blob: eeb5cdef00f6e06d998288633fbad1c49ed2a55a [file] [log] [blame]
# Configuration for the TF-M Module
# Copyright (c) 2019, 2020 Linaro Limited
# Copyright (c) 2020, 2021 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0
config ZEPHYR_TRUSTED_FIRMWARE_M_MODULE
bool
config TFM_BOARD
string
default "nordic_nrf/nrf9160dk_nrf9160" if BOARD_NRF9160DK_NRF9160_NS
default "nordic_nrf/nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
default "nxp/lpcxpresso55s69" if BOARD_LPCXPRESSO55S69_CPU0
default "arm/mps2/an521" if BOARD_MPS2_AN521_CPU0_NS
default "arm/mps3/an547" if BOARD_MPS3_AN547
default "stm/b_u585i_iot02a" if BOARD_B_U585I_IOT02A
default "stm/nucleo_l552ze_q" if BOARD_NUCLEO_L552ZE_Q
default "stm/stm32l562e_dk" if BOARD_STM32L562E_DK
default "arm/musca_b1/sse_200" if BOARD_MUSCA_B1
default "arm/musca_s1" if BOARD_MUSCA_S1
default "lairdconnectivity/bl5340_dvk_cpuapp" if BOARD_BL5340_DVK_CPUAPP_NS
help
The board name used for building TFM. Building with TFM requires that
TFM has been ported to the given board/SoC.
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
depends on TRUSTED_EXECUTION_NONSECURE
depends on TFM_BOARD != ""
depends on ARM_TRUSTZONE_M
select BUILD_OUTPUT_HEX
imply INIT_ARCH_HW_AT_BOOT
imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
help
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
if BUILD_WITH_TFM
config TFM_KEY_FILE_S
string "Path to private key used to sign secure firmware images."
depends on BUILD_WITH_TFM
default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072.pem"
help
The path and filename for the .pem file containing the private key
that should be used by the BL2 bootloader when signing secure
firmware images.
config TFM_KEY_FILE_NS
string "Path to private key used to sign non-secure firmware images."
depends on BUILD_WITH_TFM
default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
help
The path and filename for the .pem file containing the private key
that should be used by the BL2 bootloader when signing non-secure
firmware images.
config TFM_PROFILE
string
depends on BUILD_WITH_TFM
default "profile_small" if TFM_PROFILE_TYPE_SMALL
default "profile_medium" if TFM_PROFILE_TYPE_MEDIUM
default "profile_large" if TFM_PROFILE_TYPE_LARGE
help
Build profile used to build tfm_s image. The available values are
profile_large, profile_medium and profile_small. The default profile
does not need to have this configuration set.
choice TFM_PROFILE_TYPE
prompt "TF-M build profile"
depends on BUILD_WITH_TFM
default TFM_PROFILE_TYPE_NOT_SET
help
The TF-M build profile selection. Can be empty (not set),
small, medium or large. Certain profile types enable other
TF-M configuration options, namely, the IPC model and the
isolation level.
config TFM_PROFILE_TYPE_NOT_SET
bool "TF-M build profile is not set"
config TFM_PROFILE_TYPE_SMALL
bool "TF-M build profile: small"
config TFM_PROFILE_TYPE_MEDIUM
bool "TF-M build profile: medium"
config TFM_PROFILE_TYPE_LARGE
bool "TF-M build profile: large"
endchoice
choice TFM_CMAKE_BUILD_TYPE
prompt "The build type for TFM"
default TFM_CMAKE_BUILD_TYPE_RELEASE if SPEED_OPTIMIZATIONS && BUILD_OUTPUT_STRIPPED
default TFM_CMAKE_BUILD_TYPE_MINSIZEREL if SIZE_OPTIMIZATIONS
default TFM_CMAKE_BUILD_TYPE_DEBUG if DEBUG_OPTIMIZATIONS
default TFM_CMAKE_BUILD_TYPE_RELWITHDEBINFO
config TFM_CMAKE_BUILD_TYPE_RELEASE
bool "Release build"
config TFM_CMAKE_BUILD_TYPE_RELWITHDEBINFO
bool "Release build with Debug info"
config TFM_CMAKE_BUILD_TYPE_MINSIZEREL
bool "Release build, optimized for size"
config TFM_CMAKE_BUILD_TYPE_DEBUG
bool "Debug build"
endchoice
config TFM_ISOLATION_LEVEL
int "Isolation level setting." if (TFM_PROFILE_TYPE_NOT_SET && TFM_IPC)
range 1 3
depends on BUILD_WITH_TFM
default 1 if TFM_PROFILE_TYPE_SMALL || !TFM_IPC
default 2 if TFM_PROFILE_TYPE_MEDIUM
default 3 if TFM_PROFILE_TYPE_LARGE
help
Manually set the required TFM isolation level. Possible values are
1,2 or 3; the default is set by build configuration. When TF-M
Profile option is supplied, do not allow manual setting of the
isolation level, as it is determined by the profile setting.
