From e0126ff4e818936fa61967d46d8f4f8d5307c7c1 Mon Sep 17 00:00:00 2001
From: Daniel Fedai Larsen <daniel@aminacharging.com>
Date: Fri, 5 Jul 2024 13:14:11 +0200
Subject: [PATCH 1/2] Add support for building for HAB for i.MX RT targets

---
 Makefile                              | 10 ++++-
 config/examples/imx-rt1060_hab.config | 33 ++++++++++++++
 docs/Targets.md                       |  4 ++
 hal/imx_rt_hab.ld                     | 62 +++++++++++++++++++++++++++
 4 files changed, 108 insertions(+), 1 deletion(-)
 create mode 100644 config/examples/imx-rt1060_hab.config
 create mode 100644 hal/imx_rt_hab.ld

diff --git a/Makefile b/Makefile
index ae7b0be4b..c2ab0cc39 100644
--- a/Makefile
+++ b/Makefile
@@ -17,7 +17,15 @@ LDFLAGS:=
 SECURE_LDFLAGS:=
 LD_START_GROUP:=-Wl,--start-group
 LD_END_GROUP:=-Wl,--end-group
-LSCRIPT_IN:=hal/$(TARGET).ld
+ifeq ($(TARGET),imx_rt)
+	ifeq ($(TARGET_IMX_HAB),1)
+		LSCRIPT_IN:=hal/$(TARGET)_hab.ld
+	else
+		LSCRIPT_IN:=hal/$(TARGET).ld
+	endif
+else
+	LSCRIPT_IN:=hal/$(TARGET).ld
+endif
 V?=0
 DEBUG?=0
 DEBUG_UART?=0
diff --git a/config/examples/imx-rt1060_hab.config b/config/examples/imx-rt1060_hab.config
new file mode 100644
index 000000000..43e46b653
--- /dev/null
+++ b/config/examples/imx-rt1060_hab.config
@@ -0,0 +1,33 @@
+ARCH?=ARM
+TARGET?=imx_rt
+TARGET_IMX_HAB?=1
+SIGN?=ECC256
+HASH?=SHA256
+MCUXSDK?=0
+MCUXPRESSO?=$(PWD)/../SDK-2.11.0_EVK-MIMXRT1060
+MCUXPRESSO_CMSIS?=$(MCUXPRESSO)/CMSIS
+MCUXPRESSO_CPU?=MIMXRT1062DVL6A
+MCUXPRESSO_DRIVERS?=$(MCUXPRESSO)/devices/MIMXRT1062
+DEBUG?=0
+VTOR?=1
+CORTEX_M0?=0
+NO_ASM?=0
+NO_MPU=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=1
+WOLFBOOT_VERSION?=0
+V?=0
+SPMATH?=1
+RAM_CODE?=0
+DUALBANK_SWAP?=0
+PKA?=0
+WOLFBOOT_PARTITION_SIZE?=0x20000
+WOLFBOOT_SECTOR_SIZE?=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x60010000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x60030000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x60050000
+WOLFBOOT_SMALL_STACK?=1
+
+CFLAGS_EXTRA+=-DDCP_USE_DCACHE=0
diff --git a/docs/Targets.md b/docs/Targets.md
index 4f3be463c..522f1bc29 100644
--- a/docs/Targets.md
+++ b/docs/Targets.md
@@ -1407,6 +1407,10 @@ section, e.g.:
 If an external `.dcd_data` section is provided, the option `NXP_CUSTOM_DCD=1` must
 be added to the configuration.
 
+### Building wolfBoot for HAB (High Assurance Boot)
+
+The `imx_rt` target supports building without a flash configuration, IVT, Boot Data and DCD. This is needed when wanting to use HAB through NXP's *Secure Provisioning Tool* to sign wolfBoot to enable secure boot. To build wolfBoot this way `TARGET_IMX_HAB` needs to be set to 1 in the configuration file (see `config/examples/imx-rt1060 _hab.config` for an example). When built with `TARGET_IMX_HAB=1` wolfBoot must be written to flash using NXP's *Secure Provisioning Tool*.
+
 ### Flashing
 
