TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 75b0b7670353cde38e6fe0d868e84cfe3b945b9e / . / docs / configuration / header_file_system.rst
blob: e87f64e62fe10bfd4dd894ac2065402dcc347e27 [file] [log] [blame]
Kevin Peng75b0b762022-10-25 18:00:27 +0800[diff] [blame^]1.. _Header_configuration:
2
3#############################
4The Header File Config System
5#############################
6
7The header file configurations system is used to fine-tune component options.
8
9The following diagram shows how the system works.
10
11.. figure:: header_file_system.png
12
13A ``config_tfm.h`` file collects customized configurations, including platform customized and
14project specific settings.
15Each component has a ``config_<comp_name>.h`` which includes the ``config_tfm.h`` first and then
16provides default values for each config option of the component as well as necessary validations
17on config dependencies.
18Source files then include component header files when necessary.
19
20The ``config_tfm.h`` includes a customized project config file provided via compile definition
21``PROJECT_CONFIG_HEADER_FILE``.
22Users set the corresponding CMake variable ``PROJECT_CONFIG_HEADER_FILE`` with the full path of the
23configuration header file.
24A platform can adjust or place restriction on config options by providing a ``config_tfm_target.h``
25under the root folder of their platforms.
26If the build system finds the file, it sets the ``TARGET_CONFIG_HEADER_FILE`` compile definition.
27
28.. code-block:: c
29
30 #ifdef PROJECT_CONFIG_HEADER_FILE
31 #include PROJECT_CONFIG_HEADER_FILE
32 #endif
33
34 #ifdef TARGET_CONFIG_HEADER_FILE
35 #include TARGET_CONFIG_HEADER_FILE
36 #endif
37
38The project config header file can be
39
40- Generated by the TF-M Kconfig system <kconfig_system>
41- One of the header files of Profiles <tf-m_profiles>, set via the ``TFM_PROFILE`` build option.
42- Manually customized profile based on pre-set profiles.
43
44It is expected that all Component options are included in the header file to explicitly set values
45for each option.
46Refer to `Base Config Options`_ for details the base configurations.
47
48*******************
49Base Config Options
50*******************
51This section lists the config option categorizations of the SPM and Secure Partitions.
52
53Crypto
54======
55+-------------------------------------+-----------+------------+
56| Options | Type | Base Value |
57+=====================================+===========+============+
58|TFM_PARTITION_CRYPTO | Build | OFF |
59+-------------------------------------+-----------+------------+
60|CRYPTO_TFM_BUILTIN_KEYS_DRIVER | Build | ON |
61+-------------------------------------+-----------+------------+
62|CRYPTO_NV_SEED | Component | ON |
63+-------------------------------------+-----------+------------+
64|CRYPTO_ENGINE_BUF_SIZE | Component | 0x2080 |
65+-------------------------------------+-----------+------------+
66|CRYPTO_IOVEC_BUFFER_SIZE | Component | 5120 |
67+-------------------------------------+-----------+------------+
68|CRYPTO_STACK_SIZE | Component | 0x1B00 |
69+-------------------------------------+-----------+------------+
70|CRYPTO_CONC_OPER_NUM | Component | 8 |
71+-------------------------------------+-----------+------------+
72|CRYPTO_RNG_MODULE_ENABLED | Component | 1 |
73+-------------------------------------+-----------+------------+
74|CRYPTO_KEY_MODULE_ENABLED | Component | 1 |
75+-------------------------------------+-----------+------------+
76|CRYPTO_AEAD_MODULE_ENABLED | Component | 1 |
77+-------------------------------------+-----------+------------+
78|CRYPTO_MAC_MODULE_ENABLED | Component | 1 |
79+-------------------------------------+-----------+------------+
80|CRYPTO_HASH_MODULE_ENABLED | Component | 1 |
81+-------------------------------------+-----------+------------+
82|CRYPTO_CIPHER_MODULE_ENABLED | Component | 1 |
83+-------------------------------------+-----------+------------+
84|CRYPTO_ASYM_SIGN_MODULE_ENABLED | Component | 1 |
85+-------------------------------------+-----------+------------+
86|CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED | Component | 1 |
87+-------------------------------------+-----------+------------+
88|CRYPTO_KEY_DERIVATION_MODULE_ENABLED | Component | 1 |
89+-------------------------------------+-----------+------------+
90|CRYPTO_SINGLE_PART_FUNCS_ENABLED | Component | 1 |
91+-------------------------------------+-----------+------------+
92
93Initial Attestation
94===================
95+-------------------------------------+-----------+-------------+
96| Options | Type | Base Value |
97+=====================================+===========+=============+
98|TFM_PARTITION_INITIAL_ATTESTATION | Build | OFF |
99+-------------------------------------+-----------+-------------+
100|SYMMETRIC_INITIAL_ATTESTATION | Build | OFF |
101+-------------------------------------+-----------+-------------+
102|ATTEST_INCLUDE_TEST_CODE | Build | OFF |
103+-------------------------------------+-----------+-------------+
104|ATTEST_KEY_BITS | Build | 256 |
105+-------------------------------------+-----------+-------------+
106|ATTEST_TOKEN_PROFILE | Component | "PSA_IOT_1" |
107+-------------------------------------+-----------+-------------+
108|ATTEST_INCLUDE_OPTIONAL_CLAIMS | Component | 1 |
109+-------------------------------------+-----------+-------------+
110|ATTEST_INCLUDE_COSE_KEY_ID | Component | 0 |
111+-------------------------------------+-----------+-------------+
112|ATTEST_STACK_SIZE | Component | 0x700 |
113+-------------------------------------+-----------+-------------+
114
115Internal Trusted Storage
116========================
117+---------------------------------------+-----------+------------------------+
118| Options | Type | Base Value |
119+=======================================+===========+========================+
