1#-------------------------------------------------------------------------------
2# Copyright (c) 2020-2024, Arm Limited. All rights reserved.
3# Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon company)
4# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
5#
6# SPDX-License-Identifier: BSD-3-Clause
7#
8#-------------------------------------------------------------------------------
9
10set (VALID_ISOLATION_LEVELS 1 2 3)
11
12tfm_invalid_config(NOT TFM_ISOLATION_LEVEL IN_LIST VALID_ISOLATION_LEVELS)
13tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT PLATFORM_HAS_ISOLATION_L3_SUPPORT)
14tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND PSA_FRAMEWORK_HAS_MM_IOVEC)
15
16tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_NS_MANAGE_NSID)
17tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
18tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND CONFIG_TFM_STACK_WATERMARKS)
19
20########################## BL1 #################################################
21
22tfm_invalid_config(TFM_BL1_2_IN_OTP AND TFM_BL1_2_IN_FLASH)
23
24########################## BL2 #################################################
25
26get_property(MCUBOOT_STRATEGY_LIST CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS)
27tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY IN_LIST MCUBOOT_STRATEGY_LIST) AND NOT USE_KCONFIG_TOOL)
28tfm_invalid_config(BL2 AND (NOT MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" AND MCUBOOT_DIRECT_XIP_REVERT))
29
30# Maximum number of MCUBoot images supported by TF-M NV counters and ROTPKs
31tfm_invalid_config(MCUBOOT_IMAGE_NUMBER GREATER 9)
32
33tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "EC-P256" AND NOT MCUBOOT_USE_PSA_CRYPTO)
34tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "EC-P384" AND NOT MCUBOOT_USE_PSA_CRYPTO)
35tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-2048" AND MCUBOOT_BUILTIN_KEY)
36tfm_invalid_config(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072" AND MCUBOOT_BUILTIN_KEY)
37
38tfm_invalid_config((BL2 AND CONFIG_TFM_BOOT_STORE_MEASUREMENTS AND NOT CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS) AND NOT MCUBOOT_DATA_SHARING)
39tfm_invalid_config((NOT (TFM_PARTITION_FIRMWARE_UPDATE OR CONFIG_TFM_BOOT_STORE_MEASUREMENTS)) AND MCUBOOT_DATA_SHARING)
40
41get_property(MCUBOOT_ALIGN_VAL_LIST CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS)
42tfm_invalid_config(BL2 AND (NOT MCUBOOT_ALIGN_VAL IN_LIST MCUBOOT_ALIGN_VAL_LIST) AND NOT USE_KCONFIG_TOOL)
43
44tfm_invalid_config(TFM_DUMMY_PROVISIONING AND MCUBOOT_GENERATE_SIGNING_KEYPAIR)
45
46tfm_invalid_config((NOT MCUBOOT_HW_KEY) AND (MCUBOOT_GENERATE_SIGNING_KEYPAIR))
47tfm_invalid_config(MCUBOOT_HW_KEY AND MCUBOOT_BUILTIN_KEY)
48
49####################### Code sharing ###########################################
50
51set(TFM_CODE_SHARING_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1) # Without crypto hw acceleration
52tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT TFM_PLATFORM IN_LIST TFM_CODE_SHARING_PLATFORM_LISTS)
53tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND CRYPTO_HW_ACCELERATOR)
54tfm_invalid_config(NOT TFM_CODE_SHARING STREQUAL "OFF" AND NOT C_COMPILER_ID:IAR)
55
