aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Peng <kevin.peng@arm.com>2021-09-08 22:33:33 +0800
committerKevin Peng <kevin.peng@arm.com>2021-09-18 08:58:53 +0200
commit23a583c3e4b62b13c51eecb0e84f4c312af51ab4 (patch)
tree09dd457d0cbfc5e7f5c24f53602523b477018ec7
parenta04206a06eef51dac0c0486798e3282f09e5e4d9 (diff)
downloadtrusted-firmware-m-23a583c3e4b62b13c51eecb0e84f4c312af51ab4.tar.gz
Build: Use IPC Model to build by default
The Library Model (TFM_PSA_API=OFF) is not being developed anymore. It does not support for new FF-M features. New comers to TF-M should be encouraged to start with the IPC model to have the better experiences. Library Model might be replaced by SFN Model in the future. This patch adds a new TFM_LIB_MODEL configuration and set to OFF by default to build IPC model by default. The TFM_PSA_API is not intended for users to choose between library and IPC model anymore. To build Library model, please set TFM_LIB_MODEL to ON. Note: The test repo version is updated as well for the dependency changes. Change-Id: I43ec92cd46dbc5a26e3638269cfb6267e24352bd Signed-off-by: Kevin Peng <kevin.peng@arm.com>
-rw-r--r--config/check_config.cmake12
-rw-r--r--config/config_default.cmake8
-rw-r--r--config/profile/profile_large.cmake1
-rw-r--r--config/profile/profile_medium.cmake1
-rw-r--r--config/profile/profile_small.cmake2
-rw-r--r--config/set_config.cmake4
-rw-r--r--config/tfm_ipc_config_default.cmake2
-rw-r--r--config/tfm_library_config_default.cmake11
-rw-r--r--docs/integration_guide/porting_TFM_to_a_new_hardware.rst3
-rw-r--r--docs/integration_guide/tfm_test_suites_addition.rst3
-rw-r--r--docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst2
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_large.rst2
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_medium.rst4
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_small.rst2
-rw-r--r--docs/technical_references/instructions/tfm_build_instruction.rst50
-rw-r--r--platform/ext/target/arm/diphda/config.cmake1
-rw-r--r--platform/ext/target/arm/mps2/an521/config.cmake2
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/config.cmake1
-rw-r--r--platform/ext/target/arm/musca_b1/sse_200/config.cmake3
-rw-r--r--platform/ext/target/cypress/psoc64/config.cmake2
-rw-r--r--platform/ext/target/nuvoton/m2351/README.rst3
-rw-r--r--platform/ext/target/nuvoton/m2354/README.rst3
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/README.rst6
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py2
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py2
-rw-r--r--platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py2
26 files changed, 55 insertions, 79 deletions
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 2ac6380fd6..e4e95559dc 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -23,11 +23,13 @@ tfm_invalid_config(CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSI
set (TFM_L3_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1/sse_200 stm/stm32l562e_dk)
+tfm_invalid_config(TFM_LIB_MODEL AND TFM_PSA_API)
+tfm_invalid_config(NOT TFM_LIB_MODEL AND NOT TFM_PSA_API)
tfm_invalid_config(TFM_ISOLATION_LEVEL LESS 1 OR TFM_ISOLATION_LEVEL GREATER 3)
tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT TFM_PLATFORM IN_LIST TFM_L3_PLATFORM_LISTS)
-tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND TFM_LIB_MODEL)
-tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_LIB_MODEL)
tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
tfm_invalid_config((TFM_S_REG_TEST OR TFM_NS_REG_TEST) AND TEST_PSA_API)
@@ -38,7 +40,7 @@ tfm_invalid_config(PS_ROLLBACK_PROTECTION AND NOT PS_ENCRYPTION)
tfm_invalid_config(SUITE STREQUAL "IPC" AND NOT TEST_PSA_API STREQUAL "IPC")
-tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND NOT TFM_PSA_API)
+tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND TFM_LIB_MODEL)
tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT TFM_PARTITION_CRYPTO)
tfm_invalid_config(TEST_PSA_API STREQUAL "INITIAL_ATTESTATION" AND NOT TFM_PARTITION_INITIAL_ATTESTATION)
tfm_invalid_config(TEST_PSA_API STREQUAL "INTERNAL_TRUSTED_STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
@@ -63,7 +65,7 @@ tfm_invalid_config(TFM_CODE_SHARING STREQUAL "OFF" AND TFM_CODE_SHARING_PATH)
####################### SP META Pointer ########################################
-tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND TFM_LIB_MODEL)
####################### Firmware Update Parttion ###############################
@@ -78,7 +80,7 @@ tfm_invalid_config(NOT TFM_FIH_PROFILE IN_LIST TFM_FIH_PROFILE_LIST)
########################### TF-M audit log #####################################
-tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND TFM_PSA_API)
+tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND NOT TFM_LIB_MODEL)
########################### TF-M crypto ########################################
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 09db32e52f..0a1b62e2e2 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -16,7 +16,9 @@ set(TEST_S OFF CACHE BOOL "Whether to
