Tools: Allow TF-M relative paths in manifest lists

RcColes · David Hu · commit 052e87140b75 · 2023-11-07T09:06:33.000+01:00
After performing the search for the manifest file relative to the
manifest list, additionally search for the path relative to the root
TF-M directory. This allows for manifest lists files which are within
platform directories, while maintaining current behaviour by default.

Change-Id: I703efc37c0184f245766cc061e7aa670332dd08b
Signed-off-by: Raef Coles &lt;raef.coles@arm.com&gt;
diff --git a/platform/ext/target/arm/rss/common/manifest/tfm_manifest_list.yaml b/platform/ext/target/arm/rss/common/manifest/tfm_manifest_list.yaml
@@ -7,7 +7,9 @@
 #
 #-------------------------------------------------------------------------------
 
-# The "manifest" field must be relative path to this file or absolute path.
+# The "manifest" field must be a path relative to this file, a path relative to
+# the directory that tfm_parse_manifest_list.py is run in (which by default is
+# the TF-M root directory), or an absolute path.
 #
 # Files per Secure Partition are generated to:
 #   - "output_path", if it is a absolute path - not recommended
@@ -24,7 +26,7 @@
   "manifest_list": [
     {
       "description": "Non-Secure Mailbox Agent",
-      "manifest": "${CMAKE_SOURCE_DIR}/secure_fw/partitions/ns_agent_mailbox/ns_agent_mailbox.yaml",
+      "manifest": "secure_fw/partitions/ns_agent_mailbox/ns_agent_mailbox.yaml",
       "output_path": "secure_fw/partitions/ns_agent_mailbox",
       "conditional": "TFM_MULTI_CORE_TOPOLOGY",
       "version_major": 0,
@@ -39,7 +41,7 @@
     },
     {
       "description": "TFM Crypto Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/platform/ext/target/arm/rss/common/manifest/tfm_crypto.yaml",
+      "manifest": "platform/ext/target/arm/rss/common/manifest/tfm_crypto.yaml",
       "output_path": "secure_fw/partitions/crypto",
       "conditional": "TFM_PARTITION_CRYPTO",
       "version_major": 0,
@@ -53,7 +55,7 @@
     },
     {
       "description": "TFM Platform Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/secure_fw/partitions/platform/tfm_platform.yaml",
+      "manifest": "secure_fw/partitions/platform/tfm_platform.yaml",
       "output_path": "secure_fw/partitions/platform",
       "conditional": "TFM_PARTITION_PLATFORM",
       "version_major": 0,
@@ -67,7 +69,7 @@
     },
     {
       "description": "TFM Initial Attestation Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/platform/ext/target/arm/rss/common/manifest/tfm_initial_attestation.yaml",
+      "manifest": "platform/ext/target/arm/rss/common/manifest/tfm_initial_attestation.yaml",
       "output_path": "secure_fw/partitions/initial_attestation",
       "conditional": "TFM_PARTITION_INITIAL_ATTESTATION",
       "version_major": 0,
diff --git a/platform/ext/target/arm/rss/kronos/manifest/tfm_manifest_list.yaml b/platform/ext/target/arm/rss/kronos/manifest/tfm_manifest_list.yaml
@@ -7,7 +7,9 @@
 #
 #-------------------------------------------------------------------------------
 
