refactor(esp_tee): Add local components in TEE examples via idf_component.yml

components/esp_tee/test_apps/tee_cli_app/CMakeLists.txt

@@ -2,19 +2,9 @@
 # in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
-# (Not part of the boilerplate)
-# This example uses extra components for the following -
-# 1. common functions such as Wi-Fi and Ethernet connection.
-# 2. managing TEE OTA updates
-# 3. dumping TEE attestation info
-# 4. TEE Secure storage
-list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage)
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
-# Including the attestation service calls
+# For registering the attestation secure service
 include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake)
 
 project(tee_cli)

components/esp_tee/test_apps/tee_cli_app/main/idf_component.yml

@@ -0,0 +1,7 @@
+dependencies:
+  tee_attestation:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation
+  tee_ota_ops:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops
+  tee_sec_storage:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage

components/esp_tee/test_apps/tee_test_fw/CMakeLists.txt

@@ -1,18 +1,9 @@
 #This is the project CMakeLists.txt file for the test subproject
 cmake_minimum_required(VERSION 3.16)
 
-# This example uses extra components for the following -
-# 1. Test framework related.
-# 2. Managing TEE OTA updates
-# 3. TEE Secure Storage
-# 4. TEE Entity Attestation
-list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/tools/unit-test-app/components
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation)
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# For registering the test-specific and attestation secure services
 include(${CMAKE_CURRENT_LIST_DIR}/components/test_sec_srv/test_tee_project.cmake)
 include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake)
 

components/esp_tee/test_apps/tee_test_fw/components/test_sec_srv/test_tee_project.cmake

@@ -1,4 +1,4 @@
-# tee_project.cmake file must be manually included in the project's top level CMakeLists.txt before project()
+# This file must be manually included in the project's top level CMakeLists.txt before project()
 # This ensures that the variables are set before TEE starts building
 
 get_filename_component(directory "${CMAKE_CURRENT_LIST_DIR}/.." ABSOLUTE DIRECTORY)

components/esp_tee/test_apps/tee_test_fw/main/idf_component.yml

@@ -1,2 +1,10 @@
 dependencies:
   ccomp_timer: "^1.0.0"
+  tee_attestation:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation
+  tee_ota_ops:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops
+  tee_sec_storage:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage
+  test_utils:
+    path: ${IDF_PATH}/tools/unit-test-app/components/test_utils

docs/en/security/tee/tee-attestation.rst

@@ -255,7 +255,7 @@ API Reference
 
 .. note::
 
-  - To use the TEE Attestation APIs into your project, ensure the :component:`tee_attestation <esp_tee/subproject/components/tee_attestation>` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_attestation <security/tee/tee_attestation>` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System </api-guides/build-system>` documentation.
+  - To use the TEE Attestation APIs in your project, ensure that the :component:`tee_attestation <esp_tee/subproject/components/tee_attestation>` component is listed as a local dependency in the component manager manifest file `idf_component.yml <https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html>`_. Refer to the :example:`tee_attestation <security/tee/tee_attestation>` example for guidance.
 
   - Additionally, the component-specific :component_file:`CMake <esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake>` file needs to be included in the top-level ``CMakeLists.txt`` of your project before calling the ``project()`` command to integrate the corresponding service calls into the project.
 

docs/en/security/tee/tee-ota.rst

@@ -74,6 +74,6 @@ API Reference
 
 .. note::
 
-    To use the TEE OTA APIs into your project, ensure the :component:`tee_ota_ops <esp_tee/subproject/components/tee_ota_ops>` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_secure_ota <security/tee/tee_secure_ota>` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System </api-guides/build-system>` documentation.
+    To use the TEE OTA APIs in your project, ensure that the :component:`tee_ota_ops <esp_tee/subproject/components/tee_ota_ops>` component is listed as a local dependency in the component manager manifest file `idf_component.yml <https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html>`_. Refer to the :example:`tee_secure_ota <security/tee/tee_secure_ota>` example for guidance.
 
 .. include-build-file:: inc/esp_tee_ota_ops.inc

docs/en/security/tee/tee-sec-storage.rst

@@ -112,6 +112,6 @@ API Reference
 
 .. note::
 
-    To use the TEE Secure Storage APIs into your project, ensure the :component:`tee_sec_storage <esp_tee/subproject/components/tee_sec_storage>` component is included by setting ``EXTRA_COMPONENT_DIRS`` in your project's ``CMakeLists.txt`` file, as shown in the :example:`tee_secure_storage <security/tee/tee_secure_storage>` example. For more information, refer to the :ref:`optional_project_variable` section from the :doc:`Build System </api-guides/build-system>` documentation.
+    To use the TEE Secure Storage APIs in your project, ensure that the :component:`tee_sec_storage <esp_tee/subproject/components/tee_sec_storage>` component is listed as a local dependency in the component manager manifest file `idf_component.yml <https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html>`_. Refer to the :example:`tee_secure_storage <security/tee/tee_secure_storage>` example for guidance.
 