 Firmware can be directly uploaded to the target by copying `factory.bin` to the virtual USB drive associated to the device, or by loading the image directly into flash using a JTAG/SWD debugger.
diff --git a/hal/imx_rt_hab.ld b/hal/imx_rt_hab.ld
new file mode 100644
index 000000000..ac5f48e84
--- /dev/null
+++ b/hal/imx_rt_hab.ld
@@ -0,0 +1,62 @@
+/* Specify the memory areas */
+MEMORY
+{
+  FLASH(rx)  : ORIGIN = @ARCH_FLASH_OFFSET@ + 0x2000, LENGTH = @BOOTLOADER_PARTITION_SIZE@
+  RAM(rwx)   : ORIGIN = 0x20000000, LENGTH = 0x0001FFF0
+}
+
+/* Define output sections */
+SECTIONS
+{
+    .text :
+    {
+        _start_text = @ARCH_FLASH_OFFSET@;
+        KEEP(*(.isr_vector))
+        . = ALIGN(0x8);
+        *(.text*)
+        *(.rodata*)
+        *(.glue_7)               /* glue arm to thumb code */
+        *(.glue_7t)              /* glue thumb to arm code */
+        *(.eh_frame)
+        KEEP (*(.init))
+        KEEP (*(.fini))
+        . = ALIGN(4);
+        _end_text = .;
+    } > FLASH
+    .ARM.extab :
+    {
+      *(.ARM.extab* .gnu.linkonce.armextab.*)
+    } > FLASH
+    .ARM :
+    {
+      __exidx_start = .;
+      *(.ARM.exidx*)
+      __exidx_end = .;
+    } > FLASH
+    _stored_data = .;
+
+    .data : AT (_stored_data)
+    {
+        _start_data = .;
+        KEEP(*(.ramcode*))
+        . = ALIGN(4);
+        KEEP(*(.data*))
+        . = ALIGN(4);
+        _end_data = .;
+    } > RAM
+
+    .bss (NOLOAD) :
+    {
+        _start_bss = .;
+        __bss_start__ = .;
+        *(.bss*)
+        *(COMMON)
+        . = ALIGN(4);
+        _end_bss = .;
+        __bss_end__ = .;
+        _end = .;
+    } > RAM
+    . = ALIGN(4);
+}
+
+END_STACK = ORIGIN(RAM) + LENGTH(RAM);

From e081d746230bdf97a83eae686945348e85f66d61 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Mon, 22 Jul 2024 08:21:14 +0200
Subject: [PATCH 2/2] Moving target-specific options to arch.mk

---
 Makefile | 10 +---------
 arch.mk  |  7 ++++++-
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index c2ab0cc39..ae7b0be4b 100644
--- a/Makefile
+++ b/Makefile
@@ -17,15 +17,7 @@ LDFLAGS:=
 SECURE_LDFLAGS:=
 LD_START_GROUP:=-Wl,--start-group
 LD_END_GROUP:=-Wl,--end-group
-ifeq ($(TARGET),imx_rt)
-	ifeq ($(TARGET_IMX_HAB),1)
-		LSCRIPT_IN:=hal/$(TARGET)_hab.ld
-	else
-		LSCRIPT_IN:=hal/$(TARGET).ld
-	endif
-else
-	LSCRIPT_IN:=hal/$(TARGET).ld
-endif
+LSCRIPT_IN:=hal/$(TARGET).ld
 V?=0
 DEBUG?=0
 DEBUG_UART?=0
diff --git a/arch.mk b/arch.mk
index 056c6891a..48e6e9c15 100644
--- a/arch.mk
+++ b/arch.mk
@@ -562,7 +562,12 @@ ifeq ($(TARGET),imx_rt)
     ifeq ($(DEBUG_UART),1)
       OBJS+= $(MCUXPRESSO_DRIVERS)/drivers/fsl_lpuart.o
     endif
-  endif
+    ifeq ($(TARGET_IMX_HAB),1)
+        LSCRIPT_IN:=hal/$(TARGET)_hab.ld
+    else
+        LSCRIPT_IN:=hal/$(TARGET).ld
+    endif
+endif
 
   ifeq ($(MCUXPRESSO_CPU),MIMXRT1064DVL6A)
     ARCH_FLASH_OFFSET=0x70000000