120|TFM_PARTITION_INTERNAL_TRUSTED_STORAGE | Build | OFF |
121+---------------------------------------+-----------+------------------------+
122|ITS_CREATE_FLASH_LAYOUT | Component | 1 |
123+---------------------------------------+-----------+------------------------+
124|ITS_RAM_FS | Component | 0 |
125+---------------------------------------+-----------+------------------------+
126|ITS_VALIDATE_METADATA_FROM_FLASH | Component | 1 |
127+---------------------------------------+-----------+------------------------+
128|ITS_MAX_ASSET_SIZE | Component | 512 |
129+---------------------------------------+-----------+------------------------+
130|ITS_NUM_ASSETS | Component | 10 |
131+---------------------------------------+-----------+------------------------+
132|ITS_BUF_SIZE | Component | ITS_MAX_ASSET_SIZE |
133+---------------------------------------+-----------+------------------------+
134|ITS_STACK_SIZE | Component | 0x720 |
135+---------------------------------------+-----------+------------------------+
136
137Protected Storage
138=================
139+---------------------------------------+-----------+-----------------+
140| Options | Type | Base Value |
141+=======================================+===========+=================+
142|TFM_PARTITION_PROTECTED_STORAGE | Build | OFF |
143+---------------------------------------+-----------+-----------------+
144|PS_ENCRYPTION | Build | ON |
145+---------------------------------------+-----------+-----------------+
146|PS_CRYPTO_AEAD_ALG | Build | PSA_ALG_GCM |
147+---------------------------------------+-----------+-----------------+
148|PS_CREATE_FLASH_LAYOUT | Component | 1 |
149+---------------------------------------+-----------+-----------------+
150|PS_RAM_FS | Component | 0 |
151+---------------------------------------+-----------+-----------------+
152|PS_VALIDATE_METADATA_FROM_FLASH | Component | 1 |
153+---------------------------------------+-----------+-----------------+
154|PS_MAX_ASSET_SIZE | Component | 2048 |
155+---------------------------------------+-----------+-----------------+
156|PS_NUM_ASSETS | Component | 10 |
157+---------------------------------------+-----------+-----------------+
158|PS_ROLLBACK_PROTECTION | Component | 1 |
159+---------------------------------------+-----------+-----------------+
160|PS_STACK_SIZE | Component | 0x700 |
161+---------------------------------------+-----------+-----------------+
162
163Firmware Update
164===============
165+-------------------------------------+-----------+-------------------------------------+
166| Options | Type | Base Value |
167+=====================================+===========+=====================================+
168|PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT | Build | OFF |
169+-------------------------------------+-----------+-------------------------------------+
170|TFM_PARTITION_FIRMWARE_UPDATE | Build | OFF |
171+-------------------------------------+-----------+-------------------------------------+
172|TFM_CONFIG_FWU_MAX_WRITE_SIZE | Build | 1024 |
173+-------------------------------------+-----------+-------------------------------------+
174|TFM_CONFIG_FWU_MAX_MANIFEST_SIZE | Build | 0 |
175+-------------------------------------+-----------+-------------------------------------+
176|FWU_DEVICE_CONFIG_FILE | Build | "" |
177+-------------------------------------+-----------+-------------------------------------+
178|FWU_SUPPORT_TRIAL_STATE | Build | Depends on MCUBOOT_UPGRADE_STRATEGY |
179+-------------------------------------+-----------+-------------------------------------+
180|TFM_FWU_BOOTLOADER_LIB | Build | "mcuboot" |
181+-------------------------------------+-----------+-------------------------------------+
182|TFM_FWU_BUF_SIZE | Component | PSA_FWU_MAX_BLOCK_SIZE |
183+-------------------------------------+-----------+-------------------------------------+
184|FWU_STACK_SIZE | Component | 0x600 |
185+-------------------------------------+-----------+-------------------------------------+
186
187Platform Secure Partition
188=========================
189+-------------------------------------+-----------+------------+
190| Options | Type | Base Value |
191+=====================================+===========+============+
192|TFM_PARTITION_PLATFORM | Build | OFF |
193+-------------------------------------+-----------+------------+
194|PLATFORM_SERVICE_INPUT_BUFFER_SIZE | Component | 64 |
195+-------------------------------------+-----------+------------+
196|PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE | Component | 64 |
197+-------------------------------------+-----------+------------+
198|PLATFORM_SP_STACK_SIZE | Component | 0x500 |
199+-------------------------------------+-----------+------------+
200|PLATFORM_NV_COUNTER_MODULE_DISABLED | Component | 0 |
201+-------------------------------------+-----------+------------+
202
203Secure Partition Manager
204========================
205+-------------------------------------+-----------+-------------+
206| Options | Type | Base Values |
207+=====================================+===========+=============+
208|TFM_ISOLATION_LEVEL | Build | 1 |
209+-------------------------------------+-----------+-------------+
210|PSA_FRAMEWORK_HAS_MM_IOVEC | Build | OFF |
211+-------------------------------------+-----------+-------------+
212|CONFIG_TFM_SPM_BACKEND | Build | "SFN" |
213+-------------------------------------+-----------+-------------+
214|TFM_SPM_LOG_LEVEL | Build | 1 |
215+-------------------------------------+-----------+-------------+
216|CONFIG_TFM_CONN_HANDLE_MAX_NUM | Component | 8 |
217+-------------------------------------+-----------+-------------+
218|CONFIG_TFM_DOORBELL_API | Component | 0 |
219+-------------------------------------+-----------+-------------+
220
221--------------
222
223*Copyright (c) 2022, Arm Limited. All rights reserved.*