set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests")
set(TEST_PSA_API "" CACHE STRING "Which (if any) of the PSA API tests should be compiled")
-set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+# TFM_LIB_MODEL is the only user configuration for Library Model selection.
+# TFM_PSA_API becomes an internal variable. Please do NOT use it in build command line.
+set(TFM_LIB_MODEL OFF CACHE BOOL "Use secure library model instead of PSA API (IPC model)")
set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
set(TFM_PROFILE "" CACHE STRING "Profile to use")
set(TFM_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
@@ -108,7 +110,7 @@ set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COS
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
-set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition")
+set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
set(FORWARD_PROT_MSG OFF CACHE BOOL "Whether to forward all PSA RoT messages to a Secure Enclave")
set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
@@ -127,7 +129,7 @@ set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path
set(MCUBOOT_VERSION "TF-Mv1.4-integ" CACHE STRING "The version of MCUboot to use")
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
-set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version of PSA arch tests to use")
+set(PSA_ARCH_TESTS_VERSION "c00020e" CACHE STRING "The version of PSA arch tests to use")
################################################################################
################################################################################
diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake
index d3a95a6674..3de4a09118 100644
--- a/config/profile/profile_large.cmake
+++ b/config/profile/profile_large.cmake
@@ -6,7 +6,6 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_large CACHE STRING "Profile to use")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level")
############################ Partitions ########################################
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 8b10152984..bdb8c3886f 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -6,7 +6,6 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_medium CACHE STRING "Profile to use")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
############################ Partitions ########################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 5d71eec4a4..c03e9113a8 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -6,7 +6,7 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_small CACHE STRING "Profile to use")
-set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+set(TFM_LIB_MODEL ON CACHE BOOL "Use secure library model instead of PSA API (IPC model)")
set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
########################## BL2 #################################################
diff --git a/config/set_config.cmake b/config/set_config.cmake
index 9cb3cff465..78ca844bc7 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -43,7 +43,9 @@ if (TFM_PROFILE)
endif()
# Load TF-M model specific default config
-if (TFM_PSA_API)
+if (TFM_LIB_MODEL)
+ include(config/tfm_library_config_default.cmake)
+else()
include(config/tfm_ipc_config_default.cmake)
endif()
diff --git a/config/tfm_ipc_config_default.cmake b/config/tfm_ipc_config_default.cmake
index 14512e9b68..b8b16b4b5a 100644
--- a/config/tfm_ipc_config_default.cmake
+++ b/config/tfm_ipc_config_default.cmake
@@ -7,4 +7,4 @@
############################ Partitions ########################################
-set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
+set(TFM_PSA_API ON CACHE BOOL "Use PSA API instead of secure library model")
diff --git a/config/tfm_library_config_default.cmake b/config/tfm_library_config_default.cmake
new file mode 100644
index 0000000000..887b0bee78
--- /dev/null
+++ b/config/tfm_library_config_default.cmake
@@ -0,0 +1,11 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+############################ Partitions ########################################
+
+set(TFM_PSA_API OFF CACHE BOOL "Use PSA API instead of secure library model")
+set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition")
diff --git a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
index 13600c75ad..c87d7a9e89 100644
--- a/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
+++ b/docs/integration_guide/porting_TFM_to_a_new_hardware.rst
@@ -787,8 +787,7 @@ Annex
[config_cmake]
set(BL2 OFF CACHE BOOL "Whether to build BL2")
- set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
- set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE)
+ set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE)
------------
diff --git a/docs/integration_guide/tfm_test_suites_addition.rst b/docs/integration_guide/tfm_test_suites_addition.rst
index a5a89a5c89..e3802f4e97 100644
--- a/docs/integration_guide/tfm_test_suites_addition.rst
+++ b/docs/integration_guide/tfm_test_suites_addition.rst
@@ -47,7 +47,6 @@ An example usage of test configuration shows below.
cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 \
-DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
-DCMAKE_BUILD_TYPE=Release \
- -DTFM_PSA_API=ON \
-DTEST_NS_ATTESTATION=ON
With this command, only non-secure initial attestation test suite will be built.
@@ -112,7 +111,7 @@ The setting is performed in following four steps.
#. TF-M partitions configurations like ``TFM_PARTITION_CRYPTO``,
``TFM_PARTITION_INITIAL_ATTESTATION``, etc.
- #. TF-M build mode configuration like ``TFM_PSA_API``.
+ #. TF-M build mode configuration like ``TFM_LIB_MODEL``.
#. TF-M other configurations like ``TFM_PARTITION_FIRMWARE_UPDATE``,
``FORWARD_PROT_MSG``, etc.
diff --git a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
index 4a117243fe..2b53e45558 100644
--- a/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
+++ b/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.rst
@@ -12,7 +12,7 @@ Advisory TFMV-2
| Versions | Affected All versions up to and including TF-M v1.2 |
| Affected | |
+----------------+-------------------------------------------------------------+
-| Configurations | IPC Model (TFM_PSA_API=ON) on Armv8-M |
+| Configurations | IPC Model on Armv8-M |
+----------------+-------------------------------------------------------------+
| Impact | Most likely a crash in secure world or reset whole system, |
| | with a very low likelihood of overwriting some memory |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
index dd64e00977..9ca8d1f146 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
@@ -238,7 +238,7 @@ shown below.
+============================================+====================================+====================================================================================================+
| ``TFM_ISOLATION_LEVEL`` | Select level 3 isolation | ``3`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
- | ``TFM_PSA_API`` | Select IPC model | ``ON`` |
+ | ``TFM_LIB_MODEL`` | Select IPC model | ``OFF`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | Enable ITS SP | ``ON`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
index c7c75164e2..aa1e78f148 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
@@ -246,8 +246,8 @@ shown below.
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``2`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_PSA_API`` | ``True`` | Select IPC model |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
+ | ``TFM_LIB_MODEL`` | ``OFF`` | Select IPC model |
+ +--------------------------------------------+------------------------------------+------------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``ITS_BUF_SIZE`` | ``32`` | ITS internal transient buffer size |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index 5a02cde010..ea39408bb0 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -371,7 +371,7 @@ shown below.
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``1`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_PSA_API`` | ``FALSE`` | Select IPC model |
+ | ``TFM_LIB_MODEL`` | ``ON`` | Select Library model |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
diff --git a/docs/technical_references/instructions/tfm_build_instruction.rst b/docs/technical_references/instructions/tfm_build_instruction.rst
index e61067e220..378b299e45 100644
--- a/docs/technical_references/instructions/tfm_build_instruction.rst
+++ b/docs/technical_references/instructions/tfm_build_instruction.rst
@@ -120,8 +120,8 @@ important options are listed below.
