aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CommonConfig.cmake8
-rw-r--r--platform/ext/target/cypress/psoc64/spm_hal.c4
-rw-r--r--platform/ext/target/mps2/an519/spm_hal.c4
-rw-r--r--platform/ext/target/mps2/an521/spm_hal.c14
-rw-r--r--platform/ext/target/mps2/an539/spm_hal.c4
-rw-r--r--platform/ext/target/mps3/an524/spm_hal.c4
-rw-r--r--platform/ext/target/musca_a/spm_hal.c14
-rw-r--r--platform/ext/target/musca_b1/spm_hal.c14
-rw-r--r--platform/ext/target/musca_s1/spm_hal.c4
-rw-r--r--platform/ext/target/sse-200_aws/spm_hal.c4
-rw-r--r--platform/include/tfm_spm_hal.h4
-rw-r--r--secure_fw/core/tfm_core.c4
12 files changed, 45 insertions, 37 deletions
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index c34ee5a53d..e1f1f7e51f 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -156,6 +156,10 @@ option(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE "Enable the TF-M internal trusted
option(TFM_PARTITION_CRYPTO "Enable the TF-M crypto partition" ON)
option(TFM_PARTITION_INITIAL_ATTESTATION "Enable the TF-M initial attestation partition" ON)
+if (NOT TFM_LVL EQUAL 1 AND NOT DEFINED CONFIG_TFM_ENABLE_MEMORY_PROTECT)
+ set (CONFIG_TFM_ENABLE_MEMORY_PROTECT ON)
+endif()
+
if (TFM_PARTITION_INITIAL_ATTESTATION OR TFM_PARTITION_SECURE_STORAGE)
#PSA Initial Attestation and Protected storage rely on Cryptography API
set(TFM_PARTITION_CRYPTO ON)
@@ -309,6 +313,10 @@ if (TFM_PARTITION_TEST_SECURE_SERVICES)
add_definitions(-DTFM_PARTITION_TEST_SECURE_SERVICES)
endif()
+if (CONFIG_TFM_ENABLE_MEMORY_PROTECT)
+ add_definitions(-DCONFIG_TFM_ENABLE_MEMORY_PROTECT)
+endif()
+
if (PSA_API_TEST)
add_definitions(-DPSA_API_TEST_NS)
set(PSA_API_TEST_NS ON)
diff --git a/platform/ext/target/cypress/psoc64/spm_hal.c b/platform/ext/target/cypress/psoc64/spm_hal.c
index d911020a0d..39e7deee6e 100644
--- a/platform/ext/target/cypress/psoc64/spm_hal.c
+++ b/platform/ext/target/cypress/psoc64/spm_hal.c
@@ -57,7 +57,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_TFM_UNPRIV_CODE 1
#define MPU_REGION_TFM_UNPRIV_DATA 2
@@ -199,7 +199,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
uint32_t tfm_spm_hal_get_ns_VTOR(void)
{
diff --git a/platform/ext/target/mps2/an519/spm_hal.c b/platform/ext/target/mps2/an519/spm_hal.c
index e1a8d1253d..833aa41012 100644
--- a/platform/ext/target/mps2/an519/spm_hal.c
+++ b/platform/ext/target/mps2/an519/spm_hal.c
@@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
@@ -178,7 +178,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/mps2/an521/spm_hal.c b/platform/ext/target/mps2/an521/spm_hal.c
index 02124ea108..8e559b2082 100644
--- a/platform/ext/target/mps2/an521/spm_hal.c
+++ b/platform/ext/target/mps2/an521/spm_hal.c
@@ -27,7 +27,7 @@ extern const struct memory_region_limits memory_regions;
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
#define MPU_REGION_TFM_UNPRIV_DATA 2
@@ -38,7 +38,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#define PARTITION_REGION_PERIPH_MAX_NUM 2
uint32_t periph_num_count = 0;
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
@@ -58,7 +58,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
const struct tfm_spm_partition_platform_data_t *platform_data)
{
bool privileged = tfm_is_partition_privileged(partition_idx);
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
@@ -66,7 +66,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_INVALID_INPUT;
}
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
periph_num_count;
@@ -90,7 +90,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
HARDFAULT_NMI_ENABLE);
}
-#endif /* TFM_LVL != 1 */
+#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */
if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) {
ppc_configure_to_secure(platform_data->periph_ppc_bank,
@@ -106,7 +106,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Base);
REGION_DECLARE(Load$$LR$$, LR_VENEER, $$Limit);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
@@ -211,7 +211,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/mps2/an539/spm_hal.c b/platform/ext/target/mps2/an539/spm_hal.c
index aeaebc95cc..959bd4520a 100644
--- a/platform/ext/target/mps2/an539/spm_hal.c
+++ b/platform/ext/target/mps2/an539/spm_hal.c
@@ -76,7 +76,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
@@ -198,7 +198,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/mps3/an524/spm_hal.c b/platform/ext/target/mps3/an524/spm_hal.c
index debdae2363..a25aec9337 100644
--- a/platform/ext/target/mps3/an524/spm_hal.c
+++ b/platform/ext/target/mps3/an524/spm_hal.c
@@ -70,7 +70,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
@@ -192,7 +192,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/musca_a/spm_hal.c b/platform/ext/target/musca_a/spm_hal.c
index 099c941589..4f78ca1cc7 100644
--- a/platform/ext/target/musca_a/spm_hal.c
+++ b/platform/ext/target/musca_a/spm_hal.c
@@ -25,7 +25,7 @@ extern const struct memory_region_limits memory_regions;
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
#define MPU_REGION_TFM_UNPRIV_DATA 2
