diff --git a/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt b/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt index a87732fdbb..25d05f1b65 100644 --- a/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt @@ -2,19 +2,9 @@ # in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) -# (Not part of the boilerplate) -# This example uses extra components for the following - -# 1. common functions such as Wi-Fi and Ethernet connection. -# 2. managing TEE OTA updates -# 3. dumping TEE attestation info -# 4. TEE Secure storage -list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage) - include($ENV{IDF_PATH}/tools/cmake/project.cmake) -# Including the attestation service calls +# For registering the attestation secure service include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) project(tee_cli) diff --git a/components/esp_tee/test_apps/tee_cli_app/main/idf_component.yml b/components/esp_tee/test_apps/tee_cli_app/main/idf_component.yml new file mode 100644 index 0000000000..2aea218675 --- /dev/null +++ b/components/esp_tee/test_apps/tee_cli_app/main/idf_component.yml @@ -0,0 +1,7 @@ +dependencies: + tee_attestation: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation + tee_ota_ops: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops + tee_sec_storage: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage diff --git a/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt b/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt index 87cacafa2e..2a92d2d729 100644 --- a/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt +++ b/components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt @@ -1,18 +1,9 @@ #This is the project CMakeLists.txt file for the test subproject cmake_minimum_required(VERSION 3.16) -# This example uses extra components for the following - -# 1. Test framework related. -# 2. Managing TEE OTA updates -# 3. TEE Secure Storage -# 4. TEE Entity Attestation -list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/tools/unit-test-app/components - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation) - include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# For registering the test-specific and attestation secure services include(${CMAKE_CURRENT_LIST_DIR}/components/test_sec_srv/test_tee_project.cmake) include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) diff --git a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test_tee_project.cmake b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test_tee_project.cmake index 8be3ba76b3..d4a389ad76 100644 --- a/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test_tee_project.cmake +++ b/components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test_tee_project.cmake @@ -1,4 +1,4 @@ -# tee_project.cmake file must be manually included in the project's top level CMakeLists.txt before project() +# This file must be manually included in the project's top level CMakeLists.txt before project() # This ensures that the variables are set before TEE starts building get_filename_component(directory "${CMAKE_CURRENT_LIST_DIR}/.." ABSOLUTE DIRECTORY) diff --git a/components/esp_tee/test_apps/tee_test_fw/main/idf_component.yml b/components/esp_tee/test_apps/tee_test_fw/main/idf_component.yml index 2ae836a935..7b62e998be 100644 --- a/components/esp_tee/test_apps/tee_test_fw/main/idf_component.yml +++ b/components/esp_tee/test_apps/tee_test_fw/main/idf_component.yml @@ -1,2 +1,10 @@ dependencies: ccomp_timer: "^1.0.0" + tee_attestation: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation + tee_ota_ops: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops + tee_sec_storage: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage + test_utils: + path: ${IDF_PATH}/tools/unit-test-app/components/test_utils diff --git a/docs/en/security/tee/tee-attestation.rst b/docs/en/security/tee/tee-attestation.rst index 4d57274d92..c57eec865d 100644 --- a/docs/en/security/tee/tee-attestation.rst +++ b/docs/en/security/tee/tee-attestation.rst @@ -255,7 +255,7 @@ API Reference .. note:: - - To use the TEE Attestation APIs into your project, ensure the :component:`tee_attestation ` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_attestation ` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System ` documentation. + - To use the TEE Attestation APIs in your