#------------------------------------------------------------------------------- # Copyright (c) 2022-2023, Arm Limited. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # #------------------------------------------------------------------------------- menu "SPM" config TFM_ISOLATION_LEVEL int "Isolation level" default 1 range 1 3 if PLATFORM_HAS_ISOLATION_L3_SUPPORT range 1 2 help SFN backend only supports level 1. IPC backend can support all 3 levels. Isolation level 3 requires platform support. choice prompt "SPM Backend" config CONFIG_TFM_SPM_BACKEND_SFN bool "SFN Backend" # Multi-core platform based on inter-core communication cannot fully work with SFN # backend yet. # TO-DO: Check whether it depends on TFM_PARTITION_NS_AGENT_MAILBOX or TFM_MULTI_CORE_TOPOLOGY depends on !TFM_PARTITION_NS_AGENT_MAILBOX && TFM_ISOLATION_LEVEL = 1 config CONFIG_TFM_SPM_BACKEND_IPC bool "IPC Backend" select CONFIG_TFM_PARTITION_META endchoice config CONFIG_TFM_SPM_BACKEND string default "IPC" if CONFIG_TFM_SPM_BACKEND_IPC default "SFN" if CONFIG_TFM_SPM_BACKEND_SFN default "" choice prompt "FIH Profile" default TFM_FIH_PROFILE_OFF help Fault injection hardening profile config TFM_FIH_PROFILE_OFF bool "OFF" config TFM_FIH_PROFILE_LOW bool "Low" config TFM_FIH_PROFILE_MEDIUM bool "Medium" config TFM_FIH_PROFILE_HIGH bool "High" endchoice config TFM_FIH_PROFILE string default "OFF" if TFM_FIH_PROFILE_OFF default "LOW" if TFM_FIH_PROFILE_LOW default "MEDIUM" if TFM_FIH_PROFILE_MEDIUM default "HIGH" if TFM_FIH_PROFILE_HIGH config PSA_FRAMEWORK_HAS_MM_IOVEC bool "MM-IOVEC" default n depends on TFM_ISOLATION_LEVEL = 1 help Memory-mapped IOVECs feature, supported only for isolation level 1 ################################# Misc ######################################### config TFM_EXCEPTION_INFO_DUMP bool "Exception information dump" default n help On fatal errors in the secure firmware, capture info about the exception. Print the info if the "SPM Log Level" is sufficient. config CONFIG_TFM_HALT_ON_CORE_PANIC bool "Halt instead of rebooting" default n help On fatal errors in the secure firmware, halt instead of rebooting. This would be helpful for debugging. config TFM_PXN_ENABLE bool "PXN" depends on ARCH_ARM_V81MM default n help Privileged eXecute-Never. Enables the PXN feature in common MPU driver and isolation setup. config CONFIG_TFM_STACK_WATERMARKS bool "Stack Watermarks" depends on TFM_ISOLATION_LEVEL != 3 help Whether to pre-fill partition stacks with a set value to help determine stack usage. Not supported for isolation level 3 yet. config NUM_MAILBOX_QUEUE_SLOT int "Number of mailbox queue slots" depends on TFM_PARTITION_NS_AGENT_MAILBOX default 1 ################################# SPM log level ################################ choice SPM_LOG_LEVEL prompt "SPM Log Level" default SPM_LOG_LEVEL_SILENCE config SPM_LOG_LEVEL_DEBUG bool "Debug" config SPM_LOG_LEVEL_INFO bool "Info" config SPM_LOG_LEVEL_ERROR bool "Error" config SPM_LOG_LEVEL_SILENCE bool "Silence" endchoice config TFM_SPM_LOG_LEVEL int default 3 if SPM_LOG_LEVEL_DEBUG default 2 if SPM_LOG_LEVEL_INFO default 1 if SPM_LOG_LEVEL_ERROR default 0 if SPM_LOG_LEVEL_SILENCE endmenu config TFM_SPM_LOG_RAW_ENABLED bool default y if TFM_SPM_LOG_LEVEL != 0 || TFM_SP_LOG_RAW_ENABLED default n ######################## Promptless (non-user) config options ################## ########### Do NOT change the following config options anywhere! ############### config CONFIG_TFM_PARTITION_META def_bool n config TFM_PARTITION_NS_AGENT_MAILBOX bool default y if TFM_MULTI_CORE_TOPOLOGY default n config TFM_PARTITION_NS_AGENT_TZ bool default y if CONFIG_TFM_USE_TRUSTZONE default n