+---------------------+----------------------------------------+---------------+
| NS | Build NS app. Required for test code. | ON |
+---------------------+----------------------------------------+---------------+
-| TFM_PSA_API | Use PSA api (IPC mode) instead of | OFF |
-| | secure library mode. | |
+| TFM_LIB_MODEL | Use secure library model instead of | OFF |
+| | PSA api (IPC model). | |
+---------------------+----------------------------------------+---------------+
| TFM_ISOLATION_LEVEL | Set TFM isolation level. | 1 |
+---------------------+----------------------------------------+---------------+
@@ -199,9 +199,8 @@ other test suites. Test configurations and dependencies will be
checked in ``${TFM_TEST_REPO_PATH}/test/config/check_config.cmake``.
If regression testing is enabled, it will then enable all tests for the enabled
-secure partitions. If IPC mode is enabled via ``TFM_PSA_API`` the IPC tests will
-be enabled. Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is
-enabled.
+secure partitions.
+Multicore tests will be enabled if ``TFM_MULTI_CORE_TOPOLOGY`` is enabled.
Some cryptographic tests can be enabled and disabled. This is done to prevent
false failures from being reported when a smaller Mbed Crypto config is being
@@ -273,12 +272,11 @@ variables, in the format of cmake command line parameters.
+------------------------------------------+---------------------------------------+
| File | Cmake command line |
+==========================================+=======================================+
-| ConfigDefault.cmake | <No options> |
+| ConfigDefault.cmake | -DTFM_LIB_MODEL=ON |
+------------------------------------------+---------------------------------------+
-| ConfigCoreIPC.cmake | -DTFM_PSA_API=ON |
+| ConfigCoreIPC.cmake | <no options> |
+------------------------------------------+---------------------------------------+
-| ConfigCoreIPCTfmLevel2.cmake | -DTFM_PSA_API=ON |
-| | -DTFM_ISOLATION_LEVEL=2 |
+| ConfigCoreIPCTfmLevel2.cmake | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigDefaultProfileS.cmake | -DTFM_PROFILE=profile_small |
+------------------------------------------+---------------------------------------+
@@ -287,10 +285,8 @@ variables, in the format of cmake command line parameters.
| ConfigRegression.cmake | -DTEST_NS=ON -DTEST_S=ON |
+------------------------------------------+---------------------------------------+
| ConfigRegressionIPC.cmake | -DTEST_NS=ON -DTEST_S=ON |
-| | -DTFM_PSA_API=ON |
+------------------------------------------+---------------------------------------+
| ConfigRegressionIPCTfmLevel2.cmake | -DTEST_NS=ON -DTEST_S=ON |
-| | -DTFM_PSA_API=ON |
| | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigRegressionProfileS.cmake | -DTFM_PROFILE=profile_small |
@@ -302,10 +298,8 @@ variables, in the format of cmake command line parameters.
| ConfigPsaApiTest.cmake | -DTEST_PSA_API=<test_suite> |
+------------------------------------------+---------------------------------------+
| ConfigPsaApiTestIPC.cmake | -DTEST_PSA_API=<test_suite> |
-| | -DTFM_PSA_API=ON |
+------------------------------------------+---------------------------------------+
| ConfigPsaApiTestIPCTfmLevel2.cmake | -DTEST_PSA_API=<test_suite> |
-| | -DTFM_PSA_API=ON |
| | -DTFM_ISOLATION_LEVEL=2 |
+------------------------------------------+---------------------------------------+
| ConfigDefaultProfileM.cmake | -DTFM_PROFILE=profile_medium |
@@ -391,8 +385,8 @@ Alternately using traditional cmake syntax
cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_S=ON -DTEST_NS=ON
make install
-Build for PSA Functional API compliance tests
-=============================================
+Build for PSA API tests
+=======================
The build system provides support for building and integrating the PSA API tests
from https://github.com/ARM-software/psa-arch-tests. PSA API tests are
controlled using the TEST_PSA_API variable. Enabling both regression tests and
@@ -427,32 +421,6 @@ Alternately using traditional cmake syntax
cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=CRYPTO
make install
-Build for PSA FF (IPC) compliance tests
-=======================================
-
-The build system provides support for building and integrating the PSA FF
-compliance test. This support is controlled by the TEST_PSA_API variable:
-
-.. code-block:: bash
-