 .. include-build-file:: inc/esp_tee_sec_storage.inc

examples/security/tee/tee_attestation/CMakeLists.txt

@@ -2,14 +2,11 @@
 # in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
-# (Not part of the boilerplate)
-# This example uses extra components for the following -
-# 1. Printing TEE attestation info
-list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation)
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
-# Including the attestation service calls
+# For registering the attestation secure service
 include($ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_attestation/esp_tee_att.cmake)
 
+# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
+idf_build_set_property(MINIMAL_BUILD ON)
 project(tee_attestation)

examples/security/tee/tee_attestation/main/app_main.c

@@ -8,9 +8,7 @@
 #include <errno.h>
 
 #include "esp_system.h"
-#include "esp_event.h"
 #include "esp_log.h"
-#include "esp_console.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"

examples/security/tee/tee_attestation/main/idf_component.yml

@@ -0,0 +1,3 @@
+dependencies:
+  tee_attestation:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_attestation

examples/security/tee/tee_basic/CMakeLists.txt

@@ -4,7 +4,9 @@ cmake_minimum_required(VERSION 3.16)
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
-# Including the example service calls
+# For registering custom secure services for the example
 include(${CMAKE_CURRENT_LIST_DIR}/components/example_secure_service/tee_project.cmake)
 
+# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
+idf_build_set_property(MINIMAL_BUILD ON)
 project(tee_basic)

examples/security/tee/tee_basic/main/CMakeLists.txt

@@ -1,2 +1,3 @@
 idf_component_register(SRCS "tee_main.c"
-                    INCLUDE_DIRS "")
+                    INCLUDE_DIRS ""
+                    PRIV_REQUIRES esp_tee mbedtls)

examples/security/tee/tee_secure_ota/CMakeLists.txt

@@ -2,12 +2,8 @@
 # in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
-# (Not part of the boilerplate)
-# This example uses extra components for the following -
-# 1. common functions such as Wi-Fi and Ethernet connection.
-# 2. managing TEE OTA updates
-list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common
-                                 $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops)
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+
+# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
+idf_build_set_property(MINIMAL_BUILD ON)
 project(tee_secure_ota)

examples/security/tee/tee_secure_ota/main/CMakeLists.txt

@@ -1,2 +1,4 @@
 idf_component_register(SRCS "cmd_ota.c" "app_main.c"
-                       INCLUDE_DIRS ".")
+                       INCLUDE_DIRS "."
+                       PRIV_REQUIRES app_update console esp_driver_uart esp_event esp_http_client
+                                     esp_https_ota esp_netif esp_wifi mbedtls nvs_flash)

examples/security/tee/tee_secure_ota/main/idf_component.yml

@@ -0,0 +1,5 @@
+dependencies:
+  tee_ota_ops:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_ota_ops
+  protocol_examples_common:
+    path: ${IDF_PATH}/examples/common_components/protocol_examples_common

examples/security/tee/tee_secure_storage/CMakeLists.txt

@@ -2,8 +2,8 @@
 # CMakeLists in this exact order for cmake to work correctly
 cmake_minimum_required(VERSION 3.16)
 
-list(APPEND EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage)
-
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# "Trim" the build. Include the minimal set of components, main, and anything it depends on.
+idf_build_set_property(MINIMAL_BUILD ON)
 project(tee_secure_storage)

examples/security/tee/tee_secure_storage/main/CMakeLists.txt

@@ -1,2 +1,3 @@
 idf_component_register(SRCS "tee_main.c"
-                    INCLUDE_DIRS "")
+                    INCLUDE_DIRS ""
+                    PRIV_REQUIRES mbedtls)

examples/security/tee/tee_secure_storage/main/idf_component.yml

@@ -0,0 +1,3 @@
+dependencies:
+  tee_sec_storage:
+    path: ${IDF_PATH}/components/esp_tee/subproject/components/tee_sec_storage

examples/security/tee/tee_secure_storage/main/tee_main.c

@@ -19,7 +19,6 @@
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/sha256.h"
 
-#include "esp_tee.h"
 #include "esp_tee_sec_storage.h"
 #include "secure_service_num.h"