Build: Use IPC Model to build by default
The Library Model (TFM_PSA_API=OFF) is not being developed anymore.
It does not support for new FF-M features.
New comers to TF-M should be encouraged to start with the IPC model
to have the better experiences.
Library Model might be replaced by SFN Model in the future.
This patch adds a new TFM_LIB_MODEL configuration and set to OFF by
default to build IPC model by default.
The TFM_PSA_API is not intended for users to choose between library
and IPC model anymore.
To build Library model, please set TFM_LIB_MODEL to ON.
Note:
The test repo version is updated as well for the dependency changes.
Change-Id: I43ec92cd46dbc5a26e3638269cfb6267e24352bd
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/config/check_config.cmake b/config/check_config.cmake
index 2ac6380..e4e9555 100644
--- a/config/check_config.cmake
+++ b/config/check_config.cmake
@@ -23,11 +23,13 @@
set (TFM_L3_PLATFORM_LISTS arm/mps2/an521 arm/musca_b1/sse_200 stm/stm32l562e_dk)
+tfm_invalid_config(TFM_LIB_MODEL AND TFM_PSA_API)
+tfm_invalid_config(NOT TFM_LIB_MODEL AND NOT TFM_PSA_API)
tfm_invalid_config(TFM_ISOLATION_LEVEL LESS 1 OR TFM_ISOLATION_LEVEL GREATER 3)
tfm_invalid_config(TFM_ISOLATION_LEVEL EQUAL 3 AND NOT TFM_PLATFORM IN_LIST TFM_L3_PLATFORM_LISTS)
-tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_ISOLATION_LEVEL GREATER 1 AND TFM_LIB_MODEL)
-tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_MULTI_CORE_TOPOLOGY AND TFM_LIB_MODEL)
tfm_invalid_config(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM AND NOT TFM_MULTI_CORE_TOPOLOGY)
tfm_invalid_config((TFM_S_REG_TEST OR TFM_NS_REG_TEST) AND TEST_PSA_API)
@@ -38,7 +40,7 @@
tfm_invalid_config(SUITE STREQUAL "IPC" AND NOT TEST_PSA_API STREQUAL "IPC")
-tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND NOT TFM_PSA_API)
+tfm_invalid_config(TEST_PSA_API STREQUAL "IPC" AND TFM_LIB_MODEL)
tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT TFM_PARTITION_CRYPTO)
tfm_invalid_config(TEST_PSA_API STREQUAL "INITIAL_ATTESTATION" AND NOT TFM_PARTITION_INITIAL_ATTESTATION)
tfm_invalid_config(TEST_PSA_API STREQUAL "INTERNAL_TRUSTED_STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
@@ -63,7 +65,7 @@
####################### SP META Pointer ########################################
-tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND NOT TFM_PSA_API)
+tfm_invalid_config(TFM_SP_META_PTR_ENABLE AND TFM_LIB_MODEL)
####################### Firmware Update Parttion ###############################
@@ -78,7 +80,7 @@
########################### TF-M audit log #####################################
-tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND TFM_PSA_API)
+tfm_invalid_config(TFM_PARTITION_AUDIT_LOG AND NOT TFM_LIB_MODEL)
########################### TF-M crypto ########################################
diff --git a/config/config_default.cmake b/config/config_default.cmake
index 09db32e..0a1b62e 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -16,7 +16,9 @@
set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests")
set(TEST_PSA_API "" CACHE STRING "Which (if any) of the PSA API tests should be compiled")
-set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+# TFM_LIB_MODEL is the only user configuration for Library Model selection.
+# TFM_PSA_API becomes an internal variable. Please do NOT use it in build command line.
+set(TFM_LIB_MODEL OFF CACHE BOOL "Use secure library model instead of PSA API (IPC model)")
set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
set(TFM_PROFILE "" CACHE STRING "Profile to use")
set(TFM_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
@@ -108,7 +110,7 @@
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
-set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition")
+set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
set(FORWARD_PROT_MSG OFF CACHE BOOL "Whether to forward all PSA RoT messages to a Secure Enclave")
set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
@@ -127,7 +129,7 @@
set(MCUBOOT_VERSION "TF-Mv1.4-integ" CACHE STRING "The version of MCUboot to use")
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
-set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version of PSA arch tests to use")
+set(PSA_ARCH_TESTS_VERSION "c00020e" CACHE STRING "The version of PSA arch tests to use")
################################################################################
################################################################################
diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake
index d3a95a6..3de4a09 100644
--- a/config/profile/profile_large.cmake
+++ b/config/profile/profile_large.cmake
@@ -6,7 +6,6 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_large CACHE STRING "Profile to use")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level")
############################ Partitions ########################################
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 8b10152..bdb8c38 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -6,7 +6,6 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_medium CACHE STRING "Profile to use")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
############################ Partitions ########################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 5d71eec..c03e911 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -6,7 +6,7 @@
#-------------------------------------------------------------------------------
set(TFM_PROFILE profile_small CACHE STRING "Profile to use")
-set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+set(TFM_LIB_MODEL ON CACHE BOOL "Use secure library model instead of PSA API (IPC model)")
set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
########################## BL2 #################################################
diff --git a/config/set_config.cmake b/config/set_config.cmake
index 9cb3cff..78ca844 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -43,7 +43,9 @@
endif()
# Load TF-M model specific default config
-if (TFM_PSA_API)
+if (TFM_LIB_MODEL)
+ include(config/tfm_library_config_default.cmake)
+else()
include(config/tfm_ipc_config_default.cmake)
endif()
diff --git a/config/tfm_ipc_config_default.cmake b/config/tfm_ipc_config_default.cmake
index 14512e9..b8b16b4 100644
--- a/config/tfm_ipc_config_default.cmake
+++ b/config/tfm_ipc_config_default.cmake
@@ -7,4 +7,4 @@
############################ Partitions ########################################
-set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
+set(TFM_PSA_API ON CACHE BOOL "Use PSA API instead of secure library model")
diff --git a/config/tfm_library_config_default.cmake b/config/tfm_library_config_default.cmake
new file mode 100644
index 0000000..887b0be
--- /dev/null
+++ b/config/tfm_library_config_default.cmake
@@ -0,0 +1,11 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+############################ Partitions ########################################
+
+set(TFM_PSA_API OFF CACHE BOOL "Use PSA API instead of secure library model")
+set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition")