Update the default paths to private keys used
for signing the Secure and the Non-Secure firmware,
when building Zephyr together with TF-M. The update
is done to match the default configuration in
the upstream TF-M project.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
When we build Zephyr for a Non-Secure image, using TFM
as the Secure counterpart, we may or may not use BL2 (e.g.
MCUboot in TFM). If we build with BL2 we need to account
for a ROM offset before the start of the non-secure image
where TFM BL2 expects the BL2 header. This offset is not
needed when TFM is built without BL2. We use the existing
Kconfig options to determine whether we need a ROM offset
or not. We use the value of 0x400 for the BL2 header,
which is the default value used in TFM, but the option is
non-hidden, allowing the user to overwrite the default
value if needed.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commits adds a config option to build a PSA trusted-firmware-m
(TF-M) application image for the secure processing environment, and
configures the Zephyr application image for the non-secure processing
environment. The secure and non-secure environment images will be
linked together via the veneer function table that is produced as an
artifact of the TF-M build process.
Signed-off-by: Karl Zhang <karl.zhang@linaro.org>
Ioannis Glaropoulos