tfm: Configure TFM via Kconfig instead of Cmake
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.
Update west.yml to bring in Cmake changes that use the new KConfigs.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
diff --git a/boards/arm/lpcxpresso55s69/board.cmake b/boards/arm/lpcxpresso55s69/board.cmake
index 91b510f..791f33a 100644
--- a/boards/arm/lpcxpresso55s69/board.cmake
+++ b/boards/arm/lpcxpresso55s69/board.cmake
@@ -19,5 +19,3 @@
include(${ZEPHYR_BASE}/boards/common/jlink.board.cmake)
include(${ZEPHYR_BASE}/boards/common/pyocd.board.cmake)
-
-set(TFM_TARGET_PLATFORM "nxp/lpcxpresso55s69")
diff --git a/boards/arm/mps2_an521/board.cmake b/boards/arm/mps2_an521/board.cmake
index f776dd7..7baa879 100644
--- a/boards/arm/mps2_an521/board.cmake
+++ b/boards/arm/mps2_an521/board.cmake
@@ -1,7 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
set(EMU_PLATFORM qemu)
-set(TFM_TARGET_PLATFORM "mps2/an521")
set(QEMU_CPU_TYPE_${ARCH} cortex-m33)
set(QEMU_FLAGS_${ARCH}
diff --git a/boards/arm/nrf5340dk_nrf5340/board.cmake b/boards/arm/nrf5340dk_nrf5340/board.cmake
index b347054..ff41682 100644
--- a/boards/arm/nrf5340dk_nrf5340/board.cmake
+++ b/boards/arm/nrf5340dk_nrf5340/board.cmake
@@ -1,14 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
-# Set the corresponding TF-M target platform when building for the Non-Secure
-# version of the board (Application MCU).
-if(CONFIG_BOARD_NRF5340PDK_NRF5340_CPUAPPNS)
- set(TFM_TARGET_PLATFORM "nordic_nrf/nrf5340pdk_nrf5340_cpuapp")
- set(TFM_PUBLIC_KEY_FORMAT "full")
-endif()
-
-if(CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPPNS)
- set(TFM_TARGET_PLATFORM "nordic_nrf/nrf5340dk_nrf5340_cpuapp")
+if(CONFIG_BOARD_NRF5340PDK_NRF5340_CPUAPPNS OR CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPPNS)
set(TFM_PUBLIC_KEY_FORMAT "full")
endif()
diff --git a/boards/arm/nrf9160dk_nrf9160/board.cmake b/boards/arm/nrf9160dk_nrf9160/board.cmake
index d81ee9f..8f25221 100644
--- a/boards/arm/nrf9160dk_nrf9160/board.cmake
+++ b/boards/arm/nrf9160dk_nrf9160/board.cmake
@@ -1,9 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
-# Set the corresponding TF-M target platform when building for the Non-Secure
-# version of the board (Application MCU).
if(CONFIG_BOARD_NRF9160DK_NRF9160NS)
- set(TFM_TARGET_PLATFORM "nordic_nrf/nrf9160dk_nrf9160")
set(TFM_PUBLIC_KEY_FORMAT "full")
endif()
diff --git a/boards/arm/nucleo_l552ze_q/board.cmake b/boards/arm/nucleo_l552ze_q/board.cmake
index d345c78..c963eb2 100644
--- a/boards/arm/nucleo_l552ze_q/board.cmake
+++ b/boards/arm/nucleo_l552ze_q/board.cmake
@@ -5,5 +5,3 @@
include(${ZEPHYR_BASE}/boards/common/pyocd.board.cmake)
include(${ZEPHYR_BASE}/boards/common/openocd.board.cmake)
-
-set(TFM_TARGET_PLATFORM "stm/nucleo_l552ze_q")
diff --git a/boards/arm/v2m_musca_b1/board.cmake b/boards/arm/v2m_musca_b1/board.cmake
index 0d32420..3d20724 100644
--- a/boards/arm/v2m_musca_b1/board.cmake
+++ b/boards/arm/v2m_musca_b1/board.cmake
@@ -1,7 +1,5 @@
#SPDX-License-Identifier: Apache-2.0
-set(TFM_TARGET_PLATFORM "musca_b1")
-
board_set_debugger_ifnset(pyocd)
board_set_flasher_ifnset(pyocd)
diff --git a/modules/Kconfig.tfm b/modules/Kconfig.tfm
index 37967cc..d5e8601 100644
--- a/modules/Kconfig.tfm
+++ b/modules/Kconfig.tfm
@@ -3,6 +3,20 @@
# Copyright (c) 2019, 2020 Linaro Limited
# SPDX-License-Identifier: Apache-2.0
+
+config TFM_BOARD
+ string
+ default "nordic_nrf/nrf9160dk_nrf9160" if BOARD_NRF9160DK_NRF9160NS
+ default "nordic_nrf/nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPPNS
+ default "nordic_nrf/nrf5340pdk_nrf5340_cpuapp" if BOARD_NRF5340PDK_NRF5340_CPUAPPNS
+ default "nxp/lpcxpresso55s69" if BOARD_LPCXPRESSO55S69_CPU0
+ default "mps2/an521" if BOARD_MPS2_AN521
+ default "stm/nucleo_l552ze_q" if BOARD_NUCLEO_L552ZE_Q
+ default "musca_b1" if BOARD_MUSCA_B1
+ help
+ The board name used for building TFM. Building with TFM requires that
+ TFM has been ported to the given board/SoC.
