1#-------------------------------------------------------------------------------
2# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
3# Copyright (c) 2021 STMicroelectronics. All rights reserved.
4#
5# SPDX-License-Identifier: BSD-3-Clause
6#
7#-------------------------------------------------------------------------------
8
9########################## BL2 #################################################
10set(MCUBOOT_IMAGE_NUMBER                2           CACHE STRING    "Whether to combine S and NS into either 1 image, or sign each seperately")
11set(BL2_HEADER_SIZE                     0x400       CACHE STRING    "Header size")
12set(BL2_TRAILER_SIZE                    0x2000      CACHE STRING    "Trailer size")
13set(MCUBOOT_ALIGN_VAL                   16          CACHE STRING    "Align option to build image with imgtool")
14set(MCUBOOT_UPGRADE_STRATEGY            "OVERWRITE_ONLY"      CACHE STRING    "Upgrade strategy for images")
15set(TFM_PARTITION_FIRMWARE_UPDATE       OFF          CACHE BOOL      "Enable firmware update partition")
16set(TFM_PARTITION_PLATFORM              ON          CACHE BOOL      "Enable platform partition")
17set(MCUBOOT_DATA_SHARING                ON          CACHE BOOL      "Enable Data Sharing")
18set(MCUBOOT_BOOTSTRAP                   ON          CACHE BOOL      "Allow initial state with images in secondary slots(empty primary slots)")
19set(MCUBOOT_ENC_IMAGES                  ON          CACHE BOOL      "Enable encrypted image upgrade support")
20set(MCUBOOT_ENCRYPT_RSA                 ON          CACHE BOOL      "Use RSA for encrypted image upgrade support")
21################################## Dependencies ################################
22set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON       CACHE BOOL      "Enable Internal Trusted Storage partition")
23set(TFM_PARTITION_CRYPTO                ON          CACHE BOOL      "Enable Crypto partition")
24set(CRYPTO_HW_ACCELERATOR               ON          CACHE BOOL      "Whether to enable the crypto hardware accelerator on supported platforms")
25set(MBEDCRYPTO_BUILD_TYPE               minsizerel  CACHE STRING    "Build type of Mbed Crypto library")
26set(PS_CRYPTO_AEAD_ALG                  PSA_ALG_GCM CACHE STRING    "The AEAD algorithm to use for authenticated encryption in Protected Storage")
27set(MCUBOOT_FIH_PROFILE                 LOW         CACHE STRING    "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
28# LOG LEVEL
29set(TFM_SPM_LOG_LEVEL                   TFM_SPM_LOG_LEVEL_DEBUG         CACHE STRING    "Set default SPM log level as INFO level")
30set(TFM_PARTITION_LOG_LEVEL             TFM_PARTITION_LOG_LEVEL_INFO    CACHE STRING    "Set default Secure Partition log level as INFO level")
31
32set(MCUBOOT_HW_ROLLBACK_PROT            ON          CACHE BOOL      "Enable security counter validation against non-volatile HW counters")
33# Added for H5
34set(CONFIG_TFM_USE_TRUSTZONE            ON)
35set(TFM_PARTITION_PROTECTED_STORAGE     ON         CACHE BOOL      "Disable Protected Storage partition")
36set(TFM_PARTITION_INITIAL_ATTESTATION   ON         CACHE BOOL      "Disable Initial Attestation partition")
37set(STSAFEA                             ON          CACHE BOOL      "Activate ST SAFE SUPPORT")
38