From 465ccad865631dadc7cd56889041f36e6e51e662 Mon Sep 17 00:00:00 2001 From: Daniel Brondani Date: Mon, 2 Sep 2024 10:44:51 +0200 Subject: [PATCH] [devtools] Add support for trustzone mode `secure-only` --- libs/rteutils/include/RteConstants.h | 2 + libs/rteutils/src/RteConstants.cpp | 1 + .../cbuildgen/config/AC6.6.16.2.cmake | 2 +- .../cbuildgen/config/CLANG.17.0.1.cmake | 2 +- .../cbuildgen/config/GCC.10.3.1.cmake | 2 +- .../cbuildgen/config/IAR.9.32.1.cmake | 2 +- tools/projmgr/schemas/common.schema.json | 4 +- .../trustzone.Debug+secure-only.cbuild.yml | 80 +++++++++++++++++++ .../ref/trustzone.Debug+secure-only.cprj | 31 +++++++ .../DeviceAttributes/solution.csolution.yml | 5 +- .../trustzone/secure-only.clayer.yml | 5 ++ .../trustzone/trustzone.cproject.yml | 6 ++ tools/projmgr/test/src/ProjMgrUnitTests.cpp | 2 +- 13 files changed, 136 insertions(+), 8 deletions(-) create mode 100644 tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cbuild.yml create mode 100644 tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cprj create mode 100644 tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/secure-only.clayer.yml diff --git a/libs/rteutils/include/RteConstants.h b/libs/rteutils/include/RteConstants.h index cd7c94d2a..8586fe131 100644 --- a/libs/rteutils/include/RteConstants.h +++ b/libs/rteutils/include/RteConstants.h @@ -158,6 +158,7 @@ class RteConstants static constexpr const char* YAML_BP_BTI = "bti"; static constexpr const char* YAML_BP_BTI_SIGNRET = "bti-signret"; static constexpr const char* YAML_TZ_SECURE = "secure"; + static constexpr const char* YAML_TZ_SECURE_ONLY = "secure-only"; static constexpr const char* YAML_TZ_NON_SECURE = "non-secure"; static constexpr const char* RTE_DFPU = "Dfpu"; @@ -181,6 +182,7 @@ class RteConstants static constexpr const char* RTE_ENDIAN_LITTLE = "Little-endian"; static constexpr const char* RTE_ENDIAN_CONFIGURABLE = "Configurable"; static constexpr const char* RTE_SECURE = "Secure"; + static constexpr const char* RTE_SECURE_ONLY = "Secure-only"; static constexpr const char* RTE_NON_SECURE = "Non-secure"; static constexpr const char* RTE_TZ_DISABLED = "TZ-disabled"; static constexpr const char* RTE_NO_TZ = "NO_TZ"; diff --git a/libs/rteutils/src/RteConstants.cpp b/libs/rteutils/src/RteConstants.cpp index 2d741949f..cfff5dc21 100644 --- a/libs/rteutils/src/RteConstants.cpp +++ b/libs/rteutils/src/RteConstants.cpp @@ -38,6 +38,7 @@ const StrPairVecMap RteConstants::DeviceAttributesValues = { { RTE_DENDIAN , {{ RTE_ENDIAN_BIG , YAML_ENDIAN_BIG }, { RTE_ENDIAN_LITTLE, YAML_ENDIAN_LITTLE }}}, { RTE_DSECURE , {{ RTE_SECURE , YAML_TZ_SECURE }, + { RTE_SECURE_ONLY , YAML_TZ_SECURE_ONLY }, { RTE_NON_SECURE , YAML_TZ_NON_SECURE }, { RTE_TZ_DISABLED , YAML_OFF }}}, { RTE_DBRANCHPROT, {{ RTE_BTI , YAML_BP_BTI }, diff --git a/tools/buildmgr/cbuildgen/config/AC6.6.16.2.cmake b/tools/buildmgr/cbuildgen/config/AC6.6.16.2.cmake index 46fdf79b7..819f671df 100644 --- a/tools/buildmgr/cbuildgen/config/AC6.6.16.2.cmake +++ b/tools/buildmgr/cbuildgen/config/AC6.6.16.2.cmake @@ -660,7 +660,7 @@ set(AS_GNU_BYTE_ORDER "${AS_BYTE_ORDER}") # C Pre-Processor -if(SECURE STREQUAL "Secure") +if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only") set(CC_SECURE "-mcmse") endif() diff --git a/tools/buildmgr/cbuildgen/config/CLANG.17.0.1.cmake b/tools/buildmgr/cbuildgen/config/CLANG.17.0.1.cmake index 298ce2db4..8e1ffbd68 100644 --- a/tools/buildmgr/cbuildgen/config/CLANG.17.0.1.cmake +++ b/tools/buildmgr/cbuildgen/config/CLANG.17.0.1.cmake @@ -369,7 +369,7 @@ endif() # C Pre-Processor -if(SECURE STREQUAL "Secure") +if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only") set(CC_SECURE "-mcmse") endif() diff --git a/tools/buildmgr/cbuildgen/config/GCC.10.3.1.cmake b/tools/buildmgr/cbuildgen/config/GCC.10.3.1.cmake