1# Configuration for the TF-M Module
2
3# Copyright (c) 2019, 2020 Linaro Limited
4# Copyright (c) 2020, 2021 Nordic Semiconductor ASA
5# SPDX-License-Identifier: Apache-2.0
6
7config ZEPHYR_TRUSTED_FIRMWARE_M_MODULE
8	bool
9
10config TFM_BOARD
11	string
12	default "nordic_nrf/nrf9160dk_nrf9160" if BOARD_NRF9160DK_NRF9160_NS
13	default "nordic_nrf/nrf9161dk_nrf9161" if BOARD_NRF9161DK_NRF9161_NS
14	default "nordic_nrf/nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
15	default "nxp/lpcxpresso55s69" if BOARD_LPCXPRESSO55S69_CPU0
16	default "arm/mps2/an521" if BOARD_MPS2_AN521_CPU0_NS
17	default "arm/mps3/an547" if BOARD_MPS3_AN547
18	default "stm/b_u585i_iot02a" if BOARD_B_U585I_IOT02A
19	default "stm/nucleo_l552ze_q" if BOARD_NUCLEO_L552ZE_Q
20	default "stm/stm32l562e_dk" if BOARD_STM32L562E_DK
21	default "arm/musca_b1" if BOARD_MUSCA_B1
22	default "arm/musca_s1" if BOARD_MUSCA_S1
23	default "lairdconnectivity/bl5340_dvk_cpuapp" if BOARD_BL5340_DVK_CPUAPP_NS
24	help
25	  The board name used for building TFM. Building with TFM requires that
26	  TFM has been ported to the given board/SoC.
27
28menuconfig BUILD_WITH_TFM
29	bool "Build with TF-M as the Secure Execution Environment"
30	depends on TRUSTED_EXECUTION_NONSECURE
31	depends on TFM_BOARD != ""
32	depends on ARM_TRUSTZONE_M
33	select BUILD_OUTPUT_HEX
34	imply INIT_ARCH_HW_AT_BOOT
35	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
36	help
37	  When enabled, this option instructs the Zephyr build process to
38	  additionally generate a TF-M image for the Secure Execution
39	  environment, along with the Zephyr image. The Zephyr image
40	  itself is to be executed in the Non-Secure Processing Environment.
41	  The required dependency on TRUSTED_EXECUTION_NONSECURE
42	  ensures that the Zephyr image is built as a Non-Secure image. Both
43	  TF-M and Zephyr images, as well as the veneer object file that links
44	  them, are generated during the normal Zephyr build process.
45
46	  Notes:
47	    Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
48		ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
49
50	    By default we allow Zephyr preemptible threads be preempted
51	    while performing a secure function call.
52
53if BUILD_WITH_TFM
54
55config TFM_KEY_FILE_S
56	string "Path to private key used to sign secure firmware images."
57	depends on BUILD_WITH_TFM
58	default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072.pem"
59	help
60	  The path and filename for the .pem file containing the private key
61	  that should be used by the BL2 bootloader when signing secure
62	  firmware images.
63
64config TFM_KEY_FILE_NS
65	string "Path to private key used to sign non-secure firmware images."
66	depends on BUILD_WITH_TFM
67	default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
68	help
69	  The path and filename for the .pem file containing the private key
70	  that should be used by the BL2 bootloader when signing non-secure
71	  firmware images.
72
73config TFM_PROFILE
74	string
75	depends on BUILD_WITH_TFM
76	default "profile_small" if TFM_PROFILE_TYPE_SMALL
77	default "profile_medium" if TFM_PROFILE_TYPE_MEDIUM
78	default "profile_large" if TFM_PROFILE_TYPE_LARGE
79	help
80	  Build profile used to build tfm_s image. The available values are
81	  profile_large, profile_medium and profile_small. The default profile
82	  does not need to have this configuration set.
83
84choice TFM_PROFILE_TYPE
85	prompt "TF-M build profile"
86	depends on BUILD_WITH_TFM
87	default TFM_PROFILE_TYPE_NOT_SET
88	help
89	  The TF-M build profile selection. Can be empty (not set),
90	  small, medium or large. Certain profile types enable other
91	  TF-M configuration options, namely, the IPC model and the
92	  isolation level.
