Lines Matching +full:split +full:- +full:security
1 # Configuration for the TF-M Module
5 # Copyright 2024 Arm Limited and/or its affiliates <open-source-office@arm.com>
6 # SPDX-License-Identifier: Apache-2.0
25 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9160" if SOC_NRF9160
26 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf9120" if SOC_NRF9120
27 default "${ZEPHYR_BASE}/modules/trusted-firmware-m/nordic/nrf5340_cpuapp" if SOC_NRF5340_CPUAPP
33 bool "Build with TF-M as the Secure Execution Environment"
44 additionally generate a TF-M image for the Secure Execution
46 itself is to be executed in the Non-Secure Processing Environment.
48 ensures that the Zephyr image is built as a Non-Secure image. Both
49 TF-M and Zephyr images, as well as the veneer object file that links
73 prompt "TF-M build profile"
76 The TF-M build profile selection. Can be empty (not set),
78 TF-M configuration options, namely, the IPC model and the
82 bool "TF-M build profile: not set (base)"
85 bool "TF-M build profile: small"
88 bool "TF-M build profile: medium"
91 bool "TF-M build profile: ARoT-less"
94 bool "TF-M build profile: large"
127 1,2 or 3; the default is set by build configuration. When TF-M
164 Do not include the default zephyr implementation of calling the TF-M
176 by the TF-M tests, and the dummy bl2 ROTPKs match the dummy bl2 keys
184 Hidden option to mark that the TF-M platform has an initial
191 Hidden option to mark the BL2, the MCUBoot included in TF-M, as not supported.
200 secure + non-secure builds (TFM_MCUBOOT_IMAGE_NUMBER == 1).
203 string "Version of the Non-Secure Image"
207 Version of the non-secure image.
215 This config adds MCUboot to the build - built via TFM's build system.
218 bool "Use the TF-M Non-Secure application"
220 The TF-M build system can produce multiple executable files.
221 The main one is the TF-M secure firmware. Optionally the TF-M
222 non-secure application can be built.
223 Usually the TF-M non-secure application is not used since the
224 zephyr application is the non-secure application.
225 With this option enabled this is reversed and the TF-M non-secure
226 application is used instead of the Zephyr non-secure application.
229 easiest way to integrate and run the TF-M regression tests in the
233 bool "TF-M use connection based service APIs"
235 The TF-M build system produces an interface source file for accessing
237 Select this option when TF-M service models requires this source file.
239 Note: This is an auto-generated configuration in the TF-M build
240 system. When this option is not enabled in the TF-M build system this
246 int "Security counter value used for hardware rollback protection"
250 By default, TFM enables hardware rollback protection, which requires a security counter
251 to be embedded in the image trailer. As per "Hardware-based downgrade prevention" in
256 string "The signature type used to sign the secure and non-secure firmware images."
257 default "EC-P256"
259 Available types: RSA-2048, RSA-3072, EC-P256, EC-P384.
263 …default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-${CONFIG_TFM_MCUBOOT_SIGNATU…
268 non-secure builds (TFM_MCUBOOT_IMAGE_NUMBER == 1).
271 string "Path to private key used to sign non-secure firmware images."
272 …default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-${CONFIG_TFM_MCUBOOT_SIGNATU…
275 that should be used by the BL2 bootloader when signing non-secure
285 updated in one atomic operation. When this is 2, they are split and
292 Path to MCUboot for TF-M builds. The default option
295 case MCUboot will be fetched by the TF-M build during
297 with TF-M do not fetch external trees.
300 bool "TF-M to use Zephyr's MCUboot"
302 TF-M builds with BL2 will use the Zephyr's MCUboot version,
306 bool "TF-M to automatically download MCUboot during build"
308 TF-M builds with BL2 will let the TF-M build to automatically
309 fetch and check-out the MCUboot version to use in the build.
318 Path to QCBOR for TF-M builds. Due to a license issue with this
322 TF-M build system to automatically download this.
325 bool "Share app-specific data between TF-M and MCUBoot"
333 prompt "TF-M Firmware Framework model"
337 The Firmware Framework M (FF-M) provides different programming models
351 The IPC model conforms to the PSA Firmware Framework for M (FF-M)
363 The SFN model conforms to the PSA Firmware Framework for M (FF-M)
369 bool "TF-M Secure Regression tests"
371 When enabled, this option signifies that the TF-M build includes
373 The regression tests will be included in the TF-M secure firmware.
376 bool "TF-M Non-Secure Regression tests"
378 When enabled, this option signifies that the TF-M build includes
379 the Non-Secure domain regression tests.
380 The regression tests will be included in the TF-M non-secure
427 By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
428 needs to be updated if TF-M switches to use a different header
449 # TF-M (Secure), and application (Non-Secure).
454 binary consisting of the TF-M Secure firmware image, optionally, the
455 BL2 image (if building with TFM_BL2 is enabled), and the Non-Secure
459 bool "TF-M Disable secure logging"
461 Set the log level to silence for all TF-M modules (SPM, partition, etc.).
466 prompt "TF-M SPM Log Level" if !TFM_LOG_LEVEL_SILENCE
479 bool "TF-M exception info dump"