cmake: tfm: support for custom CMake args when building TF-M #34868
Conversation
|
@tejlmand this PR has some interest for me. Any concerns on having it for DV2.6.0? |
modules/trusted-firmware-m/Kconfig
Outdated
| config TFM_EXTRA_CMAKE_ARGS | ||
| string |
There was a problem hiding this comment.
This is not an optimal solution.
While it does solve some problems, it also carries some side-effects.
Namely that if moduleA needs to pass -DFOO=bar and thus creates:
# Kconfig.moduleA
config TFM_EXTRA_CMAKE_ARGS
string
default "-DFOO=bar"
and moduleB needs to pass -DBAR=foo with:
# Kconfig.moduleA
config TFM_EXTRA_CMAKE_ARGS
string
default "-DBAR=foo"
then only one of the values will be passed to TF-M.
Now, as long as either module A or module B is used, things will be fine, but if both are in use, this will break.
So this must be used with care.
I would prefer a cleaner and scalable solution, but could require some rework on how ExternalProject is used, cause the problem in the external project is how it handles generator expressions containing lists.
There was a problem hiding this comment.
@tejlmand I'm getting your point. Though, I think even with the limitation you mention, this feature is better than having users trying to hack modules/trusted-firmware-m/CMakeLists.txt to pass their custom TFM arguments (what I did with varying results)
Isn't possible that possible to state that for now, this should be defined only in one place ?
There was a problem hiding this comment.
I had the same argument, actually. We can keep working in the mean time to make this better. Otherwise we just keep defining explicit Kconfig options for the corresponding cmake arguments we want to pass
There was a problem hiding this comment.
Please note also that, in case of the "user hacks CMakeLists.txt" case, trying to identify if the arguments are correctly passed to TFM is not the easiest thing.
So having a validated method, even with limitation, is really a thing we miss.
There was a problem hiding this comment.
@tejlmand would an EXTRA_TFM_CMAKE_ARGS cmake list work for what you had in mind.
There was a problem hiding this comment.
@tejlmand, done, please take a look.
There was a problem hiding this comment.
FYI: Splitting between a "master" Kconfig and a "vendor" Kconfig has been discussed by me and @tejlmand offline... It helps a little, but it doesn't "solve it"
There was a problem hiding this comment.
Changed to use a cmake list instead, so adding from multiple places should now work fine.
set_property(GLOBAL APPEND PROPERTY EXTRA_TFM_CMAKE_ARGS -DFOO=bar)
There was a problem hiding this comment.
@oyvindronningstad problem with this approach is that it is introducing Zephyr module cmake order processing dependencies.
There was a problem hiding this comment.
I understand that this is undesirable
c132634 to
00b755d
Compare
|
@erwango can you check if this would work for your case? |
This is working but definitely requires some documentation. |
00b755d to
7515a77
Compare
|
@erwango Please re-visit. @ioannisg @oyvindronningstad I have pushed a proper solution which:
Any CMake file can now append additional CMake arguments to the TF-M build by appending to the This can be done as: |
|
@tejlmand Equally working and as average user I'd still need extra documentation |
7515a77 to
a7f4b30
Compare
|
@tejlmand Maybe I've been too fast. Is it me only ? I'm running: |
|
@oyvindronningstad I experiences CI failures here:
but if I go back to ef5ed3f and build the same sample, it already fails there: So seems the CI failure is unrelated to this PR. mps2_an521_nonsecure is valid board: |
ee53f63 to
f00e51b
Compare
Done |
| @@ -36,6 +36,11 @@ set(TFM_VALID_PARTITIONS | |||
| # TF-M regression tests | |||
| # BL2: Boolean if the TF-M build uses MCUboot. Default: True | |||
| # ENABLED_PARTITIONS: List of TFM partitions to enable. | |||
| # CMAKE_ARGS: Additional CMake flags to be used when building TF-M | |||
There was a problem hiding this comment.
well, this is the description of the function: trusted_firmware_build()
So from the point of view of that function, it's just CMake args.
You could ideally use that function from other locations.
But when called from the internal Zephyr build here: https://github.com/ioannisg/zephyr/blob/b6678723a282a99e62aebbc62570e37748c03df9/modules/trusted-firmware-m/CMakeLists.txt#L321
CMAKE_ARGS $<GENEX_EVAL:$<TARGET_PROPERTY:zephyr_property_target,TFM_CMAKE_OPTIONS>>
you may consider it custom args.
9f8bc71 to
b667872
Compare
Fixed. There was both lost arguments from conflict resolving, and then a bad gnuarmemb compiler causing local failures. |
This commit allows a subsystem to specify additional CMake flags to be given to the TF-M build. The additional CMake flags can be provided through the TFM_CMAKE_OPTIONS property on the zephyr_property_target. Using the zephyr_property_target allows Zephyr modules to append extra TFM_CMAKE_OPTIONS regardless of the CMake processing order. It splits the ExternalProject_Add into a two step process with the CMake invocation executed using add_custom_target() and the build process using ExternalProject_Add(). The reason for this split is because CMake generator expressions passed through ExternalProject_Add to CMake will quoted so that `$<TARGET_PROPERTY:<tgt>,<prop>>` becomes `"-DFOO=bar -DBAR=foo"` instead of `-DFOO=bar -DBAR=foo` which again results in CMake failures. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
b667872 to
1e72fdc
Compare
I'm seeing the same here, with the latest code. It doesn't find GCC, and seems to fall back to the default C compiler on my system (using OS X here): $ ./scripts/twister -p mps2_an521_nonsecure -N --inline-logs -s samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test
...