@@ -36,7 +36,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#define PARTITION_REGION_PERIPH_MAX_NUM 2
uint32_t periph_num_count = 0;
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
@@ -56,7 +56,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
const struct tfm_spm_partition_platform_data_t *platform_data)
{
bool privileged = tfm_is_partition_privileged(partition_idx);
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
@@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_INVALID_INPUT;
}
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
periph_num_count;
@@ -88,7 +88,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
HARDFAULT_NMI_ENABLE);
}
-#endif /* TFM_LVL != 1 */
+#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */
if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) {
ppc_configure_to_secure(platform_data->periph_ppc_bank,
@@ -104,7 +104,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
@@ -218,7 +218,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/musca_b1/spm_hal.c b/platform/ext/target/musca_b1/spm_hal.c
index f81c0d44bf..49285a364d 100644
--- a/platform/ext/target/musca_b1/spm_hal.c
+++ b/platform/ext/target/musca_b1/spm_hal.c
@@ -26,7 +26,7 @@ extern const struct memory_region_limits memory_regions;
struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
#define MPU_REGION_TFM_UNPRIV_DATA 2
@@ -37,7 +37,7 @@ struct mpu_armv8m_dev_t dev_mpu_s = { MPU_BASE };
#define PARTITION_REGION_PERIPH_MAX_NUM 2
uint32_t periph_num_count = 0;
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void)
{
@@ -60,7 +60,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
const struct tfm_spm_partition_platform_data_t *platform_data)
{
bool privileged = tfm_is_partition_privileged(partition_idx);
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
struct mpu_armv8m_region_cfg_t region_cfg;
#endif
@@ -68,7 +68,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_INVALID_INPUT;
}
-#if TFM_LVL != 1
+#if defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1)
if (!privileged) {
region_cfg.region_nr = PARTITION_REGION_PERIPH_START +
periph_num_count;
@@ -92,7 +92,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
mpu_armv8m_enable(&dev_mpu_s, PRIVILEGED_DEFAULT_ENABLE,
HARDFAULT_NMI_ENABLE);
}
-#endif /* TFM_LVL != 1 */
+#endif /* defined(CONFIG_TFM_ENABLE_MEMORY_PROTECT) && (TFM_LVL != 1) */
if (platform_data->periph_ppc_bank != PPC_SP_DO_NOT_CONFIGURE) {
ppc_configure_to_secure(platform_data->periph_ppc_bank,
@@ -108,7 +108,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Base);
REGION_DECLARE(Image$$, TFM_UNPRIV_CODE, $$RO$$Limit);
REGION_DECLARE(Image$$, TFM_UNPRIV_DATA, $$RW$$Base);
@@ -222,7 +222,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/musca_s1/spm_hal.c b/platform/ext/target/musca_s1/spm_hal.c
index 5d3ba3ca63..5d038f6e74 100644
--- a/platform/ext/target/musca_s1/spm_hal.c
+++ b/platform/ext/target/musca_s1/spm_hal.c
@@ -63,7 +63,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
@@ -187,7 +187,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/ext/target/sse-200_aws/spm_hal.c b/platform/ext/target/sse-200_aws/spm_hal.c
index 1e8e833fcc..be0463789c 100644
--- a/platform/ext/target/sse-200_aws/spm_hal.c
+++ b/platform/ext/target/sse-200_aws/spm_hal.c
@@ -64,7 +64,7 @@ enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(
return TFM_PLAT_ERR_SUCCESS;
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
#define MPU_REGION_VENEERS 0
#define MPU_REGION_TFM_UNPRIV_CODE 1
@@ -178,7 +178,7 @@ enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void)
}
return TFM_PLAT_ERR_SUCCESS;
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
void MPC_Handler(void)
{
diff --git a/platform/include/tfm_spm_hal.h b/platform/include/tfm_spm_hal.h
index 0435212554..3607753630 100644
--- a/platform/include/tfm_spm_hal.h
+++ b/platform/include/tfm_spm_hal.h
@@ -105,7 +105,7 @@ enum tfm_plat_err_t tfm_spm_hal_post_init_platform(void);
*/
enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void);
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
/**
* \brief This function initialises the HW used for isolation, and sets the
* default configuration for them.
@@ -114,7 +114,7 @@ enum tfm_plat_err_t tfm_spm_hal_init_isolation_hw(void);
* \return Returns values as specified by the \ref tfm_plat_err_t
*/
enum tfm_plat_err_t tfm_spm_hal_setup_isolation_hw(void);
-#endif
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
/**
* \brief Configure peripherals for a partition based on the platform data and
diff --git a/secure_fw/core/tfm_core.c b/secure_fw/core/tfm_core.c
index 33a18de7b6..b00bf4ee3c 100644
--- a/secure_fw/core/tfm_core.c
+++ b/secure_fw/core/tfm_core.c
@@ -208,11 +208,11 @@ int main(void)
tfm_core_panic();
}
-#if TFM_LVL != 1
+#ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
if (tfm_spm_hal_setup_isolation_hw() != TFM_PLAT_ERR_SUCCESS) {
tfm_core_panic();
}
-#endif /* TFM_LVL != 1 */
+#endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
#ifndef TFM_PSA_API
tfm_spm_partition_set_state(TFM_SP_CORE_ID, SPM_PARTITION_STATE_RUNNING);