93
94config TFM_PROFILE_TYPE_NOT_SET
95	bool "TF-M build profile is not set"
96
97config TFM_PROFILE_TYPE_SMALL
98	bool "TF-M build profile: small"
99
100config TFM_PROFILE_TYPE_MEDIUM
101	bool "TF-M build profile: medium"
102
103config TFM_PROFILE_TYPE_LARGE
104	bool "TF-M build profile: large"
105
106endchoice
107
108choice TFM_CMAKE_BUILD_TYPE
109	prompt "The build type for TFM"
110	default TFM_CMAKE_BUILD_TYPE_RELEASE if SPEED_OPTIMIZATIONS && BUILD_OUTPUT_STRIPPED
111	default TFM_CMAKE_BUILD_TYPE_MINSIZEREL if SIZE_OPTIMIZATIONS
112	default TFM_CMAKE_BUILD_TYPE_DEBUG if DEBUG_OPTIMIZATIONS
113	default TFM_CMAKE_BUILD_TYPE_RELWITHDEBINFO
114
115config TFM_CMAKE_BUILD_TYPE_RELEASE
116	bool "Release build"
117
118config TFM_CMAKE_BUILD_TYPE_RELWITHDEBINFO
119	bool "Release build with Debug info"
120
121config TFM_CMAKE_BUILD_TYPE_MINSIZEREL
122	bool "Release build, optimized for size"
123
124config TFM_CMAKE_BUILD_TYPE_DEBUG
125	bool "Debug build"
126
127endchoice
128
129config TFM_ISOLATION_LEVEL
130	int "Isolation level setting." if (TFM_PROFILE_TYPE_NOT_SET && TFM_IPC)
131	range 1 3
132	depends on BUILD_WITH_TFM
133	default 1 if TFM_PROFILE_TYPE_SMALL || !TFM_IPC
134	default 2 if TFM_PROFILE_TYPE_MEDIUM
135	default 3 if TFM_PROFILE_TYPE_LARGE
136	help
137	  Manually set the required TFM isolation level. Possible values are
138	  1,2 or 3; the default is set by build configuration. When TF-M
139	  Profile option is supplied, do not allow manual setting of the
140	  isolation level, as it is determined by the profile setting.
141	  As isolation levels 2 and 3 require PSA_API (TFM_IPC) support,
142	  force level 1 when TFM_IPC is not enabled.
143
144config TFM_ITS_NUM_ASSETS_OVERRIDE
145	bool "Override maximum number of Internal Trusted Storage assets"
146	help
147	  Override the platform's default maximum number of assets to be stored in
148	  Internal Trusted Storage (ITS) with TFM_ITS_NUM_ASSETS.
149
150config TFM_ITS_NUM_ASSETS
151	int "Maximum number of Internal Trusted Storage assets"
152	depends on TFM_ITS_NUM_ASSETS_OVERRIDE
153	default 0
154	help
155	  Maximum number of assets to be stored in Internal Trusted Storage (ITS).
156
157config TFM_ITS_MAX_ASSET_SIZE_OVERRIDE
158	bool "Override maximum Internal Trusted Storage asset size"
159	help
160	  Override the platform's default maximum size of a single asset to be
161	  stored in Internal Trusted Storage (ITS) with TFM_ITS_MAX_ASSET_SIZE.
162
163config TFM_ITS_MAX_ASSET_SIZE
164	int "Maximum Internal Trusted Storage asset size"
165	depends on TFM_ITS_MAX_ASSET_SIZE_OVERRIDE
166	default 0
167	help
168	  Maximum size (in bytes) of a single asset to be stored in Internal Trusted
169	  Storage (ITS).
170
171config TFM_PARTITION_PLATFORM_CUSTOM_REBOOT
172	bool "Use custom reboot handler"
173	depends on TFM_PARTITION_PLATFORM
174	help
175	  Do not include the default zephyr implementation of calling the TF-M
176	  platform reset service.
177	  Instead the application will have to override the weak ARM
178	  implementation of sys_arch_reset().
179
180config TFM_BL2_NOT_SUPPORTED
181	bool
182	help
183	  Hidden option to mark the BL2, the MCUBoot included in TF-M, as not supported.
184	  Platforms that don't use BL2 should select this option.
185
186config TFM_IMAGE_VERSION_S
187	string "Version of the Secure Image"
188	default "0.0.0+0"
189	help
190	  MCUBoot may be configured to prevent rollback prevention based on image
191	  versions of both the secure firmware and non-secure firmware. This sets
192	  the secure firmware's version for rollback prevention.
193
194config TFM_IMAGE_VERSION_NS
195	string "Version of the Non-Secure Image"
196	default "0.0.0+0"
197	help
198	  MCUBoot may be configured to prevent rollback prevention based on image
199	  versions of both the secure firmware and non-secure firmware. This sets
200	  the non-secure firmware's version for rollback prevention.