+
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
select CMSIS_RTOS_V2
@@ -12,6 +26,7 @@
imply INIT_STACKS
imply THREAD_MONITOR
depends on TRUSTED_EXECUTION_NONSECURE
+ depends on TFM_BOARD != ""
help
When enabled, this option instructs the Zephyr build process to
additionaly generate a TF-M image for the Secure Execution
@@ -66,6 +81,12 @@
endchoice
+config TFM_IPC
+ bool "IPC"
+
+config TFM_REGRESSION
+ bool "Regression tests"
+
if !TFM_BL2_FALSE
config ROM_START_OFFSET
diff --git a/samples/tfm_integration/psa_level_1/CMakeLists.txt b/samples/tfm_integration/psa_level_1/CMakeLists.txt
index 5c49ef7..66a9f16 100644
--- a/samples/tfm_integration/psa_level_1/CMakeLists.txt
+++ b/samples/tfm_integration/psa_level_1/CMakeLists.txt
@@ -7,25 +7,8 @@
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
-if (CONFIG_TFM_BL2_TRUE)
- set(TFM_BL2_ARGUMENT BL2 True)
-elseif (CONFIG_TFM_BL2_FALSE)
- set(TFM_BL2_ARGUMENT BL2 False)
-endif()
-
-# Add "tfm" as an external project via the TF-M module's cmake file
-trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
- BOARD ${TFM_TARGET_PLATFORM}
- IPC
- REGRESSION
- ${TFM_BL2_ARGUMENT}
-)
-
project(tfm_psa_level_1)
-# Set "tfm" as a dependency so that it's built before the app
-add_dependencies(app tfm)
-
# Source files in this sample
target_sources(app PRIVATE src/main.c)
target_sources(app PRIVATE src/psa_attestation.c)
@@ -35,9 +18,3 @@
target_sources(app PRIVATE src/util_app_cfg.c)
target_sources(app PRIVATE src/util_app_log.c)
target_sources(app PRIVATE src/util_sformat.c)
-
-# Include TF-M secure service source files
-target_link_libraries(app PRIVATE tfm_api)
-
-# Link in veneer function locations
-target_link_libraries(${ZEPHYR_CURRENT_LIBRARY} PRIVATE ${VENEERS_FILE})
diff --git a/samples/tfm_integration/tfm_ipc/CMakeLists.txt b/samples/tfm_integration/tfm_ipc/CMakeLists.txt
index 614bcd4..bd19abf 100644
--- a/samples/tfm_integration/tfm_ipc/CMakeLists.txt
+++ b/samples/tfm_integration/tfm_ipc/CMakeLists.txt
@@ -7,39 +7,6 @@
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
-if (CONFIG_TFM_BL2_TRUE)
- set(TFM_BL2_ARGUMENT BL2 True)
-elseif (CONFIG_TFM_BL2_FALSE)
- set(TFM_BL2_ARGUMENT BL2 False)
-endif()
-
-# Add "tfm" as an external project via the TF-M module's cmake file
-if("${TFM_TARGET_PLATFORM}" STREQUAL "stm/nucleo_l552ze_q")
- trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
- BOARD ${TFM_TARGET_PLATFORM}
- IPC
- ISOLATION_LEVEL 2
- REGRESSION
- ${TFM_BL2_ARGUMENT}
- )
-else()
- trusted_firmware_build(BINARY_DIR ${CMAKE_BINARY_DIR}/tfm
- BOARD ${TFM_TARGET_PLATFORM}
- IPC
- REGRESSION
- ${TFM_BL2_ARGUMENT}
- )
-endif()
-
project(tfm_ipc)
-# Set "tfm" as a dependency
-add_dependencies(app tfm)
-
target_sources(app PRIVATE src/main.c)
-
-# Include TF-M secure service source files
-target_link_libraries(app PRIVATE tfm_api)
-
-# Link in veneer function locations
-target_link_libraries(${ZEPHYR_CURRENT_LIBRARY} PRIVATE ${VENEERS_FILE})
diff --git a/samples/tfm_integration/tfm_ipc/prj.conf b/samples/tfm_integration/tfm_ipc/prj.conf
index 678e802..a4eeb41 100644
--- a/samples/tfm_integration/tfm_ipc/prj.conf
+++ b/samples/tfm_integration/tfm_ipc/prj.conf
@@ -1,4 +1,6 @@
CONFIG_BUILD_WITH_TFM=y
+CONFIG_TFM_IPC=y
+CONFIG_TFM_REGRESSION=y
# The Zephyr CMSIS emulation assumes that ticks are ms, currently
CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000
diff --git a/west.yml b/west.yml
index 2dbc9a3..2bd4f5c 100644
--- a/west.yml
+++ b/west.yml
@@ -139,7 +139,7 @@
revision: c39888ff74acf421eeff9a7514fa9b172c3373f7
- name: trusted-firmware-m
path: modules/tee/tfm
- revision: 83c964e51d62fa605e48a1a1461f7304548f4471
+ revision: 6edaaaaaa1a227cb1ccc9ef698a9d2e258a9bbd5
self:
path: zephyr