As isolation levels 2 and 3 require PSA_API (TFM_IPC) support,
force level 1 when TFM_IPC is not enabled.
config TFM_ITS_NUM_ASSETS_OVERRIDE
bool "Override maximum number of Internal Trusted Storage assets"
help
Override the platform's default maximum number of assets to be stored in
Internal Trusted Storage (ITS) with TFM_ITS_NUM_ASSETS.
config TFM_ITS_NUM_ASSETS
int "Maximum number of Internal Trusted Storage assets"
depends on TFM_ITS_NUM_ASSETS_OVERRIDE
default 0
help
Maximum number of assets to be stored in Internal Trusted Storage (ITS).
config TFM_ITS_MAX_ASSET_SIZE_OVERRIDE
bool "Override maximum Internal Trusted Storage asset size"
help
Override the platform's default maximum size of a single asset to be
stored in Internal Trusted Storage (ITS) with TFM_ITS_MAX_ASSET_SIZE.
config TFM_ITS_MAX_ASSET_SIZE
int "Maximum Internal Trusted Storage asset size"
depends on TFM_ITS_MAX_ASSET_SIZE_OVERRIDE
default 0
help
Maximum size (in bytes) of a single asset to be stored in Internal Trusted
Storage (ITS).
config TFM_PARTITION_PLATFORM_CUSTOM_REBOOT
bool "Use custom reboot handler"
depends on TFM_PARTITION_PLATFORM
help
Do not include the default zephyr implementation of calling the TF-M
platform reset service.
Instead the application will have to override the weak ARM
implementation of sys_arch_reset().
config TFM_BL2_NOT_SUPPORTED
bool
help
Hidden option to mark the BL2, the MCUBoot included in TF-M, as not supported.
Platforms that don't use BL2 should select this option.
config TFM_IMAGE_VERSION_S
string "Version of the Secure Image"
default "0.0.0+0"
help
MCUBoot may be configured to prevent rollback prevention based on image
versions of both the secure firmware and non-secure firmware. This sets
the secure firmware's version for rollback prevention.
config TFM_IMAGE_VERSION_NS
string "Version of the Non-Secure Image"
default "0.0.0+0"
help
MCUBoot may be configured to prevent rollback prevention based on image
versions of both the secure firmware and non-secure firmware. This sets
the non-secure firmware's version for rollback prevention.
config TFM_BL2
bool "Add MCUboot to TFM"
depends on !TFM_BL2_NOT_SUPPORTED
default y
help
TFM is designed to run with MCUboot in a certain configuration.
This config adds MCUboot to the build - built via TFM's build system.
config TFM_BUILD_NS
bool "Build the TF-M Non-Secure application and libraries"
help
Instruct the TF-M build system to build the TF-M Non-Secure
application and libraries.
This option is intended for testing purposes only, since this is the
easiest way to build the TF-M regression tests application and test
support libraries in the zephyr build system.
config TFM_USE_NS_APP
bool "Use the TF-M Non-Secure application"
depends on TFM_BUILD_NS
help
The TF-M build system can produce multiple executable files.
The main one is the TF-M secure firmware. Optionally the TF-M
non-secure application can be built.
Usually the TF-M non-secure application is not used since the
zephyr application is the non-secure application.
With this option enabled this is reversed and the TF-M non-secure
application is used instead of the Zephyr non-secure application.
This option is intended for testing purposes only, since this is the
easiest way to integrate and run the TF-M regression tests in the
zephyr build system.
if TFM_BL2
config TFM_MCUBOOT_IMAGE_NUMBER
int "Granularity of FW updates of TFM and app"
range 1 2
default 2
help
How many images the bootloader sees when it looks at TFM and the app.
