1#------------------------------------------------------------------------------- 2# Copyright (c) 2020-2022, Arm Limited. All rights reserved. 3# Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon company) 4# or an affiliate of Cypress Semiconductor Corporation. All rights reserved. 5# 6# SPDX-License-Identifier: BSD-3-Clause 7# 8#------------------------------------------------------------------------------- 9 10function(tfm_invalid_config) 11 if (${ARGV}) 12 string (REPLACE ";" " " ARGV_STRING "${ARGV}") 13 string (REPLACE "STREQUAL" "=" ARGV_STRING "${ARGV_STRING}") 14 string (REPLACE "GREATER" ">" ARGV_STRING "${ARGV_STRING}") 15 string (REPLACE "LESS" "<" ARGV_STRING "${ARGV_STRING}") 16 string (REPLACE "VERSION_LESS" "<" ARGV_STRING "${ARGV_STRING}") 17 string (REPLACE "EQUAL" "=" ARGV_STRING "${ARGV_STRING}") 18 string (REPLACE "IN_LIST" "in" ARGV_STRING "${ARGV_STRING}") 19 20 message(FATAL_ERROR "INVALID CONFIG: ${ARGV_STRING}") 21 endif() 22endfunction() 23 24set (VALID_ISOLATION_LEVELS 1 2 3) 25 26tfm_invalid_config(NOT TFM_ISOLATION_LEVEL IN_LIST VALID_ISOLATION_LEVELS) 27tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT PLATFORM_HAS_ISOLATION_L3_SUPPORT) 28tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND PSA_FRAMEWORK_HAS_MM_IOVEC) 29 30tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_NS_MANAGE_NSID) 31tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY) 32# Multi-core platform with mailbox partition cannot fully work with SFN backend yet. 33tfm_invalid_config(TFM_PARTITION_NS_AGENT_MAILBOX AND CONFIG_TFM_SPM_BACKEND_SFN) 34 35tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND CONFIG_TFM_STACK_WATERMARKS) 36 37tfm_invalid_config((TFM_S_REG_TEST OR TFM_NS_REG_TEST) AND TEST_PSA_API) 38 39tfm_invalid_config(SUITE STREQUAL "IPC" AND NOT TEST_PSA_API STREQUAL "IPC") 40 41tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT TFM_PARTITION_CRYPTO) 42tfm_invalid_config(TEST_PSA_API STREQUAL "INITIAL_ATTESTATION" AND NOT TFM_PARTITION_INITIAL_ATTESTATION) 43tfm_invalid_config(TEST_PSA_API STREQUAL "INTERNAL_TRUSTED_STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) 44tfm_invalid_config(TEST_PSA_API STREQUAL "PROTECTED_STORAGE" AND NOT TFM_PARTITION_PROTECTED_STORAGE) 45tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) 46tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_PROTECTED_STORAGE) 47 48########################## BL1 ################################################# 49 50tfm_invalid_config((BL1 AND PLATFORM_DEFAULT_BL1 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS) AND NOT TFM_PARTITION_MEASURED_BOOT) 51 52########################## BL2 ################################################# 53 54get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS) 55tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST)) 56 57# Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs 58tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 4) 59 60tfm_invalid_config((BL2 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND NOT CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS) AND NOT MCUBOOT_DATA_SHARING) 61tfm_invalid_config((NOT (TFM_PARTITION_FIRMWARE_UPDATE OR CONFIG_TFM_BOOT_STORE_MEASUREMENTS)) AND MCUBOOT_DATA_SHARING) 62 63get_property(MCUBOOT_ALIGN_VAL_LIST CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS) 64tfm_invalid_config(BL2 AND (NOT MCUBOOT_ALIGN_VAL IN_LIST MCUBOOT_ALIGN_VAL_LIST)) 65 66####################### Code sharing ########################################### 67 68set(TFM_CODE_SHARING_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1) # Without crypto hw acceleration 69tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT TFM_PLATFORM IN_LIST TFM_CODE_SHARING_PLATFORM_LISTS) 70tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND CRYPTO_HW_ACCELERATOR) 71tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT C_COMPILER_ID:IAR) 72 73########################## Platform ############################################ 74 75tfm_invalid_config(OTP_NV_COUNTERS_RAM_EMULATION AND NOT (PLATFORM_DEFAULT_OTP OR PLATFORM_DEFAULT_NV_COUNTERS)) 76tfm_invalid_config(PLATFORM_DEFAULT_NV_COUNTERS AND NOT PLATFORM_DEFAULT_OTP_WRITEABLE) 77tfm_invalid_config(TFM_DUMMY_PROVISIONING AND (PLATFORM_DEFAULT_OTP AND NOT PLATFORM_DEFAULT_OTP_WRITEABLE)) 78tfm_invalid_config(TFM_NS_NV_COUNTER_AMOUNT GREATER 3) 79 80####################### Firmware Update Parttion ############################### 81 82tfm_invalid_config(NOT PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT AND TFM_PARTITION_FIRMWARE_UPDATE) 83tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT TFM_PARTITION_PLATFORM) 84tfm_invalid_config((MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" OR MCUBOOT_UPGRADE_STRATEGY STREQUAL "RAM_LOAD") AND TFM_PARTITION_FIRMWARE_UPDATE) 85tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT MCUBOOT_DATA_SHARING) 86 87####################### Protected Storage Parttion ############################### 88 89tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE) 90# PS only uses the platform partition when PS_ROLLBACK_PROTECTION is ON, but 91# the dependency in the manifest file means the dependency is unconditional 92tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_PLATFORM) 93 94########################## FIH ################################################# 95 96get_property(TFM_FIH_PROFILE_LIST CACHE TFM_FIH_PROFILE PROPERTY STRINGS) 97tfm_invalid_config(NOT TFM_FIH_PROFILE IN_LIST TFM_FIH_PROFILE_LIST) 98 99########################### TF-M initial attestation ##################################### 100 101tfm_invalid_config(ATTEST_INCLUDE_TEST_CODE AND NOT (TEST_NS_ATTESTATION OR TEST_S_ATTESTATION)) 102 103######################## TF-M Profile config check ############################# 104 105tfm_invalid_config(TFM_PROFILE STREQUAL "profile_small" AND CONFIG_TFM_SPM_BACKEND_IPC) 106 107########################### Test check config ################################## 108 109if(TFM_S_REG_TEST OR TFM_NS_REG_TEST) 110 include(${TFM_TEST_PATH}/config/check_config.cmake) 111endif() 112 113###################### Compiler check for FP support ########################### 114 115include(config/cp_check.cmake) 116 117###################### Platform-specific checks ################################ 118 119if (EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/check_config.cmake) 120 include(platform/ext/target/${TFM_PLATFORM}/check_config.cmake) 121endif() 122