Lines Matching +full:secure +full:- +full:enable
1 # Configuration for the TF-M Module
5 # Copyright 2024 Arm Limited and/or its affiliates <open-source-office@arm.com>
6 # SPDX-License-Identifier: Apache-2.0
25 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9160" if SOC_NRF9160
26 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9120" if SOC_NRF9120
27 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf5340_cpuapp" if SOC_NRF5340_CPUAPP
33 bool "Build with TF-M as the Secure Execution Environment"
44 additionally generate a TF-M image for the Secure Execution
46 itself is to be executed in the Non-Secure Processing Environment.
48 ensures that the Zephyr image is built as a Non-Secure image. Both
49 TF-M and Zephyr images, as well as the veneer object file that links
57 while performing a secure function call.
73 prompt "TF-M build profile"
76 The TF-M build profile selection. Can be empty (not set),
77 small, medium or large. Certain profile types enable other
78 TF-M configuration options, namely, the IPC model and the
82 bool "TF-M build profile: not set (base)"
85 bool "TF-M build profile: small"
88 bool "TF-M build profile: medium"
91 bool "TF-M build profile: ARoT-less"
94 bool "TF-M build profile: large"
127 1,2 or 3; the default is set by build configuration. When TF-M
164 Do not include the default zephyr implementation of calling the TF-M
176 by the TF-M tests, and the dummy bl2 ROTPKs match the dummy bl2 keys
184 Hidden option to mark that the TF-M platform has an initial
191 Hidden option to mark the BL2, the MCUBoot included in TF-M, as not supported.
195 string "Version of the Secure Image"
199 Version of the secure image. This version is also used for merged
200 secure + non-secure builds (TFM_MCUBOOT_IMAGE_NUMBER == 1).
203 string "Version of the Non-Secure Image"
207 Version of the non-secure image.
215 This config adds MCUboot to the build - built via TFM's build system.
218 bool "Use the TF-M Non-Secure application"
220 The TF-M build system can produce multiple executable files.
221 The main one is the TF-M secure firmware. Optionally the TF-M
222 non-secure application can be built.
223 Usually the TF-M non-secure application is not used since the
224 zephyr application is the non-secure application.
225 With this option enabled this is reversed and the TF-M non-secure
226 application is used instead of the Zephyr non-secure application.
229 easiest way to integrate and run the TF-M regression tests in the
233 bool "TF-M use connection based service APIs"
235 The TF-M build system produces an interface source file for accessing
237 Select this option when TF-M service models requires this source file.
239 Note: This is an auto-generated configuration in the TF-M build
240 system. When this option is not enabled in the TF-M build system this
251 to be embedded in the image trailer. As per "Hardware-based downgrade prevention" in
256 string "The signature type used to sign the secure and non-secure firmware images."
257 default "EC-P256"
259 Available types: RSA-2048, RSA-3072, EC-P256, EC-P384.
262 string "Path to private key used to sign secure firmware images."
263 …default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-${CONFIG_TFM_MCUBOOT_SIGNATU…
266 that should be used by the BL2 bootloader when signing secure
267 firmware images. This key file is also used for merged secure +
268 non-secure builds (TFM_MCUBOOT_IMAGE_NUMBER == 1).
271 string "Path to private key used to sign non-secure firmware images."
272 …default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-${CONFIG_TFM_MCUBOOT_SIGNATU…
275 that should be used by the BL2 bootloader when signing non-secure
292 Path to MCUboot for TF-M builds. The default option
295 case MCUboot will be fetched by the TF-M build during
297 with TF-M do not fetch external trees.
300 bool "TF-M to use Zephyr's MCUboot"
302 TF-M builds with BL2 will use the Zephyr's MCUboot version,
306 bool "TF-M to automatically download MCUboot during build"
308 TF-M builds with BL2 will let the TF-M build to automatically
309 fetch and check-out the MCUboot version to use in the build.
318 Path to QCBOR for TF-M builds. Due to a license issue with this
322 TF-M build system to automatically download this.
325 bool "Share app-specific data between TF-M and MCUBoot"
333 prompt "TF-M Firmware Framework model"
337 The Firmware Framework M (FF-M) provides different programming models
338 for Secure Partitions.
347 In this model each Secure Partition processes signals in any order,
351 The IPC model conforms to the PSA Firmware Framework for M (FF-M)
360 In this model each Secure Partition is made up of a collection of
361 callback functions which implement secure services.
363 The SFN model conforms to the PSA Firmware Framework for M (FF-M)
369 bool "TF-M Secure Regression tests"
371 When enabled, this option signifies that the TF-M build includes
372 the Secure domain regression tests.
373 The regression tests will be included in the TF-M secure firmware.
376 bool "TF-M Non-Secure Regression tests"
378 When enabled, this option signifies that the TF-M build includes
379 the Non-Secure domain regression tests.
380 The regression tests will be included in the TF-M non-secure
384 prompt "Enable a PSA test suite"
391 Enable the PSA Crypto test suite.
396 Enable the PSA Protected Storage test suite.
401 Enable the PSA Internal Trusted Storage test suite.
406 Enable the PSA Storage test suite. This is a combination of the
414 Enable the PSA Initial Attestation test suite.
427 By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
428 needs to be updated if TF-M switches to use a different header
449 # TF-M (Secure), and application (Non-Secure).
454 binary consisting of the TF-M Secure firmware image, optionally, the
455 BL2 image (if building with TFM_BL2 is enabled), and the Non-Secure
459 bool "TF-M Disable secure logging"
461 Set the log level to silence for all TF-M modules (SPM, partition, etc.).
463 the secure domain and reduce the uart driver's flash usage.
466 prompt "TF-M SPM Log Level" if !TFM_LOG_LEVEL_SILENCE
479 bool "TF-M exception info dump"
482 On fatal errors in the secure firmware, capture info about the exception.