When this is 1, the S and NS are considered as 1 image and must be
updated in one atomic operation. When this is 2, they are split and
can be updated independently if dependency requirements are met.
choice TFM_MCUBOOT_PATH
prompt "Path to MCUboot or DOWNLOAD to fetch automatically"
default TFM_MCUBOOT_PATH_LOCAL
help
Path to MCUboot for TF-M builds. The default option
is to use Zephyr's MCUboot module. As an alternative,
users may switch to the 'download' version; in that
case MCUboot will be fetched by the TF-M build during
build time. The default option ensures that Zephyr builds
with TF-M do not fetch external trees.
config TFM_MCUBOOT_PATH_LOCAL
bool "TF-M to use Zephyr's MCUboot"
help
TF-M builds with BL2 will use the Zephyr's MCUboot version,
which is present in the MCUboot module.
config TFM_MCUBOOT_PATH_DOWNLOAD
bool "TF-M to automatically download MCUboot during build"
help
TF-M builds with BL2 will let the TF-M build to automatically
fetch and check-out the MCUboot version to use in the build.
endchoice
config TFM_MCUBOOT_DATA_SHARING
bool "Share app-specific data between TF-M and MCUBoot"
help
Add sharing of application specific data using the same
shared data area as for the measured boot.
endif # TFM_BL2
config TFM_IPC
bool "IPC" if TFM_PROFILE_TYPE_NOT_SET
default y if (TFM_PROFILE_TYPE_MEDIUM || TFM_PROFILE_TYPE_LARGE)
help
When enabled, this option signifies that the TF-M build supports
the PSA API (IPC mode) instead of the secure library mode. When
TF-M Profile option is supplied, do not allow manual setting of
the IPC mode, as it is determined by the profile setting.
config TFM_REGRESSION_S
bool "TF-M Secure Regression tests"
help
When enabled, this option signifies that the TF-M build includes
the Secure domain regression tests.
The regression tests will be included in the TF-M secure firmware.
config TFM_REGRESSION_NS
bool "TF-M Non-Secure Regression tests"
help
When enabled, this option signifies that the TF-M build includes
the Non-Secure domain regression tests.
The regression tests will be included in the TF-M non-secure
application.
choice TFM_PSA_TEST
prompt "Enable a PSA test suite"
default TFM_PSA_TEST_NONE
config TFM_PSA_TEST_CRYPTO
bool "Crypto tests"
depends on MAIN_STACK_SIZE >= 4096
help
Enable the PSA Crypto test suite.
config TFM_PSA_TEST_PROTECTED_STORAGE
bool "Storage tests"
help
Enable the PSA Protected Storage test suite.
config TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGE
bool "Internal Trusted Storage tests"
help
Enable the PSA Internal Trusted Storage test suite.
config TFM_PSA_TEST_STORAGE
bool "Storage tests"
help
Enable the PSA Storage test suite. This is a combination of the
protected storage and internal trusted storage tests.
config TFM_PSA_TEST_INITIAL_ATTESTATION
bool "Initial attestation tests"
depends on MAIN_STACK_SIZE >= 4096
help
Enable the PSA Initial Attestation test suite.
config TFM_PSA_TEST_NONE
bool "No PSA test suite"
endchoice
if TFM_BL2
config ROM_START_OFFSET
hex "ROM Start Offset accounting for BL2 Header in the NS image"
default 0x400
help
By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
needs to be updated if TF-M switches to use a different header
size for BL2.
endif # !TFM_BL2
# Option to instruct flashing a merged binary consisting of BL2 (optionally),
# TF-M (Secure), and application (Non-Secure).
config TFM_FLASH_MERGED_BINARY
bool
help
This option instructs west flash to program the combined (merged)
binary consisting of the TF-M Secure firmware image, optionally, the
BL2 image (if building with TFM_BL2 is enabled), and the Non-Secure
application firmware.
config TFM_LOG_LEVEL_SILENCE
bool "TF-M Disable secure logging"
help
Set the log level to silence for all TF-M modules (SPM, partition, etc.).
On some platforms this will release the UART from
the secure domain and reduce the uart driver's flash usage.
choice TFM_SPM_LOG_LEVEL
prompt "TF-M SPM Log Level" if !TFM_LOG_LEVEL_SILENCE
default TFM_SPM_LOG_LEVEL_INFO
config TFM_SPM_LOG_LEVEL_DEBUG
bool "Debug"
config TFM_SPM_LOG_LEVEL_INFO
bool "Info"
config TFM_SPM_LOG_LEVEL_ERROR
bool "Error"
config TFM_SPM_LOG_LEVEL_SILENCE
bool "Off"
endchoice
config TFM_EXCEPTION_INFO_DUMP
bool "TF-M exception info dump"
help
On fatal errors in the secure firmware, capture info about the exception.
Print the info if the SPM log level is sufficient.
endif # BUILD_WITH_TFM