201
202config TFM_BL2
203	bool "Add MCUboot to TFM"
204	depends on !TFM_BL2_NOT_SUPPORTED
205	default y
206	help
207	  TFM is designed to run with MCUboot in a certain configuration.
208	  This config adds MCUboot to the build - built via TFM's build system.
209
210config TFM_BUILD_NS
211	bool "Build the TF-M Non-Secure application and libraries"
212	help
213	  Instruct the TF-M build system to build the TF-M Non-Secure
214	  application and libraries.
215
216	  This option is intended for testing purposes only, since this is the
217	  easiest way to build the TF-M regression tests application and test
218	  support libraries in the zephyr build system.
219
220config TFM_USE_NS_APP
221	bool "Use the TF-M Non-Secure application"
222	depends on TFM_BUILD_NS
223	help
224	  The TF-M build system can produce multiple executable files.
225	  The main one is the TF-M secure firmware. Optionally the TF-M
226	  non-secure application can be built.
227	  Usually the TF-M non-secure application is not used since the
228	  zephyr application is the non-secure application.
229	  With this option enabled this is reversed and the TF-M non-secure
230	  application is used instead of the Zephyr non-secure application.
231
232	  This option is intended for testing purposes only, since this is the
233	  easiest way to integrate and run the TF-M regression tests in the
234	  zephyr build system.
235
236config TFM_CONNECTION_BASED_SERVICE_API
237	bool "TF-M use connection based service APIs"
238	help
239	  The TF-M build system produces an interface source file for accessing
240	  connection based services.
241	  Select this option when TF-M service models requires this source file.
242
243	  Note: This is an auto-generated configuration in the TF-M build
244	  system. When this option is not enabled in the TF-M build system this
245	  will result in compilation error.
246
247if TFM_BL2
248
249config TFM_MCUBOOT_IMAGE_NUMBER
250	int "Granularity of FW updates of TFM and app"
251	range 1 2
252	default 2
253	help
254	  How many images the bootloader sees when it looks at TFM and the app.
255	  When this is 1, the S and NS are considered as 1 image and must be
256	  updated in one atomic operation. When this is 2, they are split and
257	  can be updated independently if dependency requirements are met.
258
259choice TFM_MCUBOOT_PATH
260	prompt "Path to MCUboot or DOWNLOAD to fetch automatically"
261	default TFM_MCUBOOT_PATH_LOCAL
262	help
263	   Path to MCUboot for TF-M builds. The default option
264	   is to use Zephyr's MCUboot module. As an alternative,
265	   users may switch to the 'download' version; in that
266	   case MCUboot will be fetched by the TF-M build during
267	   build time. The default option ensures that Zephyr builds
268	   with TF-M do not fetch external trees.
269
270config TFM_MCUBOOT_PATH_LOCAL
271	bool "TF-M to use Zephyr's MCUboot"
272	help
273	  TF-M builds with BL2 will use the Zephyr's MCUboot version,
274	  which is present in the MCUboot module.
275
276config TFM_MCUBOOT_PATH_DOWNLOAD
277	bool "TF-M to automatically download MCUboot during build"
278	help
279	  TF-M builds with BL2 will let the TF-M build to automatically
280	  fetch and check-out the MCUboot version to use in the build.
281
282endchoice
283
284config TFM_QCBOR_PATH
285	string
286	prompt "Path to QCBOR or DOWNLOAD to fetch automatically"
287	default ""
288	help
289	  Path to QCBOR for TF-M builds. Due to a license issue with this
290	  library Zephyr does not ship with this library.
291	  If the application wishes to still use this library they can point
292	  to their own checkout of this library, or set to DOWNLOAD to allow
293	  TF-M build system to automatically download this.
294
295config TFM_MCUBOOT_DATA_SHARING
296	bool "Share app-specific data between TF-M and MCUBoot"
297	help
298	  Add sharing of application specific data using the same
299	  shared data area as for the measured boot.
300
301endif # TFM_BL2
302
303choice TFM_MODEL
304	prompt "TF-M Firmware Framework model"
305	default TFM_IPC
306	help
307	  The Firmware Framework M (FF-M) provides different programming models
308	  for Secure Partitions.
309
310config TFM_IPC
311	bool "IPC Model"
312	help
313	  Use the IPC Model as the SPM backend for the PSA API.
314	  The IPC model supports the IPC and SFN Partition models, and
315	  isolation levels 1, 2 and 3.