-# The "manifest" field must be relative path to this file or absolute path.
+# The "manifest" field must be a path relative to this file, a path relative to
+# the directory that tfm_parse_manifest_list.py is run in (which by default is
+# the TF-M root directory), or an absolute path.
 #
 # Files per Secure Partition are generated to:
 #   - "output_path", if it is a absolute path - not recommended
@@ -24,7 +26,7 @@
   "manifest_list": [
     {
       "description": "Non-Secure Mailbox Agent",
-      "manifest": "${CMAKE_SOURCE_DIR}/secure_fw/partitions/ns_agent_mailbox/ns_agent_mailbox.yaml",
+      "manifest": "secure_fw/partitions/ns_agent_mailbox/ns_agent_mailbox.yaml",
       "output_path": "secure_fw/partitions/ns_agent_mailbox",
       "conditional": "TFM_MULTI_CORE_TOPOLOGY",
       "version_major": 0,
@@ -39,7 +41,7 @@
     },
     {
       "description": "Protected Storage Partition",
-      "manifest": "${CMAKE_SOURCE_DIR}/platform/ext/target/arm/rss/kronos/manifest/tfm_protected_storage.yaml",
+      "manifest": "platform/ext/target/arm/rss/kronos/manifest/tfm_protected_storage.yaml",
       "output_path": "secure_fw/partitions/protected_storage",
       "conditional": "TFM_PARTITION_PROTECTED_STORAGE",
       "version_major": 0,
@@ -53,7 +55,7 @@
     },
     {
       "description": "TFM Crypto Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/platform/ext/target/arm/rss/kronos/manifest/tfm_crypto.yaml",
+      "manifest": "platform/ext/target/arm/rss/kronos/manifest/tfm_crypto.yaml",
       "output_path": "secure_fw/partitions/crypto",
       "conditional": "TFM_PARTITION_CRYPTO",
       "version_major": 0,
@@ -67,7 +69,7 @@
     },
     {
       "description": "TFM Platform Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/secure_fw/partitions/platform/tfm_platform.yaml",
+      "manifest": "secure_fw/partitions/platform/tfm_platform.yaml",
       "output_path": "secure_fw/partitions/platform",
       "conditional": "TFM_PARTITION_PLATFORM",
       "version_major": 0,
@@ -81,7 +83,7 @@
     },
     {
       "description": "TFM Initial Attestation Service",
-      "manifest": "${CMAKE_SOURCE_DIR}/secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml",
+      "manifest": "secure_fw/partitions/initial_attestation/tfm_initial_attestation.yaml",
       "output_path": "secure_fw/partitions/initial_attestation",
       "conditional": "TFM_PARTITION_INITIAL_ATTESTATION",
       "version_major": 0,
diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt
@@ -1,5 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -65,7 +65,13 @@ foreach(MANIFEST_LIST ${MANIFEST_LISTS})
     foreach(MANIFEST ${MANIFESTS})
         # Convert to absolute paths
         if (NOT IS_ABSOLUTE ${MANIFEST})
-            get_filename_component(MANIFEST "${MANIFEST_LIST_PATH}/${MANIFEST}" ABSOLUTE)
+            # First try relative to the manifest
+            if (EXISTS "${MANIFEST_LIST_PATH}/${MANIFEST}")
+                get_filename_component(MANIFEST "${MANIFEST_LIST_PATH}/${MANIFEST}" ABSOLUTE)
+            # Then try relative to the root TF-M source directory
+            elseif (EXISTS "${CMAKE_SOURCE_DIR}/${MANIFEST}")
+                get_filename_component(MANIFEST "${CMAKE_SOURCE_DIR}/${MANIFEST}" ABSOLUTE)
+            endif()
         endif()
         list(APPEND MANIFEST_FILES ${MANIFEST})
     endforeach()
@@ -170,6 +176,7 @@ add_custom_target(
 # is to run the script at cmake-time.
 execute_process(
     COMMAND ${MANIFEST_COMMAND}
+    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
     RESULT_VARIABLE RET
 )
 
diff --git a/tools/tfm_manifest_list.yaml b/tools/tfm_manifest_list.yaml
@@ -7,7 +7,9 @@
 #
 #-------------------------------------------------------------------------------
 
-# The "manifest" field must be relative path to this file or absolute path.
+# The "manifest" field must be a path relative to this file, a path relative to
+# the directory that tfm_parse_manifest_list.py is run in (which by default is
+# the TF-M root directory), or an absolute path.
 #
 # Files per Secure Partition are generated to:
 #   - "output_path", if it is a absolute path - not recommended
diff --git a/tools/tfm_parse_manifest_list.py b/tools/tfm_parse_manifest_list.py
@@ -1,5 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2018-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2018-2023, Arm Limited. All rights reserved.
 # Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
 # or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
 #
@@ -294,11 +294,18 @@ def process_partition_manifests(manifest_lists, configs):
         with open(item) as manifest_list_yaml_file:
             manifest_dic = yaml.safe_load(manifest_list_yaml_file)['manifest_list']
             for dict in manifest_dic:
-                # Replace environment variables in the manifest path and convert to absolute path.
-                # If it's already abspath, the path will not be changed.
-                manifest_path = os.path.join(os.path.dirname(item), # path of manifest list
-                                             os.path.expandvars(dict['manifest']))\
-                                             .replace('\\', '/')
+                # Replace environment variables in the manifest path.
+                expanded_path = os.path.expandvars(dict['manifest']).replace('\\', '/')
+
+                # If the manifest exists relative to the manifest list, then use
+                # that. Else, either interpret it as an absolute path or one
+                # relative to the current working directory
+                path_relative_to_manifest_list = os.path.join(os.path.dirname(item), # path of manifest list
+                                                              expanded_path)
+                if os.path.isfile(path_relative_to_manifest_list):
+                    manifest_path = path_relative_to_manifest_list
+                else:
+                    manifest_path = expanded_path
                 dict['manifest'] = manifest_path
                 all_manifests.append(dict)
 

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,9 @@`
`7`	`7`	`#`
`8`	`8`	`#-------------------------------------------------------------------------------`
`9`	`9`
`10`		`-# The "manifest" field must be relative path to this file or absolute path.`
	`10`	`+# The "manifest" field must be a path relative to this file, a path relative to`
	`11`	`+# the directory that tfm_parse_manifest_list.py is run in (which by default is`
	`12`	`+# the TF-M root directory), or an absolute path.`
`11`	`13`	`#`
`12`	`14`	`# Files per Secure Partition are generated to:`
`13`	`15`	`# - "output_path", if it is a absolute path - not recommended`