project, ensure that the :component:`tee_attestation ` component is listed as a local dependency in the component manager manifest file `idf_component.yml `_. Refer to the :example:`tee_attestation ` example for guidance. - Additionally, the component-specific :component_file:`CMake ` file needs to be included in the top-level ``CMakeLists.txt`` of your project before calling the ``project()`` command to integrate the corresponding service calls into the project. diff --git a/docs/en/security/tee/tee-ota.rst b/docs/en/security/tee/tee-ota.rst index c1bbb00479..264b9c4be2 100644 --- a/docs/en/security/tee/tee-ota.rst +++ b/docs/en/security/tee/tee-ota.rst @@ -74,6 +74,6 @@ API Reference .. note:: - To use the TEE OTA APIs into your project, ensure the :component:`tee_ota_ops ` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_secure_ota ` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System ` documentation. + To use the TEE OTA APIs in your project, ensure that the :component:`tee_ota_ops ` component is listed as a local dependency in the component manager manifest file `idf_component.yml `_. Refer to the :example:`tee_secure_ota ` example for guidance. .. include-build-file:: inc/esp_tee_ota_ops.inc diff --git a/docs/en/security/tee/tee-sec-storage.rst b/docs/en/security/tee/tee-sec-storage.rst index 7a4354dcf1..a5d36118af 100644 --- a/docs/en/security/tee/tee-sec-storage.rst +++ b/docs/en/security/tee/tee-sec-storage.rst @@ -112,6 +112,6 @@ API Reference .. note:: - To use the TEE Secure Storage APIs into your project, ensure the :component:`tee_sec_storage ` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_secure_storage ` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System ` documentation. + To use the TEE Secure Storage APIs in your project, ensure that the :component:`tee_sec_storage ` component is listed as a local dependency in the component manager manifest file `idf_component.yml `_. Refer to the :example:`tee_secure_storage ` example for guidance. .. include-build-file:: inc/esp_tee_sec_storage.inc diff --git a/examples/security/tee/tee_attestation/CMakeLists.txt b/examples/security/tee/tee_attestation/CMakeLists.txt index 2bd98f78a4..115dffc941 100644 --- a/examples/security/tee/tee_attestation/CMakeLists.txt +++ b/examples/security/tee/tee_attestation/CMakeLists.txt @@ -2,14 +2,11 @@ # in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) -# (Not part of the boilerplate) -# This example uses extra components for the following - -# 1. Printing TEE attestation info -list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation) - include($ENV{IDF_PATH}/tools/cmake/project.cmake) -# Including the attestation service calls +# For registering the attestation secure service include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake) +# "Trim" the build. Include the minimal set of components, main, and anything it depends on. +idf_build_set_property(MINIMAL_BUILD ON) project(tee_attestation) diff --git a/examples/security/tee/tee_attestation/main/app_main.c b/examples/security/tee/tee_attestation/main/app_main.c index 90c7c1872b..e3b2800cf4 100644 --- a/examples/security/tee/tee_attestation/main/app_main.c +++ b/examples/security/tee/tee_attestation/main/app_main.c @@ -8,9 +8,7 @@ #include #include "esp_system.h" -#include "esp_event.h" #include "esp_log.h" -#include "esp_console.h" #include "freertos/FreeRTOS.h" #include "freertos/task.h" diff --git a/examples/security/tee/tee_attestation/main/idf_component.yml b/examples/security/tee/tee_attestation/main/idf_component.yml new file mode 100644 index 0000000000..ffc1a7d072 --- /dev/null +++ b/examples/security/tee/tee_attestation/main/idf_component.yml @@ -0,0 +1,3 @@ +dependencies: + tee_attestation: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation diff --git a/examples/security/tee/tee_basic/CMakeLists.txt b/examples/security/tee/tee_basic/CMakeLists.txt index 12a1e84ce9..432e9c39ac 100644 --- a/examples/security/tee/tee_basic/CMakeLists.txt +++ b/examples/security/tee/tee_basic/CMakeLists.txt @@ -4,7 +4,9 @@ cmake_minimum_required(VERSION 3.16) include($ENV{IDF_PATH}/tools/cmake/project.cmake) -# Including the example service calls +# For registering custom secure services for the example include(${CMAKE_CURRENT_LIST_DIR}/components/example_secure_service/tee_project.cmake) +# "Trim" the