1#-------------------------------------------------------------------------------
2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
3# Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon company)
4# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
5#
6# SPDX-License-Identifier: BSD-3-Clause
7#
8#-------------------------------------------------------------------------------
9
10function(tfm_invalid_config)
11    if (${ARGV})
12        string (REPLACE ";" " " ARGV_STRING "${ARGV}")
13        string (REPLACE "STREQUAL"     "=" ARGV_STRING "${ARGV_STRING}")
14        string (REPLACE "GREATER"      ">" ARGV_STRING "${ARGV_STRING}")
15        string (REPLACE "LESS"         "<" ARGV_STRING "${ARGV_STRING}")
16        string (REPLACE "VERSION_LESS" "<" ARGV_STRING "${ARGV_STRING}")
17        string (REPLACE "EQUAL"        "=" ARGV_STRING "${ARGV_STRING}")
18        string (REPLACE "IN_LIST"      "in" ARGV_STRING "${ARGV_STRING}")
19
20        message(FATAL_ERROR "INVALID CONFIG: ${ARGV_STRING}")
21    endif()
22endfunction()
23
24set (VALID_ISOLATION_LEVELS 1 2 3)
25
26tfm_invalid_config(NOT TFM_ISOLATION_LEVEL IN_LIST VALID_ISOLATION_LEVELS)
27tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT PLATFORM_HAS_ISOLATION_L3_SUPPORT)
28tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND PSA_FRAMEWORK_HAS_MM_IOVEC)
29
30tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_NS_MANAGE_NSID)
31tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
32# Multi-core platform with mailbox partition cannot fully work with SFN backend yet.
33tfm_invalid_config(TFM_PARTITION_NS_AGENT_MAILBOX AND CONFIG_TFM_SPM_BACKEND_SFN)
34
35tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND CONFIG_TFM_STACK_WATERMARKS)
36
37tfm_invalid_config((TFM_S_REG_TEST OR TFM_NS_REG_TEST) AND TEST_PSA_API)
38
39tfm_invalid_config(SUITE STREQUAL "IPC" AND NOT TEST_PSA_API STREQUAL "IPC")
40
41tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT TFM_PARTITION_CRYPTO)
42tfm_invalid_config(TEST_PSA_API STREQUAL "INITIAL_ATTESTATION" AND NOT TFM_PARTITION_INITIAL_ATTESTATION)
43tfm_invalid_config(TEST_PSA_API STREQUAL "INTERNAL_TRUSTED_STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
44tfm_invalid_config(TEST_PSA_API STREQUAL "PROTECTED_STORAGE" AND NOT TFM_PARTITION_PROTECTED_STORAGE)
45tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
46tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_PROTECTED_STORAGE)
47
48########################## BL1 #################################################
49
50tfm_invalid_config((BL1 AND PLATFORM_DEFAULT_BL1 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS) AND NOT TFM_PARTITION_MEASURED_BOOT)
51
52########################## BL2 #################################################
53
54get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
55tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST))
56
57# Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs
58tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 4)
59
60tfm_invalid_config((BL2 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND NOT CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS) AND NOT MCUBOOT_DATA_SHARING)
61tfm_invalid_config((NOT (TFM_PARTITION_FIRMWARE_UPDATE OR CONFIG_TFM_BOOT_STORE_MEASUREMENTS)) AND MCUBOOT_DATA_SHARING)
62
63get_property(MCUBOOT_ALIGN_VAL_LIST CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS)
64tfm_invalid_config(BL2 AND (NOT MCUBOOT_ALIGN_VAL IN_LIST MCUBOOT_ALIGN_VAL_LIST))
65
66####################### Code sharing ###########################################
67
68set(TFM_CODE_SHARING_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1) # Without crypto hw acceleration
69tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT TFM_PLATFORM IN_LIST TFM_CODE_SHARING_PLATFORM_LISTS)
70tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND CRYPTO_HW_ACCELERATOR)
71tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT C_COMPILER_ID:IAR)
72
73########################## Platform ############################################
74
75tfm_invalid_config(OTP_NV_COUNTERS_RAM_EMULATION AND NOT (PLATFORM_DEFAULT_OTP OR PLATFORM_DEFAULT_NV_COUNTERS))
76tfm_invalid_config(PLATFORM_DEFAULT_NV_COUNTERS AND  NOT PLATFORM_DEFAULT_OTP_WRITEABLE)
77tfm_invalid_config(TFM_DUMMY_PROVISIONING AND (PLATFORM_DEFAULT_OTP AND NOT PLATFORM_DEFAULT_OTP_WRITEABLE))
78tfm_invalid_config(TFM_NS_NV_COUNTER_AMOUNT GREATER 3)
79
80####################### Firmware Update Parttion ###############################
81
82tfm_invalid_config(NOT PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT AND TFM_PARTITION_FIRMWARE_UPDATE)
83tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT TFM_PARTITION_PLATFORM)
84tfm_invalid_config((MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" OR MCUBOOT_UPGRADE_STRATEGY STREQUAL "RAM_LOAD") AND TFM_PARTITION_FIRMWARE_UPDATE)
85tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT MCUBOOT_DATA_SHARING)
86
87####################### Protected Storage Parttion ###############################
88
89tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
90# PS only uses the platform partition when PS_ROLLBACK_PROTECTION is ON, but
91# the dependency in the manifest file means the dependency is unconditional
92tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_PLATFORM)
93
94########################## FIH #################################################
95
96get_property(TFM_FIH_PROFILE_LIST CACHE TFM_FIH_PROFILE PROPERTY STRINGS)
97tfm_invalid_config(NOT TFM_FIH_PROFILE IN_LIST TFM_FIH_PROFILE_LIST)
98
99########################### TF-M initial attestation #####################################
100
101tfm_invalid_config(ATTEST_INCLUDE_TEST_CODE AND NOT (TEST_NS_ATTESTATION OR TEST_S_ATTESTATION))
102
103######################## TF-M Profile config check #############################
104
105tfm_invalid_config(TFM_PROFILE STREQUAL "profile_small" AND CONFIG_TFM_SPM_BACKEND_IPC)
106
107########################### Test check config ##################################
108
109if(TFM_S_REG_TEST OR TFM_NS_REG_TEST)
110    include(${TFM_TEST_PATH}/config/check_config.cmake)
111endif()
112
113###################### Compiler check for FP support ###########################
114
115include(config/cp_check.cmake)
116
117###################### Platform-specific checks ################################
118
119if (EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/check_config.cmake)
120    include(platform/ext/target/${TFM_PLATFORM}/check_config.cmake)
121endif()
122