BUILD_WITH_TFM needs to depend on
ARM_TRUSTZONE_M, which is selected
by the SoC or Board definition. In
addition to that we add an imply
statement for INIT_ARCH_HW_AT_BOOT
because Zephyr will be chain-loaded
by TF-M, and needs to cleanup its
core ARCH registers that might be
left in non-reset state.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When we select BUILD_WITH_TFM we do not
really need to enable by default the
options THREAD_NAME, THREAD_STACK_INFO,
INIT_STACKS and THREAD_MONITOR, so we can
clean them up. We also remove CMSIS_RTOS_V2
for the same reason.
We also cleanup the default value for
NUM_PREEMPT_PRIORITIES, which does not
seem to be needed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add TFM_PROFILE and TFM_ISOLATION_LEVEL options. Options are used to set
up custom board configurations, i.e. LPC55S69 uses medium_profile to fit
TFM images in a small flash area.
Signed-off-by: Andrei Gansari <andrei.gansari@nxp.com>
Add help text in some newly introduced and un-documented
TF-M Kconfig options: REGRESSION and IPC.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.
Update west.yml to bring in Cmake changes that use the new KConfigs.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Make it easier to add TF-M in an app by selecting and implying the
necessary configs so the app doesn't have to specify the configs itself.
Remove unneeded configs from the prj.conf files in the tfm samples.
Also, fix case in key file name.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Update the default paths to private keys used
for signing the Secure and the Non-Secure firmware,
when building Zephyr together with TF-M. The update
is done to match the default configuration in
the upstream TF-M project.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When we build Zephyr for a Non-Secure image, using TFM
as the Secure counterpart, we may or may not use BL2 (e.g.
MCUboot in TFM). If we build with BL2 we need to account
for a ROM offset before the start of the non-secure image
where TFM BL2 expects the BL2 header. This offset is not
needed when TFM is built without BL2. We use the existing
Kconfig options to determine whether we need a ROM offset
or not. We use the value of 0x400 for the BL2 header,
which is the default value used in TFM, but the option is
non-hidden, allowing the user to overwrite the default
value if needed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commits adds a config option to build a PSA trusted-firmware-m
(TF-M) application image for the secure processing environment, and
configures the Zephyr application image for the non-secure processing
environment. The secure and non-secure environment images will be
linked together via the veneer function table that is produced as an
artifact of the TF-M build process.
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
