Versions Compared

Version Old Version 4 New Version 5
Changes made by

Kevin Townsend

Kevin Townsend

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Improvements for readability

Based This guide walks you through the process of builidng TF-M secure and non-secure binaries, merging them outputs into a single file, and running the resulting firmware image in QEMU 4.0.

The tutorial is based on the upstream TF-M code at https://git.trustedfirmware.org/trusted-firmware-m.git/

...

For system requirements to build TF-M, see `tfm_build_instruction.txt` in the `docs` folder (system setup is out of scope for this guide).

Build TF-M binaries

Tested Test with : GNU GCC 7.3.1 (7-2018-q2-update)

...

and TF-M hash `88661e56612d51811b6ea7b14ae6467128967bb2`.

Info

The commands below will build a debug binary with no bootloader (`-DBL2=false`).

...

The first step is to build the secure and non-secure binaries using the ConfigRegression project config:

Code Block
languagebash
titleBuilding TF-M Binaries
$ cd trusted-firmware-m
$ mkdir build && cd build
$ cmake -G"Unix Makefiles" -DPROJ_CONFIG=`readlink -f ../ConfigRegression.cmake` \
-DTARGET_PLATFORM=AN521 -DBL2=false -DCMAKE_BUILD_TYPE=Debug -DCOMPILER=GNUARM ../
$ cmake --build ./


Info

The commands above will build a debug binary with no bootloader (`-DBL2=false`).


Info

If building on OS X, you need to install the coreutils package via `$ brew install coreutils` and replace `readlink` below with `greadlink`.

Merging `tfm_s.axf` and `tfm_ns.axf`

Builds that include the bootloader result in a `tfm_full.bin` file in the build folder, as well as a version signed by `imgtool.py` for use with mcu-boot

When building without the bootloader (`-DBL2=false`), however, we need to merge the secure and normal .axf files ourselves:

...

Info

If `srec_cat` isn't already available on your system you can install it via `$ sudo apt-get install srecord` on Ubuntu or `$ brew install srecord` on OS X.

QEMU

...

ARMv8 support was added to QEMU 4.0, along with `machine` support for the Musca and MPS2 development boards.

...

If you have an older version, see the appendix in this document on how to build QEMU from source.

Running in QEMU

Tested using qemu 4.0.0 release (required for ARMv8 support), and MPS2 `AN521` as a machine target.

...

Code Block
languagebash
[Sec Thread] Secure image initializing!

#### Execute test suites for the Secure area ####


Running Test Suite PSA protected storage S interface tests (TFM_SST_TEST_2XXX)...
> Executing 'TFM_SST_TEST_2001'
Description: 'Set interface'
TEST PASSED!

> Executing 'TFM_SST_TEST_2002'
Description: 'Set interface with create flags'
...

Debugging with QEMU

Tested using qemu 4.0.0 release (required for ARMv8 support), and MPS2 `AN521` as a machine target.

...

Code Block
languagebash
$ gdb -s app/tfm_ns.axf -ex "target remote tcp:localhost:1234"
(gdb) break main
Breakpoint 1 at 0x10111c: file /Users/kevin/Dropbox/linaro/code/tfm/trusted-firmware-m/app/main_ns.c, line 115.
(gdb) layout asm
(gdb) continue

Appendix: Building QEMU from source (Optional)

Depending on your platform or distro you may need to build QEMU from source.

...