[2/5] Building C object CMakeFiles/TargetConfigGen.dir/Users/kevin/Linaro/zephyr/zephyr/twister-out/mps2_an521_nonsecure/samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test/tfm/app/psa_api_tests/targetConfigGen.c.o
FAILED: CMakeFiles/TargetConfigGen.dir/Users/kevin/Linaro/zephyr/zephyr/twister-out/mps2_an521_nonsecure/samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test/tfm/app/psa_api_tests/targetConfigGen.c.o
/Library/Developer/CommandLineTools/usr/bin/cc -I/Users/kevin/Linaro/zephyr/modules/tee/tfm/psa-arch-tests/api-tests/val/nspe -I/Users/kevin/Linaro/zephyr/modules/tee/tfm/psa-arch-tests/api-tests/val/common -I/Users/kevin/Linaro/zephyr/modules/tee/tfm/psa-arch-tests/api-tests/platform/targets/common/nspe -I/Users/kevin/Linaro/zephyr/modules/tee/tfm/psa-arch-tests/api-tests/platform/targets/common/nspe/crypto -I/Users/kevin/Linaro/zephyr/modules/tee/tfm/psa-arch-tests/api-tests/platform/targets/tgt_dev_apis_tfm_an521/nspe -arch arm64 -o CMakeFiles/TargetConfigGen.dir/Users/kevin/Linaro/zephyr/zephyr/twister-out/mps2_an521_nonsecure/samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test/tfm/app/psa_api_tests/targetConfigGen.c.o -c /Users/kevin/Linaro/zephyr/zephyr/twister-out/mps2_an521_nonsecure/samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test/tfm/app/psa_api_tests/targetConfigGen.c
/Users/kevin/Linaro/zephyr/zephyr/twister-out/mps2_an521_nonsecure/samples/tfm_integration/tfm_psa_test/sample.tfm.psa_internal_trusted_storage_test/tfm/app/psa_api_tests/targetConfigGen.c:1:10: fatal error: 'stdio.h' file not found
#include <stdio.h>
^~~~~~~~~You're using the zephyr SDK on Linux, I imagine? |
|
The compiler reference issue seems to be specific to I get the same behaviour on master, though, so it isn't specific to this PR. |
yes, the use of the host compiler is caused by this: Where the compiler is not passed on, but a C compiler is being looked up here: so that actually mean there is some undocumented requirements when using TF-M. |
|
@tejlmand The |
Follow-up: zephyrproject-rtos#34868 The CMAKE_ARGS was accidentally lost during work on zephyrproject-rtos#34868. This commit fixes that by re-adding `CMAKE_ARGS` as multi value arg. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
... trusted_firmware_build Follow-up: zephyrproject-rtos#34868 The CMAKE_ARGS was accidentally lost during work on zephyrproject-rtos#34868. This commit fixes that by re-adding `CMAKE_ARGS` as multi value arg. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Fixes: zephyrproject-rtos#36101 The move of CMake invocation to a dedicated custom target, see zephyrproject-rtos#34868 results in tfm_cmake to always be considered out-of-date, causing CMake to be reinvoked in the TF-M Binary dir, which again results in the build command to rebuild. This commit moves the invocation to a custom command with the CMakeCache.txt as output. The custom target tfm_cmake is updated to depend on CMakeCache.txt. This mean that CMake for TF-M will only be invoked inside the Zephyr build command if that file is missing. If the CMakeCache.txt file is updated or TF-M CMake or source code is modified, then the build command inside the TF-M build folder will ensure correct re-run of CMake from within the TF-M build folder. This ensures that TF-M will still rebuild if TF-M code is modified, while at the same time avoid unnecessary rebuilds of TF-M code. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Fixes: #36101 The move of CMake invocation to a dedicated custom target, see #34868 results in tfm_cmake to always be considered out-of-date, causing CMake to be reinvoked in the TF-M Binary dir, which again results in the build command to rebuild. This commit moves the invocation to a custom command with the CMakeCache.txt as output. The custom target tfm_cmake is updated to depend on CMakeCache.txt. This mean that CMake for TF-M will only be invoked inside the Zephyr build command if that file is missing. If the CMakeCache.txt file is updated or TF-M CMake or source code is modified, then the build command inside the TF-M build folder will ensure correct re-run of CMake from within the TF-M build folder. This ensures that TF-M will still rebuild if TF-M code is modified, while at the same time avoid unnecessary rebuilds of TF-M code. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
... trusted_firmware_build Follow-up: zephyrproject-rtos#34868 The CMAKE_ARGS was accidentally lost during work on zephyrproject-rtos#34868. This commit fixes that by re-adding `CMAKE_ARGS` as multi value arg. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> (cherry picked from commit b8ad3c4)
This commit allows a subsystem to specify additional CMake flags to be
given to the TF-M build.
The additional CMake flags can be provided through the TFM_CMAKE_OPTIONS
property on the zephyr_property_target.
Using the zephyr_property_target allows Zephyr modules to append extra
TFM_CMAKE_OPTIONS regardless of the CMake processing order.
It splits the ExternalProject_Add into a two step process with the CMake
invocation executed using add_custom_target() and the build process
using ExternalProject_Add(). The reason for this split is because CMake
generator expressions passed through ExternalProject_Add to CMake will
quoted so that
$<TARGET_PROPERTY:<tgt>,<prop>>becomes"-DFOO=bar -DBAR=foo"instead of-DFOO=bar -DBAR=foowhich againresults in CMake failures.
Signed-off-by: Torsten Rasmussen Torsten.Rasmussen@nordicsemi.no
Signed-off-by: Ioannis Glaropoulos Ioannis.Glaropoulos@nordicsemi.no