Hi Antonio,

I'm not sure if this helps, but here is an example of how we sign the binaries for the MPS2 AN521, for example, after building the TF-M and Zephyr NS images, plus MCUBoot:

https://github.com/zephyrproject-rtos/zephyr/blob/966015f503d1438c25d59793762495452be5ebbc/boards/arm/mps2_an521/CMakeLists.txt

Best regards,
Kevin

On Fri, 13 Nov 2020 at 16:19, Antonio Ken IANNILLO via TF-M <tf-m@lists.trustedfirmware.org> wrote:

Hi all,

I abandoned the idea to build at once tf-m and zephyr and switched to separated compilations.

Now, I have both secure and non-secure binaries but I’m not sure how to concatenate and sign them.

I found the assemble.py script but I don’t know whether it is the correct one or where to find the signing_layout.

 

To be more specific, for my current target musca-a (going to switch to musca-s as soon as it arrives):

  • I built TF-M
  • I imported and included in my zephyr application both libpsa_api_ns.a and libtfm_s_veneers.a
  • I build my zephyr application

Now (I suppose) I have to

  • merge zephyr.bin with tfm_s.bin
  • sign the merged binary
  • concatenate with bl2

I could not find any reference how to correctly do these last steps.

 

Best,

-- 

Antonio Ken Iannillo

Research ScientistSEDAN group

SnT – Interdisciplinary Centre for Security, Reliability and Trust

UNIVERSITÉ DU LUXEMBOURG

 

CAMPUS KIRCHBERG
29, avenue John F. Kennedy 
L-1855 Luxembourg Kirchberg
T +352 46 66 44 9660

 

Join the conversation

News | Twitter | Linkedin

www.uni.lu/snt

--
TF-M mailing list
TF-M@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-m