1. Select and set up build environments

TF-M officially supports a limited set of build environments and setups. In this context, official support means that the environments listed below are actively used by team members and active developers, hence users should be able to recreate the same configurations by following the instructions described below. In case of problems, the TF-M team provides support only for these environments, but building in other environments can still be possible.

The following environments are supported:

LinuxWindows

1. version supported:

   Ubuntu 18.04 x64+

2. install dependencies:

sudo apt-get install -y git curl wget build-essential libssl-dev python3 \
python3-pip cmake make

3. verify cmake version:

cmake --version

Note

Please download cmake 3.15 or later version from https://cmake.org/download/.

4. add CMake path into environment:

export PATH=<CMake path>/bin:$PATH

2. Install python dependencies

Clone the TF-M source code, and then install the TF-M’s additional Python dependencies.

LinuxWindows

1. get the TF-M source code:

cd <base folder>
git clone https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git

2. TF-M’s tools/requirements.txt file declares additional Python dependencies. Install them with pip3:

pip3 install --upgrade pip
cd trusted-firmware-m
pip3 install -r tools/requirements.txt

3. Install a toolchain

To compile TF-M code, at least one of the supported compiler toolchains have to be available in the build environment. The currently supported compiler versions are:

• Arm Compiler v6.10.1+

  LinuxWindows

  • Download the standalone packages from here.

  • Add Arm Compiler into environment:

    export PATH=<ARM_CLANG_PATH>/sw/ARMCompiler6.10.1/bin:$PATH
    export ARM_PRODUCT_PATH=<ARM_CLANG_PATH>/sw/mappings
    

  Note

  ArmClang compiler v6.17 may cause MemManage fault in TF-M higher level isolations. The issue is under investigation and recommended to avoid using this version.

• GNU Arm compiler v7.3.1+

  LinuxWindows

  • Download the GNU Arm compiler from here.

  • Add GNU Arm into environment:

    export PATH=<GNU_ARM_PATH>/bin:$PATH
    

  Note

  GNU Arm compiler version 10-2020-q4-major has an issue in CMSE support. The bug is reported in here. Select other GNU Arm compiler versions instead.

• IAR Arm compiler v8.42.x, v8.50.x

  LinuxWindows

  • Download IAR build tools from here.

  • Add IAR Arm compiler into environment:

    export PATH=<IAR_COMPILER_PATH>/bin:$PATH
    

4. Build AN521 regression sample

Here, we take building TF-M for AN521 platform with regression tests using GCC as an example:

LinuxWindows

cd trusted-firmware-m
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DCMAKE_BUILD_TYPE=Debug -DTEST_S=ON -DTEST_NS=ON
cmake --build cmake_build -- install

Alternately using traditional cmake syntax

cd trusted-firmware-m
mkdir cmake_build
cd cmake_build
cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake -DTEST_S=ON -DTEST_NS=ON
make install

5. Run AN521 regression sample

Run the sample code on SSE-200 Fast-Model, using FVP_MPS2_AEMv8M provided by Arm Development Studio.

Note

Arm Development Studio is not essential to develop TF-M, you can skip this section if don’t want to try on Arm develop boards.

LinuxWindows

1. install Arm Development Studio to get the fast-model.

   Download Arm Development Studio from here.

2. Add bl2.axf and tfm_s_ns_signed.bin to symbol files in Debug Configuration menu.

<DS_PATH>/sw/models/bin/FVP_MPS2_AEMv8M  \
--parameter fvp_mps2.platform_type=2 \
--parameter cpu0.baseline=0 \
--parameter cpu0.INITVTOR_S=0x10000000 \
--parameter cpu0.semihosting-enable=0 \
--parameter fvp_mps2.DISABLE_GATING=0 \
--parameter fvp_mps2.telnetterminal0.start_telnet=1 \
--parameter fvp_mps2.telnetterminal1.start_telnet=0 \
--parameter fvp_mps2.telnetterminal2.start_telnet=0 \
--parameter fvp_mps2.telnetterminal0.quiet=0 \
--parameter fvp_mps2.telnetterminal1.quiet=1 \
--parameter fvp_mps2.telnetterminal2.quiet=1 \
--application cpu0=<build_dir>/bin/bl2.axf \
--data cpu0=<build_dir>/bin/tfm_s_ns_signed.bin@0x10080000

After completing the procedure you should see the following messages on the DAPLink UART (baud 115200 8n1):

[INF] Starting bootloader
[INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
[INF] Scratch: magic=bad, copy_done=0x5, image_ok=0x9
[INF] Boot source: primary slot
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x20000
[INF] Jumping to the first image slot
[Sec Thread] Secure image initializing!

#### Execute test suites for the protected storage service ####
Running Test Suite PS secure interface tests (TFM_PS_TEST_2XXX)...
> Executing 'TFM_PS_TEST_2001'
  Description: 'Create interface'
  TEST PASSED!
> Executing 'TFM_PS_TEST_2002'
  Description: 'Get handle interface (DEPRECATED)'
This test is DEPRECATED and the test execution was SKIPPED
  TEST PASSED!
> Executing 'TFM_PS_TEST_2003'
  Description: 'Get handle with null handle pointer (DEPRECATED)'
This test is DEPRECATED and the test execution was SKIPPED
  TEST PASSED!
> Executing 'TFM_PS_TEST_2004'
  Description: 'Get attributes interface'
  TEST PASSED!
> Executing 'TFM_PS_TEST_2005'
  Description: 'Get attributes with null attributes struct pointer'
....

6. Tool & Dependency overview

To build the TF-M firmware the following tools are needed:

• C compiler of supported toolchains

• CMake version 3.15 or later

• Git

• gmake, aka GNU Make

• Python v3.x

• a set of python modules listed in tools/requiremtns.txt

6.1. Dependency chain

7. Next steps

Here are some next steps for exploring TF-M:

• Detailed Build instructions.

• IAR Build instructions.

• Try other Samples and Demos.

• Documentation generation.

---

Copyright (c) 2017-2021, Arm Limited. All rights reserved.