Hi Antonio,
I'm not sure if this helps, but here is an example of how we sign the binaries for the MPS2 AN521, for example, after building the TF-M and Zephyr NS images, plus MCUBoot:
https://github.com/zephyrproject-rtos/zephyr/blob/966015f503d1438c25d5979376...
Best regards, Kevin
On Fri, 13 Nov 2020 at 16:19, Antonio Ken IANNILLO via TF-M < tf-m@lists.trustedfirmware.org> wrote:
Hi all,
I abandoned the idea to build at once tf-m and zephyr and switched to separated compilations.
Now, I have both secure and non-secure binaries but I’m not sure how to concatenate and sign them.
I found the assemble.py script but I don’t know whether it is the correct one or where to find the signing_layout.
To be more specific, for my current target musca-a (going to switch to musca-s as soon as it arrives):
- I built TF-M
- I imported and included in my zephyr application both libpsa_api_ns.a
and libtfm_s_veneers.a
- I build my zephyr application
Now (I suppose) I have to
- merge zephyr.bin with tfm_s.bin
- sign the merged binary
- concatenate with bl2
I could not find any reference how to correctly do these last steps.
Best,
--
*Antonio Ken Iannillo*
Research Scientist – SEDAN group
SnT – Interdisciplinary Centre for Security, Reliability and Trust
UNIVERSITÉ DU LUXEMBOURG
CAMPUS KIRCHBERG 29, avenue John F. Kennedy L-1855 Luxembourg Kirchberg T +352 46 66 44 9660
Join the conversation
News https://wwwen.uni.lu/snt/news_events | Twitter https://twitter.com/SnT_uni_lu | Linkedin https://www.linkedin.com/school/snt-lu/
www.uni.lu/snt
TF-M mailing list TF-M@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-m