index 1859db152..5d791f248 100644 --- a/tools/buildmgr/cbuildgen/config/GCC.10.3.1.cmake +++ b/tools/buildmgr/cbuildgen/config/GCC.10.3.1.cmake @@ -239,7 +239,7 @@ set(AS_GNU_BYTE_ORDER "${AS_BYTE_ORDER}") # C Pre-Processor -if(SECURE STREQUAL "Secure") +if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only") set(CC_SECURE "-mcmse") endif() diff --git a/tools/buildmgr/cbuildgen/config/IAR.9.32.1.cmake b/tools/buildmgr/cbuildgen/config/IAR.9.32.1.cmake index 4795650a8..57dbd11c6 100644 --- a/tools/buildmgr/cbuildgen/config/IAR.9.32.1.cmake +++ b/tools/buildmgr/cbuildgen/config/IAR.9.32.1.cmake @@ -272,7 +272,7 @@ cbuild_set_options_flags(ASM "${OPTIMIZE}" "${DEBUG}" "${WARNINGS}" "" ASM_OPTIO # C Pre-Processor -if(SECURE STREQUAL "Secure") +if(SECURE STREQUAL "Secure" OR SECURE STREQUAL "Secure-only") set(CC_SECURE "--cmse") endif() diff --git a/tools/projmgr/schemas/common.schema.json b/tools/projmgr/schemas/common.schema.json index 7fa61087e..7dccd68a9 100644 --- a/tools/projmgr/schemas/common.schema.json +++ b/tools/projmgr/schemas/common.schema.json @@ -444,8 +444,8 @@ ] }, "ProcessorTrustzone": { - "enum": [ "secure", "non-secure", "off" ], - "description": "Select TrustZone mode: secure | non-secure | off" + "enum": [ "secure", "secure-only", "non-secure", "off" ], + "description": "Select TrustZone mode: secure | secure-only | non-secure | off" }, "ProcessorFpu": { "enum": [ "dp", "sp", "off" ], diff --git a/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cbuild.yml b/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cbuild.yml new file mode 100644 index 000000000..94eac79fd --- /dev/null +++ b/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cbuild.yml @@ -0,0 +1,80 @@ +build: + generated-by: csolution version 0.0.0+g756bffa0 + solution: ../data/TestSolution/DeviceAttributes/solution.csolution.yml + project: ../data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml + context: trustzone.Debug+secure-only + compiler: AC6 + device: RteTest_ARMCM0 + device-pack: ARM::RteTest_DFP@0.2.0 + processor: + fpu: off + trustzone: secure-only + core: Cortex-M0 + packs: + - pack: ARM::RteTest_DFP@0.2.0 + path: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0 + define: + - ARMCM0 + - _RTE_ + define-asm: + - ARMCM0 + - _RTE_ + add-path: + - ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only + - ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include + add-path-asm: + - ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only + - ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include + output-dirs: + intdir: tmp/trustzone/secure-only/Debug + outdir: out/trustzone/secure-only/Debug + rtedir: ../data/TestSolution/DeviceAttributes/trustzone/RTE + output: + - type: elf + file: trustzone.axf + components: + - component: ARM::Device:Startup&RteTest Startup@2.0.3 + condition: ARMCM0 RteTest + from-pack: ARM::RteTest_DFP@0.2.0 + selected-by: Startup + files: + - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Device/ARM/ARMCM0/Include/ARMCM0.h + category: header + version: 2.0.3 + - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/https:/arm-software.github.io/CMSIS_5/Core_A/html/startup_c_pg.html + category: doc + version: 2.0.3 + - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/ARMCM0_ac6.sct + category: linkerScript + attr: config + version: 1.0.0 + - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/startup_ARMCM0.c + category: sourceC + attr: config + version: 2.0.3 + - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/system_ARMCM0.c + category: sourceC + attr: config + version: 1.0.0 + - component: ARM::RteTest:CORE@0.1.1 + condition: Cortex-M Device + from-pack: ARM::RteTest_DFP@0.2.0 + selected-by: CORE + files: + - file: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Doc/html/index.html + category: doc + version: 0.1.1 + linker: + script: ../data/TestSolution/DeviceAttributes/trustzone/RTE/Device/RteTest_ARMCM0/ARMCM0_ac6.sct + constructed-files: + - file: ../data/TestSolution/DeviceAttributes/trustzone/RTE/_Debug_secure-only/RTE_Components.h + category: header + licenses: + - license: + license-agreement: ${CMSIS_PACK_ROOT}/ARM/RteTest_DFP/0.2.0/Doc/license.txt + packs: + - pack: ARM::RteTest_DFP@0.2.0 + components: + - component: ::RteTest:CORE(API) + - component: ARM::Device:Startup&RteTest Startup@2.0.3 + - component: ARM::RteTest:CORE@0.1.1 diff --git a/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cprj b/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cprj new file mode 100644 index 000000000..5b0055d42 --- /dev/null +++ b/tools/projmgr/test/data/TestSolution/DeviceAttributes/ref/trustzone.Debug+secure-only.cprj @@ -0,0 +1,31 @@ + + + + + + Automatically generated project + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tools/projmgr/test/data/TestSolution/DeviceAttributes/solution.csolution.yml b/tools/projmgr/test/data/TestSolution/DeviceAttributes/solution.csolution.yml index 62eecc111..9478f34a9 100644 --- a/tools/projmgr/test/data/TestSolution/DeviceAttributes/solution.csolution.yml +++ b/tools/projmgr/test/data/TestSolution/DeviceAttributes/solution.csolution.yml @@ -40,6 +40,9 @@ solution: - type: secure processor: trustzone: secure + - type: secure-only + processor: + trustzone: secure-only - type: non-secure processor: trustzone: non-secure @@ -74,6 +77,6 @@ solution: - project: ./endian/endian.cproject.yml for-context: [+big, +little] - project: ./trustzone/trustzone.cproject.yml - for-context: [+secure, +non-secure, +tz-disabled] + for-context: [+secure, +secure-only, +non-secure, +tz-disabled] - project: ./branch-protection/branch-protection.cproject.yml for-context: [+bti, +bti-signret, +no-bp] diff --git a/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/secure-only.clayer.yml b/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/secure-only.clayer.yml new file mode 100644 index 000000000..866cc8b87 --- /dev/null +++ b/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/secure-only.clayer.yml @@ -0,0 +1,5 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/Open-CMSIS-Pack/devtools/main/tools/projmgr/schemas/clayer.schema.json + +layer: + processor: + trustzone: secure-only diff --git a/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml b/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml index 5e503c7e0..ea578a438 100644 --- a/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml +++ b/tools/projmgr/test/data/TestSolution/DeviceAttributes/trustzone/trustzone.cproject.yml @@ -10,6 +10,8 @@ project: layers: - layer: ./secure.clayer.yml for-context: +secure + - layer: ./secure-only.clayer.yml + for-context: +secure-only - layer: ./non-secure.clayer.yml for-context: +non-secure - layer: ./tz-disabled.clayer.yml @@ -20,6 +22,10 @@ project: for-context: +secure processor: trustzone: secure + - setup: secure-only + for-context: +secure-only + processor: + trustzone: secure-only - setup: non-secure for-context: +non-secure processor: diff --git a/tools/projmgr/test/src/ProjMgrUnitTests.cpp b/tools/projmgr/test/src/ProjMgrUnitTests.cpp index 9914e7960..e2964fdc6 100644 --- a/tools/projmgr/test/src/ProjMgrUnitTests.cpp +++ b/tools/projmgr/test/src/ProjMgrUnitTests.cpp @@ -5436,7 +5436,7 @@ TEST_F(ProjMgrUnitTests, DeviceAttributes) { {"dsp", {"+dsp", "+no-dsp"}}, {"mve", {"+mve-fp", "+mve-int", "+no-mve"}}, {"endian", {"+big", "+little"}}, - {"trustzone", {"+secure", "+non-secure", "+tz-disabled"}}, + {"trustzone", {"+secure", "+secure-only", "+non-secure", "+tz-disabled"}}, {"branch-protection", {"+bti","+bti-signret", "+no-bp"}} }; char* argv[7];