- -DTEST_PSA_API=IPC
-
-.. code-block:: bash
-
- cd <TF-M base folder>
- cmake -S . -B cmake_build -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
- cmake --build cmake_build -- install
-
-Alternately using traditional cmake syntax
-
-.. code-block:: bash
-
- cd <TF-M base folder>
- mkdir cmake_build
- cd cmake_build
- cmake .. -DTFM_PLATFORM=arm/mps2/an521 -DTEST_PSA_API=IPC -DTFM_PSA_API=ON
- make install
-
Location of build artifacts
===========================
diff --git a/platform/ext/target/arm/diphda/config.cmake b/platform/ext/target/arm/diphda/config.cmake
index 503b525345..f0fd77dcf5 100644
--- a/platform/ext/target/arm/diphda/config.cmake
+++ b/platform/ext/target/arm/diphda/config.cmake
@@ -13,7 +13,6 @@ set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strat
set(MCUBOOT_IMAGE_NUMBER 3 CACHE STRING "Number of images loaded by mcuboot")
set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture")
set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM ON CACHE BOOL "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
set(PLATFORM_DUMMY_NV_SEED FALSE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
set(NS FALSE CACHE BOOL "Whether to build NS app")
diff --git a/platform/ext/target/arm/mps2/an521/config.cmake b/platform/ext/target/arm/mps2/an521/config.cmake
index d93f5bb8f4..9498c96c6c 100644
--- a/platform/ext/target/arm/mps2/an521/config.cmake
+++ b/platform/ext/target/arm/mps2/an521/config.cmake
@@ -7,7 +7,7 @@
set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/arm/mps2/an521/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
-if(TFM_PSA_API)
+if(NOT TFM_LIB_MODEL)
if (NOT TEST_NS_SLIH_IRQ AND TEST_NS)
# FLIH and SLIH testing can not be enabled at the same time
set(TEST_NS_FLIH_IRQ ON CACHE BOOL "Enable FLIH testing")
diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
index 040daa49ec..e918f144ac 100644
--- a/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/config.cmake
@@ -7,7 +7,6 @@
# Configuration values forced due to the Secure Enclave topology
set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture" FORCE)
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
set(NS FALSE CACHE BOOL "Whether to build NS app" FORCE)
set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests" FORCE)
diff --git a/platform/ext/target/arm/musca_b1/sse_200/config.cmake b/platform/ext/target/arm/musca_b1/sse_200/config.cmake
index 34f8068cfc..2c93b98970 100644
--- a/platform/ext/target/arm/musca_b1/sse_200/config.cmake
+++ b/platform/ext/target/arm/musca_b1/sse_200/config.cmake
@@ -26,7 +26,6 @@ if (NOT FORWARD_PROT_MSG)
else()
set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
set(MCUBOOT_MEASURED_BOOT OFF CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token")
- set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition")
set(TFM_PARTITION_CRYPTO OFF CACHE BOOL "Enable Crypto partition")
@@ -46,7 +45,7 @@ set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_SOURCE_DIR}/platform/ext/target/
set(PSA_API_TEST_TARGET "musca_b1" CACHE STRING "Target to use when building the PSA API tests")
-if(TFM_PSA_API)
+if(NOT TFM_LIB_MODEL)
if (TEST_NS_FLIH_IRQ)
message(FATAL_ERROR "FLIH testing has not been supported!")
endif()
diff --git a/platform/ext/target/cypress/psoc64/config.cmake b/platform/ext/target/cypress/psoc64/config.cmake
index f016cd824f..65c8aa2a93 100644
--- a/platform/ext/target/cypress/psoc64/config.cmake
+++ b/platform/ext/target/cypress/psoc64/config.cmake
@@ -7,8 +7,6 @@
set(BL2 OFF CACHE BOOL "Whether to build BL2")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
-
set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification")
############################ Platform ##########################################
diff --git a/platform/ext/target/nuvoton/m2351/README.rst b/platform/ext/target/nuvoton/m2351/README.rst
index 8b44dceaa4..0901269c8a 100644
--- a/platform/ext/target/nuvoton/m2351/README.rst
+++ b/platform/ext/target/nuvoton/m2351/README.rst
@@ -12,6 +12,7 @@ Build TF-M with M2351 by following commands:
$ cd build
$ cmake ../ \
-G"Unix Makefiles" \
+ -DTFM_LIB_MODEL=ON \
-DTFM_PLATFORM=nuvoton/m2351 \
-DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake \
-DTEST_NS=ON \
@@ -20,7 +21,7 @@ Build TF-M with M2351 by following commands:
Define TEST_NS=ON or TEST_S=ON for non-secure or secure regression test.
CMAKE_BUILD_TYPE could be "Release", "RelWithDebInfo" or "Minsizerel"
-TFM_PSA_API=ON and TFM_ISOLATION_LEVEL=2 can also be set but them cannot be
+TFM_LIB_MODEL=OFF and TFM_ISOLATION_LEVEL=2 can also be set but them cannot be
defined with TEST_S=ON or TEST_NS=ON at the same time due to limited RAM size
of M2351. Other cmake parameters should not be changed.
diff --git a/platform/ext/target/nuvoton/m2354/README.rst b/platform/ext/target/nuvoton/m2354/README.rst
index 956ee63340..20558e902a 100644
--- a/platform/ext/target/nuvoton/m2354/README.rst
+++ b/platform/ext/target/nuvoton/m2354/README.rst
@@ -16,14 +16,13 @@ Build TF-M with M2354 by following commands:
-DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake \
-DTEST_S=ON \
-DTEST_NS=ON \
- -DTFM_PSA_API=ON \
-DTFM_ISOLATION_LEVEL=2 \
-DCMAKE_BUILD_TYPE=Release \
$ make install
Define TEST_NS=ON or TEST_S=ON for non-secure or secure regression test.
CMAKE_BUILD_TYPE could be "Release", "Debug", "RelWithDebInfo" or "Minsizerel"
-TFM_PSA_API=ON and TFM_ISOLATION_LEVEL=2 can also be set.
+TFM_ISOLATION_LEVEL=2 can also be set.
Other cmake parameters should not be changed.
Flashing Image with Nuvoton NuLink Tool
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/README.rst b/platform/ext/target/nxp/lpcxpresso55s69/README.rst
index d766411766..ed78fd987f 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/README.rst
+++ b/platform/ext/target/nxp/lpcxpresso55s69/README.rst
@@ -16,7 +16,7 @@ Or do it manually using the following commands:
.. code:: bash
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
1.2 Building TF-M demo with BL2
@@ -29,7 +29,7 @@ Or do it manually using the following commands:
.. code:: bash
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
1.3 Building TF-M regression tests
@@ -42,7 +42,7 @@ or do it manually using following commands:
.. code:: bash
- $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
+ $ cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"
$ cd build && make install
.. Note::
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
index ef29f7ba0d..d715ae928e 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo.py
@@ -17,7 +17,7 @@ if os.path.isdir("build"):
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
index 51b5bc5f6d..5c3f11d826 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_demo_bl2.py
@@ -46,7 +46,7 @@ if os.path.isdir("build"):
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DBL2_S_IMAGE_START=' + BL2_S_IMAGE_START + ' -DBL2_NS_IMAGE_START=' + BL2_NS_IMAGE_START + ' -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
index fc59f86294..7407bf5b2b 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
+++ b/platform/ext/target/nxp/lpcxpresso55s69/scripts/build_tfm_regression.py
@@ -17,7 +17,7 @@ if os.path.isdir("build"):
os.system('rm -rf build')
# Generate the S and NS makefiles
-os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_PSA_API=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
+os.system('cmake -S . -B build -DTFM_PLATFORM=nxp/lpcxpresso55s69 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake -DTFM_PROFILE=profile_medium -DCMAKE_BUILD_TYPE=Relwithdebinfo -DBL2=OFF -DTEST_S=ON -DTEST_NS=ON -DTFM_ISOLATION_LEVEL=2 -G"Unix Makefiles"')
# Build the binaries
os.chdir('build')