[devtools] Add support for trustzone mode secure-only

libs/rteutils/include/RteConstants.h

@@ -158,6 +158,7 @@ class RteConstants
   static constexpr const char* YAML_BP_BTI = "bti";
   static constexpr const char* YAML_BP_BTI_SIGNRET = "bti-signret";
   static constexpr const char* YAML_TZ_SECURE = "secure";
+  static constexpr const char* YAML_TZ_SECURE_ONLY = "secure-only";
   static constexpr const char* YAML_TZ_NON_SECURE = "non-secure";
 
   static constexpr const char* RTE_DFPU = "Dfpu";
@@ -181,6 +182,7 @@ class RteConstants
   static constexpr const char* RTE_ENDIAN_LITTLE = "Little-endian";
   static constexpr const char* RTE_ENDIAN_CONFIGURABLE = "Configurable";
   static constexpr const char* RTE_SECURE = "Secure";
+  static constexpr const char* RTE_SECURE_ONLY = "Secure-only";
   static constexpr const char* RTE_NON_SECURE = "Non-secure";
   static constexpr const char* RTE_TZ_DISABLED = "TZ-disabled";
   static constexpr const char* RTE_NO_TZ = "NO_TZ";

libs/rteutils/src/RteConstants.cpp

@@ -38,6 +38,7 @@ const StrPairVecMap RteConstants::DeviceAttributesValues = {
   { RTE_DENDIAN    , {{ RTE_ENDIAN_BIG   , YAML_ENDIAN_BIG     },
                       { RTE_ENDIAN_LITTLE, YAML_ENDIAN_LITTLE  }}},
   { RTE_DSECURE    , {{ RTE_SECURE       , YAML_TZ_SECURE      },
+                      { RTE_SECURE_ONLY  , YAML_TZ_SECURE_ONLY },
                       { RTE_NON_SECURE   , YAML_TZ_NON_SECURE  },
                       { RTE_TZ_DISABLED  , YAML_OFF            }}},
   { RTE_DBRANCHPROT, {{ RTE_BTI          , YAML_BP_BTI         },

tools/buildmgr/cbuildgen/config/AC6.6.16.2.cmake

@@ -660,7 +660,7 @@ set(AS_GNU_BYTE_ORDER "${AS_BYTE_ORDER}")
 
 # C Pre-Processor
 
-if(SECURE STREQUAL "Secure")
+if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only")
   set(CC_SECURE "-mcmse")
 endif()
 

tools/buildmgr/cbuildgen/config/CLANG.17.0.1.cmake

@@ -369,7 +369,7 @@ endif()
 
 # C Pre-Processor
 
-if(SECURE STREQUAL "Secure")
+if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only")
   set(CC_SECURE "-mcmse")
 endif()
 

tools/buildmgr/cbuildgen/config/GCC.10.3.1.cmake

@@ -239,7 +239,7 @@ set(AS_GNU_BYTE_ORDER "${AS_BYTE_ORDER}")
 
 # C Pre-Processor
 
-if(SECURE STREQUAL "Secure")
+if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only")
   set(CC_SECURE "-mcmse")
 endif()
 

tools/buildmgr/cbuildgen/config/IAR.9.32.1.cmake

@@ -272,7 +272,7 @@ cbuild_set_options_flags(ASM "${OPTIMIZE}" "${DEBUG}" "${WARNINGS}" "" ASM_OPTIO
 
 # C Pre-Processor
 
-if(SECURE STREQUAL "Secure")
+if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only")
   set(CC_SECURE "--cmse")
 endif()
 

tools/projmgr/schemas/common.schema.json

@@ -444,8 +444,8 @@
       ]
     },
     "ProcessorTrustzone": {
-      "enum": [ "secure", "non-secure", "off" ],
-      "description": "Select TrustZone mode: secure | non-secure | off"
+      "enum": [ "secure", "secure-only", "non-secure", "off" ],
+      "description": "Select TrustZone mode: secure | secure-only | non-secure | off"
     },
     "ProcessorFpu": {
       "enum": [ "dp", "sp", "off" ],

tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cbuild.yml

@@ -0,0 +1,80 @@
+build:
+  generated-by: csolution version 0.0.0+g756bffa0
+  solution: ../data/TestSolution/DeviceAttributes/solution.csolution.yml
+  project: ../data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml
+  context: trustzone.Debug+secure-only
+  compiler: AC6
+  device: RteTest_ARMCM0
+  device-pack: ARM::[email protected]
+  processor:
+    fpu: off
+    trustzone: secure-only
+    core: Cortex-M0
+  packs:
+    - pack: ARM::[email protected]
+      path: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0
+  define:
+    - ARMCM0
+    - _RTE_
+  define-asm:
+    - ARMCM0
+    - _RTE_
+  add-path:
+    - ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only
+    - ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include
+  add-path-asm:
+    - ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only
+    - ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include
+  output-dirs:
+    intdir: tmp/trustzone/secure-only/Debug
+    outdir: out/trustzone/secure-only/Debug
+    rtedir: ../data/TestSolution/DeviceAttributes/trustzone/RTE
+  output:
+    - type: elf
+      file: trustzone.axf
+  components:
+    - component: ARM::Device:Startup&RteTest [email protected]
+      condition: ARMCM0 RteTest
+      from-pack: ARM::[email protected]
+      selected-by: Startup
+      files:
+        - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include/ARMCM0.h
+          category: header
+          version: 2.0.3
+        - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/https:/arm-software.github.io/CMSIS_5/Core_A/html/startup_c_pg.html
+          category: doc
+          version: 2.0.3
+        - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/ARMCM0_ac6.sct
+          category: linkerScript
+          attr: config
+          version: 1.0.0
+        - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/startup_ARMCM0.c
+          category: sourceC
+          attr: config
+          version: 2.0.3
+        - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/system_ARMCM0.c
+          category: sourceC
+          attr: config
+          version: 1.0.0
+    - component: ARM::RteTest:[email protected]
+      condition: Cortex-M Device
+      from-pack: ARM::[email protected]
+      selected-by: CORE
+      files:
+        - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Doc/html/index.html
+          category: doc
+          version: 0.1.1
+  linker:
+    script: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/ARMCM0_ac6.sct
+  constructed-files:
+    - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only/RTE_Components.h
+      category: header
+  licenses:
+    - license: <unknown>
+      license-agreement: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Doc/license.txt
+      packs:
+        - pack: ARM::[email protected]
+      components:
+        - component: ::RteTest:CORE(API)
+        - component: ARM::Device:Startup&RteTest [email protected]
+        - component: ARM::RteTest:[email protected]

tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cprj

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
+<cprj schemaVersion="2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="CPRJ.xsd">
+  <created timestamp="2024-08-30T11:44:04" tool="csolution 0.0.0+g756bffa0"/>
+
+  <info isLayer="false">
+    <description>Automatically generated project</description>
+  </info>
+
+  <packages>
+    <package name="RteTest_DFP" vendor="ARM" version="0.2.0:0.2.0"/>
+  </packages>
+
+  <compilers>
+    <compiler name="AC6" version="6.18.0"/>
+  </compilers>
+
+  <target Dfpu="NO_FPU" Dname="RteTest_ARMCM0" Dsecure="Secure-only" Dvendor="ARM:82">
+    <output elf="trustzone.axf" intdir="tmp/trustzone/secure-only/Debug" name="trustzone" outdir="out/trustzone/secure-only/Debug" rtedir="../data/TestSolution/DeviceAttributes/trustzone/RTE" type="exe"/>
+    <ldflags compiler="AC6" file="../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/ARMCM0_ac6.sct"/>
+  </target>
+
+  <components>
+    <component Cclass="Device" Cgroup="Startup" Cvariant="RteTest Startup" Cvendor="ARM" Cversion="2.0.3">
+      <file attr="config" category="linkerScript" name="Device/ARM/ARMCM0/Source/ARM/ARMCM0_ac6.sct" version="1.0.0"/>
+      <file attr="config" category="sourceC" name="Device/ARM/ARMCM0/Source/startup_ARMCM0.c" version="2.0.3"/>
+      <file attr="config" category="sourceC" name="Device/ARM/ARMCM0/Source/system_ARMCM0.c" version="1.0.0"/>
+    </component>
+    <component Cclass="RteTest" Cgroup="CORE" Cvendor="ARM" Cversion="0.1.1"/>
+  </components>
+</cprj>
+

tools/projmgr/test/data/TestSolution/DeviceAttributes/solution.csolution.yml

@@ -40,6 +40,9 @@ solution:
     - type: secure
       processor:
         trustzone: secure
+    - type: secure-only
+      processor:
+        trustzone: secure-only
     - type: non-secure
       processor:
         trustzone: non-secure
@@ -74,6 +77,6 @@ solution:
     - project: ./endian/endian.cproject.yml
       for-context: [+big, +little]
     - project: ./trustzone/trustzone.cproject.yml
-      for-context: [+secure, +non-secure, +tz-disabled]
+      for-context: [+secure, +secure-only, +non-secure, +tz-disabled]
     - project: ./branch-protection/branch-protection.cproject.yml
       for-context: [+bti, +bti-signret, +no-bp]

tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/secure-only.clayer.yml

@@ -0,0 +1,5 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/Open-CMSIS-Pack/devtools/main/tools/projmgr/schemas/clayer.schema.json
+
+layer:
+  processor:
+    trustzone: secure-only

tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml

@@ -10,6 +10,8 @@ project:
   layers:
     - layer: ./secure.clayer.yml
       for-context: +secure
+    - layer: ./secure-only.clayer.yml
+      for-context: +secure-only
     - layer: ./non-secure.clayer.yml
       for-context: +non-secure
     - layer: ./tz-disabled.clayer.yml
@@ -20,6 +22,10 @@ project:
       for-context: +secure
       processor:
         trustzone: secure
+    - setup: secure-only
+      for-context: +secure-only
+      processor:
+        trustzone: secure-only
     - setup: non-secure
       for-context: +non-secure
       processor:

tools/projmgr/test/src/ProjMgrUnitTests.cpp

@@ -5436,7 +5436,7 @@ TEST_F(ProjMgrUnitTests, DeviceAttributes) {
     {"dsp", {"+dsp", "+no-dsp"}},
     {"mve", {"+mve-fp", "+mve-int", "+no-mve"}},
     {"endian", {"+big", "+little"}},
-    {"trustzone", {"+secure", "+non-secure", "+tz-disabled"}},
+    {"trustzone", {"+secure", "+secure-only", "+non-secure", "+tz-disabled"}},
     {"branch-protection", {"+bti","+bti-signret", "+no-bp"}}
   };
   char* argv[7];