build. Include the minimal set of components, main, and anything it depends on. +idf_build_set_property(MINIMAL_BUILD ON) project(tee_basic) diff --git a/examples/security/tee/tee_basic/main/CMakeLists.txt b/examples/security/tee/tee_basic/main/CMakeLists.txt index 6746047f5f..c9e36bfd72 100644 --- a/examples/security/tee/tee_basic/main/CMakeLists.txt +++ b/examples/security/tee/tee_basic/main/CMakeLists.txt @@ -1,2 +1,3 @@ idf_component_register(SRCS "tee_main.c" - INCLUDE_DIRS "") + INCLUDE_DIRS "" + PRIV_REQUIRES esp_tee mbedtls) diff --git a/examples/security/tee/tee_secure_ota/CMakeLists.txt b/examples/security/tee/tee_secure_ota/CMakeLists.txt index 7559f4d7da..b686c24817 100644 --- a/examples/security/tee/tee_secure_ota/CMakeLists.txt +++ b/examples/security/tee/tee_secure_ota/CMakeLists.txt @@ -2,12 +2,8 @@ # in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) -# (Not part of the boilerplate) -# This example uses extra components for the following - -# 1. common functions such as Wi-Fi and Ethernet connection. -# 2. managing TEE OTA updates -list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common - $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops) - include($ENV{IDF_PATH}/tools/cmake/project.cmake) + +# "Trim" the build. Include the minimal set of components, main, and anything it depends on. +idf_build_set_property(MINIMAL_BUILD ON) project(tee_secure_ota) diff --git a/examples/security/tee/tee_secure_ota/main/CMakeLists.txt b/examples/security/tee/tee_secure_ota/main/CMakeLists.txt index 371fba8ba5..e052c95102 100644 --- a/examples/security/tee/tee_secure_ota/main/CMakeLists.txt +++ b/examples/security/tee/tee_secure_ota/main/CMakeLists.txt @@ -1,2 +1,4 @@ idf_component_register(SRCS "cmd_ota.c" "app_main.c" - INCLUDE_DIRS ".") + INCLUDE_DIRS "." + PRIV_REQUIRES app_update console esp_driver_uart esp_event esp_http_client + esp_https_ota esp_netif esp_wifi mbedtls nvs_flash) diff --git a/examples/security/tee/tee_secure_ota/main/idf_component.yml b/examples/security/tee/tee_secure_ota/main/idf_component.yml new file mode 100644 index 0000000000..3d5ae02d6c --- /dev/null +++ b/examples/security/tee/tee_secure_ota/main/idf_component.yml @@ -0,0 +1,5 @@ +dependencies: + tee_ota_ops: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops + protocol_examples_common: + path: ${IDF_PATH}/examples/common_components/protocol_examples_common diff --git a/examples/security/tee/tee_secure_storage/CMakeLists.txt b/examples/security/tee/tee_secure_storage/CMakeLists.txt index 9842c6bb84..55c182e782 100644 --- a/examples/security/tee/tee_secure_storage/CMakeLists.txt +++ b/examples/security/tee/tee_secure_storage/CMakeLists.txt @@ -2,8 +2,8 @@ # CMakeLists in this exact order for cmake to work correctly cmake_minimum_required(VERSION 3.16) -list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage) - include($ENV{IDF_PATH}/tools/cmake/project.cmake) +# "Trim" the build. Include the minimal set of components, main, and anything it depends on. +idf_build_set_property(MINIMAL_BUILD ON) project(tee_secure_storage) diff --git a/examples/security/tee/tee_secure_storage/main/CMakeLists.txt b/examples/security/tee/tee_secure_storage/main/CMakeLists.txt index 6746047f5f..3b865c8632 100644 --- a/examples/security/tee/tee_secure_storage/main/CMakeLists.txt +++ b/examples/security/tee/tee_secure_storage/main/CMakeLists.txt @@ -1,2 +1,3 @@ idf_component_register(SRCS "tee_main.c" - INCLUDE_DIRS "") + INCLUDE_DIRS "" + PRIV_REQUIRES mbedtls) diff --git a/examples/security/tee/tee_secure_storage/main/idf_component.yml b/examples/security/tee/tee_secure_storage/main/idf_component.yml new file mode 100644 index 0000000000..c4cb532a85 --- /dev/null +++ b/examples/security/tee/tee_secure_storage/main/idf_component.yml @@ -0,0 +1,3 @@ +dependencies: + tee_sec_storage: + path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage diff --git a/examples/security/tee/tee_secure_storage/main/tee_main.c b/examples/security/tee/tee_secure_storage/main/tee_main.c index 9bb73e22d3..21c96efdb6 100644 --- a/examples/security/tee/tee_secure_storage/main/tee_main.c +++ b/examples/security/tee/tee_secure_storage/main/tee_main.c @@ -19,7 +19,6 @@ #include "mbedtls/ecdsa.h" #include "mbedtls/sha256.h" -#include "esp_tee.h" #include "esp_tee_sec_storage.h" #include "secure_service_num.h"