316
317	  In this model each Secure Partition processes signals in any order,
318	  and can defer responding to a message while continuing to process
319	  other signals.
320
321	  The IPC model conforms to the PSA Firmware Framework for M (FF-M)
322	  v1.1.
323
324config TFM_SFN
325	bool "SFN model"
326	help
327	  Use the SFN Model as the SPM backend for the PSA API.
328	  The SFN model supports the SFN Partition model, and isolation level 1.
329
330	  In this model each Secure Partition is made up of a collection of
331	  callback functions which implement secure services.
332
333	  The SFN model conforms to the PSA Firmware Framework for M (FF-M)
334	  v1.1.
335
336endchoice # TFM_MODEL
337
338config TFM_REGRESSION_S
339	bool "TF-M Secure Regression tests"
340	help
341	  When enabled, this option signifies that the TF-M build includes
342	  the Secure domain regression tests.
343	  The regression tests will be included in the TF-M secure firmware.
344
345config TFM_REGRESSION_NS
346	bool "TF-M Non-Secure Regression tests"
347	help
348	  When enabled, this option signifies that the TF-M build includes
349	  the Non-Secure domain regression tests.
350	  The regression tests will be included in the TF-M non-secure
351	  application.
352
353choice TFM_PSA_TEST
354	prompt "Enable a PSA test suite"
355	default TFM_PSA_TEST_NONE
356
357config TFM_PSA_TEST_CRYPTO
358	bool "Crypto tests"
359	depends on MAIN_STACK_SIZE >= 4096
360	help
361	  Enable the PSA Crypto test suite.
362
363config TFM_PSA_TEST_PROTECTED_STORAGE
364	bool "Storage tests"
365	help
366	  Enable the PSA Protected Storage test suite.
367
368config TFM_PSA_TEST_INTERNAL_TRUSTED_STORAGE
369	bool "Internal Trusted Storage tests"
370	help
371	  Enable the PSA Internal Trusted Storage test suite.
372
373config TFM_PSA_TEST_STORAGE
374	bool "Storage tests"
375	help
376	  Enable the PSA Storage test suite. This is a combination of the
377	  protected storage and internal trusted storage tests.
378
379config TFM_PSA_TEST_INITIAL_ATTESTATION
380	bool "Initial attestation tests"
381	depends on MAIN_STACK_SIZE >= 4096
382	help
383	  Enable the PSA Initial Attestation test suite.
384
385config TFM_PSA_TEST_NONE
386	bool "No PSA test suite"
387
388endchoice
389
390if TFM_BL2
391
392config ROM_START_OFFSET
393	hex "ROM Start Offset accounting for BL2 Header in the NS image"
394	default 0x400
395	help
396	  By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
397	  needs to be updated if TF-M switches to use a different header
398	  size for BL2.
399
400endif # !TFM_BL2
401
402# Option to instruct flashing a merged binary consisting of BL2 (optionally),
403# TF-M (Secure), and application (Non-Secure).
404config TFM_FLASH_MERGED_BINARY
405	bool
406	help
407	  This option instructs west flash to program the combined (merged)
408	  binary consisting of the TF-M Secure firmware image, optionally, the
409	  BL2 image (if building with TFM_BL2 is enabled), and the Non-Secure
410	  application firmware.
411
412config TFM_LOG_LEVEL_SILENCE
413	bool "TF-M Disable secure logging"
414	help
415	  Set the log level to silence for all TF-M modules (SPM, partition, etc.).
416	  On some platforms this will release the UART from
417	  the secure domain and reduce the uart driver's flash usage.
418
419choice TFM_SPM_LOG_LEVEL
420	prompt "TF-M SPM Log Level" if !TFM_LOG_LEVEL_SILENCE
421	default TFM_SPM_LOG_LEVEL_INFO
422config TFM_SPM_LOG_LEVEL_DEBUG
423	bool "Debug"
424config TFM_SPM_LOG_LEVEL_INFO
425	bool "Info"
426config TFM_SPM_LOG_LEVEL_ERROR
427	bool "Error"
428config TFM_SPM_LOG_LEVEL_SILENCE
429	bool "Off"
430endchoice
431
432config TFM_EXCEPTION_INFO_DUMP
433	bool "TF-M exception info dump"
434	help
435	  On fatal errors in the secure firmware, capture info about the exception.
436	  Print the info if the SPM log level is sufficient.
437
438endif # BUILD_WITH_TFM
439