| 9 | PROVIDES = "virtual/trusted-firmware-m" |
| 10 | |
| 11 | LICENSE = "BSD-3-Clause & Apache-2.0" |
| 12 | |
| 13 | LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \ |
| 14 | file://../tf-m-tests/license.rst;md5=02d06ffb8d9f099ff4961c0cb0183a18 \ |
| 15 | file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \ |
| 16 | file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8" |
| 17 | |
| 18 | SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \ |
| 19 | git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=release/1.6.x;name=tfm-tests;destsuffix=git/tf-m-tests \ |
| 20 | git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \ |
| 21 | git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \ |
| 22 | " |
| 23 | |
| 24 | # The required dependencies are documented in tf-m/config/config_default.cmake |
| 25 | # TF-Mv1.6.0 |
| 26 | SRCBRANCH_tfm = "release/1.6.x" |
| 27 | SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8" |
| 28 | # mbedtls-3.1.0 |
| 29 | SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49" |
| 30 | # TF-Mv1.6.0 |
| 31 | SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213" |
| 32 | # v1.9.0 |
| 33 | SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd" |
| 34 | |
| 35 | UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" |
| 36 | |
| 37 | # Note to future readers of this recipe: until the CMakeLists don't abuse |
| 38 | # installation (see do_install) there is no point in trying to inherit |
| 39 | # cmake here. You can easily short-circuit the toolchain but the install |
| 40 | # is so convoluted there's no gain. |
| 41 | |
| 42 | inherit python3native deploy |
| 43 | |
| 44 | # Baremetal and we bring a compiler below |
| 45 | INHIBIT_DEFAULT_DEPS = "1" |
| 46 | |
| 47 | PACKAGE_ARCH = "${MACHINE_ARCH}" |
| 48 | |
| 49 | DEPENDS += "cmake-native \ |
| 50 | ninja-native \ |
| 51 | gcc-arm-none-eabi-native \ |
| 52 | python3-intelhex-native \ |
| 53 | python3-jinja2-native \ |
| 54 | python3-pyyaml-native \ |
| 55 | python3-click-native \ |
| 56 | python3-cryptography-native \ |
| 57 | python3-cbor2-native" |
| 58 | |
| 59 | S = "${WORKDIR}/git/tfm" |
| 60 | B = "${WORKDIR}/build" |
| 61 | |
| 62 | # Build for debug (set TFM_DEBUG to 1 to activate) |
| 63 | TFM_DEBUG ?= "0" |
| 64 | |
| 65 | # Platform must be set, ideally in the machine configuration. |
| 66 | TFM_PLATFORM ?= "" |
| 67 | python() { |
| 68 | if not d.getVar("TFM_PLATFORM"): |
| 69 | raise bb.parse.SkipRecipe("TFM_PLATFORM needs to be set") |
| 70 | } |
| 71 | |
| 72 | PACKAGECONFIG ??= "" |
| 73 | # Whether to integrate the test suite |
| 74 | PACKAGECONFIG[test-secure] = "-DTEST_S=ON,-DTEST_S=OFF" |
| 75 | PACKAGECONFIG[test-nonsecure] = "-DTEST_NS=ON,-DTEST_NS=OFF" |
| 76 | |
| 77 | # Currently we only support using the Arm binary GCC |
| 78 | EXTRA_OECMAKE += "-DTFM_TOOLCHAIN_FILE=${S}/toolchain_GNUARM.cmake" |
| 79 | |
| 80 | # Don't let FetchContent download more sources during do_configure |
| 81 | EXTRA_OECMAKE += "-DFETCHCONTENT_FULLY_DISCONNECTED=ON" |
| 82 | |
| 83 | # Add platform parameters |
| 84 | EXTRA_OECMAKE += "-DTFM_PLATFORM=${TFM_PLATFORM}" |
| 85 | |
| 86 | # Handle TFM_DEBUG parameter |
| 87 | EXTRA_OECMAKE += "${@bb.utils.contains('TFM_DEBUG', '1', '-DCMAKE_BUILD_TYPE=Debug', '', d)}" |
| 88 | |
| 89 | # Verbose builds |
| 90 | EXTRA_OECMAKE += "-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON" |
| 91 | |
| 92 | EXTRA_OECMAKE += "-DMBEDCRYPTO_PATH=${S}/../mbedtls -DTFM_TEST_REPO_PATH=${S}/../tf-m-tests -DMCUBOOT_PATH=${S}/../mcuboot" |
| 93 | |
| 94 | export CMAKE_BUILD_PARALLEL_LEVEL = "${@oe.utils.parallel_make(d, False)}" |
| 95 | |
| 96 | # Let the Makefile handle setting up the CFLAGS and LDFLAGS as it is a standalone application |
| 97 | CFLAGS[unexport] = "1" |
| 98 | LDFLAGS[unexport] = "1" |
| 99 | AS[unexport] = "1" |
| 100 | LD[unexport] = "1" |
| 101 | |
| 102 | # python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the |
| 103 | # right path until this is relocated automatically. |
| 104 | export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules" |
| 105 | |
| 106 | # TF-M ships patches that it needs applied to mbedcrypto, so apply them |
| 107 | # as part of do_patch. |
| 108 | apply_local_patches() { |
| 109 | cat ${S}/lib/ext/mbedcrypto/*.patch | patch -p1 -d ${S}/../mbedtls |
| 110 | } |
| 111 | do_patch[postfuncs] += "apply_local_patches" |
| 112 | |
| 113 | do_configure[cleandirs] = "${B}" |
| 114 | do_configure() { |
| 115 | cmake -GNinja -S ${S} -B ${B} ${EXTRA_OECMAKE} ${PACKAGECONFIG_CONFARGS} |
| 116 | } |
| 117 | |
| 118 | # Invoke install here as there's no point in splitting compile from install: the |
| 119 | # first thing the build does is 'install' inside the build tree thus causing a |
| 120 | # rebuild. It also overrides the install prefix to be in the build tree, so you |
| 121 | # can't use the usual install prefix variables. |
| 122 | do_compile() { |
| 123 | cmake --build ${B} -- install |
| 124 | } |
| 125 | do_compile[progress] = "outof:^\[(\d+)/(\d+)\]\s+" |
| 126 | |
| 127 | do_install() { |
| 128 | # TODO install headers and static libraries when we know how they're used |
| 129 | install -d -m 755 ${D}/firmware |
| 130 | install -m 0644 ${B}/bin/* ${D}/firmware/ |
| 131 | } |
| 132 | |
| 133 | FILES:${PN} = "/firmware" |
| 134 | SYSROOT_DIRS += "/firmware" |
| 135 | |
| 136 | addtask deploy after do_install |
| 137 | do_deploy() { |
| 138 | cp -rf ${D}/firmware/* ${DEPLOYDIR}/ |
| 139 | } |
| 140 | |
| 141 | # Build paths are currently embedded |
| 142 | INSANE_SKIP:${PN} += "buildpaths" |