zephyrproject-rtos/zephyr
0
0
Fork 0
mirror of https://github.com/zephyrproject-rtos/zephyr synced 2025-08-04 14:25:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
a28da5118d
zephyr/modules/Kconfig.tfm
Øyvind Rønningstad a28da5118d tfm: Configure TFM via Kconfig instead of Cmake 
Add Kconfig options that will be used by the module
to call the function with the desired parameters.
Refactor the tfm_integration samples and
the supported boards.

Update west.yml to bring in Cmake changes that use the new KConfigs.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-11-17 14:39:52 +02:00

103 lines
3.2 KiB
Plaintext
Raw Blame History

# TF-M/PSA Related
# Copyright (c) 2019, 2020 Linaro Limited
# SPDX-License-Identifier: Apache-2.0
config TFM_BOARD
string
default "nordic_nrf/nrf9160dk_nrf9160" if BOARD_NRF9160DK_NRF9160NS
default "nordic_nrf/nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPPNS
default "nordic_nrf/nrf5340pdk_nrf5340_cpuapp" if BOARD_NRF5340PDK_NRF5340_CPUAPPNS
default "nxp/lpcxpresso55s69" if BOARD_LPCXPRESSO55S69_CPU0
default "mps2/an521" if BOARD_MPS2_AN521
default "stm/nucleo_l552ze_q" if BOARD_NUCLEO_L552ZE_Q
default "musca_b1" if BOARD_MUSCA_B1
help
The board name used for building TFM. Building with TFM requires that
TFM has been ported to the given board/SoC.
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
select CMSIS_RTOS_V2
imply POLL
imply THREAD_NAME
imply THREAD_STACK_INFO
imply INIT_STACKS
imply THREAD_MONITOR
depends on TRUSTED_EXECUTION_NONSECURE
depends on TFM_BOARD != ""
help
When enabled, this option instructs the Zephyr build process to
additionaly generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Note:
Building with the "_nonsecure" BOARD variant (e.g.
"mps2_an521_nonsecure") ensures that
CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.
if BUILD_WITH_TFM
config NUM_PREEMPT_PRIORITIES
int
default 56
config TFM_KEY_FILE_S
string "Path to private key used to sign secure firmware images."
depends on BUILD_WITH_TFM
default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072.pem"
help
The path and filename for the .pem file containing the private key
that should be used by the BL2 bootloader when signing secure
firmware images.
config TFM_KEY_FILE_NS
string "Path to private key used to sign non-secure firmware images."
depends on BUILD_WITH_TFM
default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072_1.pem"
help
The path and filename for the .pem file containing the private key
that should be used by the BL2 bootloader when signing non-secure
firmware images.
choice TFM_BL2
prompt "BL2 configuration, should TFM build with MCUboot support"
default TFM_BL2_CONFIG_FILE_DEFAULT
config TFM_BL2_CONFIG_FILE_DEFAULT
bool "Use TFM BL2 setting from TFM configuration file"
config TFM_BL2_TRUE
bool "TFM BL2 enabled"
config TFM_BL2_FALSE
bool "TFM BL2 disabled"
endchoice
config TFM_IPC
bool "IPC"
config TFM_REGRESSION
bool "Regression tests"
if !TFM_BL2_FALSE
config ROM_START_OFFSET
hex "ROM Start Offset accounting for BL2 Header in the NS image"
default 0x400
help
By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
needs to be updated if TF-M switches to use a different header
size for BL2.
endif # !TFM_BL2_FALSE
endif # BUILD_WITH_TFM
Reference in New Issue View Git Blame Copy Permalink