72 lines
2.3 KiB
Plaintext
72 lines
2.3 KiB
Plaintext
# TF-M/PSA Related
|
|
|
|
# Copyright (c) 2019, 2020 Linaro Limited
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
menuconfig BUILD_WITH_TFM
|
|
bool "Build with TF-M as the Secure Execution Environment"
|
|
depends on TRUSTED_EXECUTION_NONSECURE
|
|
help
|
|
When enabled, this option instructs the Zephyr build process to
|
|
additionaly generate a TF-M image for the Secure Execution
|
|
environment, along with the Zephyr image. The Zephyr image
|
|
itself is to be executed in the Non-Secure Processing Environment.
|
|
The required dependency on TRUSTED_EXECUTION_NONSECURE
|
|
ensures that the Zephyr image is built as a Non-Secure image. Both
|
|
TF-M and Zephyr images, as well as the veneer object file that links
|
|
them, are generated during the normal Zephyr build process.
|
|
|
|
Note:
|
|
Building with the "_nonsecure" BOARD variant (e.g.
|
|
"mps2_an521_nonsecure") ensures that
|
|
CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.
|
|
|
|
if BUILD_WITH_TFM
|
|
|
|
config TFM_KEY_FILE_S
|
|
string "Path to private key used to sign secure firmware images."
|
|
depends on BUILD_WITH_TFM
|
|
default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072.pem"
|
|
help
|
|
The path and filename for the .pem file containing the private key
|
|
that should be used by the BL2 bootloader when signing secure
|
|
firmware images.
|
|
|
|
config TFM_KEY_FILE_NS
|
|
string "Path to private key used to sign non-secure firmware images."
|
|
depends on BUILD_WITH_TFM
|
|
default "${ZEPHYR_BASE}/../modules/tee/tfm/trusted-firmware-m/bl2/ext/mcuboot/root-RSA-3072_1.pem"
|
|
help
|
|
The path and filename for the .pem file containing the private key
|
|
that should be used by the BL2 bootloader when signing non-secure
|
|
firmware images.
|
|
|
|
choice TFM_BL2
|
|
prompt "BL2 configuration, should TFM build with MCUboot support"
|
|
default TFM_BL2_CONFIG_FILE_DEFAULT
|
|
|
|
config TFM_BL2_CONFIG_FILE_DEFAULT
|
|
bool "Use TFM BL2 setting from TFM configuration file"
|
|
|
|
config TFM_BL2_TRUE
|
|
bool "TFM BL2 enabled"
|
|
|
|
config TFM_BL2_FALSE
|
|
bool "TFM BL2 disabled"
|
|
|
|
endchoice
|
|
|
|
if !TFM_BL2_FALSE
|
|
|
|
config ROM_START_OFFSET
|
|
hex "ROM Start Offset accounting for BL2 Header in the NS image"
|
|
default 0x400
|
|
help
|
|
By default BL2 header size in TF-M is 0x400. ROM_START_OFFSET
|
|
needs to be updated if TF-M switches to use a different header
|
|
size for BL2.
|
|
|
|
endif # !TFM_BL2_FALSE
|
|
|
|
endif # BUILD_WITH_TFM
|