56########################## Platform ############################################
57
58tfm_invalid_config(OTP_NV_COUNTERS_RAM_EMULATION AND NOT (PLATFORM_DEFAULT_OTP OR PLATFORM_DEFAULT_NV_COUNTERS))
59tfm_invalid_config(PLATFORM_DEFAULT_NV_COUNTERS AND  NOT PLATFORM_DEFAULT_OTP_WRITEABLE)
60tfm_invalid_config(TFM_DUMMY_PROVISIONING AND (PLATFORM_DEFAULT_OTP AND NOT PLATFORM_DEFAULT_OTP_WRITEABLE))
61tfm_invalid_config(TFM_NS_NV_COUNTER_AMOUNT GREATER 3)
62
63####################### Firmware Update Partition ###############################
64
65tfm_invalid_config(NOT PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT AND TFM_PARTITION_FIRMWARE_UPDATE)
66tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT TFM_PARTITION_PLATFORM)
67tfm_invalid_config((MCUBOOT_UPGRADE_STRATEGY STREQUAL "DIRECT_XIP" OR MCUBOOT_UPGRADE_STRATEGY STREQUAL "RAM_LOAD") AND TFM_PARTITION_FIRMWARE_UPDATE)
68tfm_invalid_config(TFM_PARTITION_FIRMWARE_UPDATE AND NOT MCUBOOT_DATA_SHARING)
69
70####################### Protected Storage Partition ###############################
71
72# PS only uses the platform partition when PS_ROLLBACK_PROTECTION is ON, but
73# the dependency in the manifest file means the dependency is unconditional
74tfm_invalid_config(TFM_PARTITION_PROTECTED_STORAGE AND NOT TFM_PARTITION_PLATFORM)
75
76########################## FIH #################################################
77
78get_property(TFM_FIH_PROFILE_LIST CACHE TFM_FIH_PROFILE PROPERTY STRINGS)
79tfm_invalid_config(NOT TFM_FIH_PROFILE IN_LIST TFM_FIH_PROFILE_LIST)
80
81######################## TF-M Profile config check #############################
82
83tfm_invalid_config(TFM_PROFILE STREQUAL "profile_small" AND CONFIG_TFM_SPM_BACKEND_IPC)
84
85######################## TF-M Arch config check ################################
86
87tfm_invalid_config(TFM_PXN_ENABLE AND NOT TFM_SYSTEM_ARCHITECTURE STREQUAL "armv8.1-m.main")
88
89######################## Sanitization checks ###################################
90
91tfm_invalid_config(BL1_1_SANITIZE AND C_COMPILER_ID:IAR)
92tfm_invalid_config(BL1_2_SANITIZE AND C_COMPILER_ID:IAR)
93tfm_invalid_config(BL2_SANITIZE   AND C_COMPILER_ID:IAR)
94tfm_invalid_config(TFM_SANITIZE   AND C_COMPILER_ID:IAR)
95
96get_property(BL1_1_SANITIZER_ALLOWED_VALUES CACHE BL1_1_SANITIZE PROPERTY STRINGS)
97tfm_invalid_config(BL1_1_SANITIZE AND NOT BL1_1_SANITIZE IN_LIST BL1_1_SANITIZER_ALLOWED_VALUES)
98
99get_property(BL1_2_SANITIZER_ALLOWED_VALUES CACHE BL1_2_SANITIZE PROPERTY STRINGS)
100tfm_invalid_config(BL1_2_SANITIZE AND NOT BL1_2_SANITIZE IN_LIST BL1_2_SANITIZER_ALLOWED_VALUES)
101
102get_property(BL2_SANITIZER_ALLOWED_VALUES CACHE BL2_SANITIZE PROPERTY STRINGS)
103tfm_invalid_config(BL2_SANITIZE AND NOT BL2_SANITIZE IN_LIST BL2_SANITIZER_ALLOWED_VALUES)
104
105get_property(TFM_SANITIZER_ALLOWED_VALUES CACHE TFM_SANITIZE PROPERTY STRINGS)
106tfm_invalid_config(TFM_SANITIZE AND NOT TFM_SANITIZE IN_LIST TFM_SANITIZER_ALLOWED_VALUES)
107
108###################### Compiler check for FP support ###########################
109
110include(config/cp_check.cmake)
111
112###################### Platform-specific checks ################################
113
114include(${TARGET_PLATFORM_PATH}/check_config.cmake OPTIONAL)
115