TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / 310c8d768da9337fbbd3e117228975986e9c0df8 / . / config / config_default.cmake
blob: bace8126ca20853eabb15dfea22ea7b1f441ae68 [file] [log] [blame]
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]1#-------------------------------------------------------------------------------
Raef Colesdfe519b2021-01-07 12:52:47 +0000[diff] [blame]2# Copyright (c) 2020-2021, Arm Limited. All rights reserved.
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]8set(TFM_TOOLCHAIN_FILE ${CMAKE_SOURCE_DIR}/toolchain_GNUARM.cmake CACHE FILEPATH "Path to TFM compiler toolchain file")
Øyvind Rønningstada9d5eac2021-01-22 14:21:25 +0100[diff] [blame]9set(TFM_PLATFORM "" CACHE STRING "Platform to build TF-M for. Must be either a relative path from [TF-M]/platform/ext/target, or an absolute path.")
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]10set(CROSS_COMPILE arm-none-eabi CACHE STRING "Cross-compilation triplet")
11
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]12set(BL2 ON CACHE BOOL "Whether to build BL2")
13set(NS ON CACHE BOOL "Whether to build NS app")
14
15set(TEST_S OFF CACHE BOOL "Whether to build S regression tests")
16set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests")
17set(TEST_PSA_API "" CACHE STRING "Which (if any) of the PSA API tests should be compiled")
18
19set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
20set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
21set(TFM_PROFILE "" CACHE STRING "Profile to use")
Tamas Banb881bea2020-11-04 16:18:36 +0000[diff] [blame]22set(TFM_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]23
24set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification")
25
26set(TFM_EXTRA_CONFIG_PATH "" CACHE PATH "Path to extra cmake config file")
Kevin Peng38800662021-07-14 10:28:23 +0800[diff] [blame]27
28set(TFM_MANIFEST_LIST ${CMAKE_SOURCE_DIR}/tools/tfm_manifest_list.yaml CACHE FILEPATH "TF-M native Secure Partition manifests list file")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]29set(TFM_EXTRA_MANIFEST_LIST_PATH "" CACHE PATH "Path to extra manifest file, used to declare extra partitions. Appended to standard TFM manifest")
30set(TFM_EXTRA_GENERATED_FILE_LIST_PATH "" CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list.")
31
Shawn Shanfffd7ee2020-11-23 18:07:54 +0800[diff] [blame]32set(TFM_SPM_LOG_LEVEL TFM_SPM_LOG_LEVEL_INFO CACHE STRING "Set default SPM log level as INFO level")
Shawn Shan9ea2f802020-11-19 11:04:39 +0800[diff] [blame]33set(TFM_PARTITION_LOG_LEVEL TFM_PARTITION_LOG_LEVEL_INFO CACHE STRING "Set default Secure Partition log level as INFO level")
Shawn Shan6f33aad2020-10-16 15:30:17 +0800[diff] [blame]34
Tamas Banf8b0b2d2020-10-26 13:03:13 +0000[diff] [blame]35set(TFM_CODE_SHARING OFF CACHE PATH "Enable code sharing between MCUboot and secure firmware")
36set(TFM_CODE_SHARING_PATH "" CACHE PATH "Path to repo which shares code with secure firmware")
37
Raef Colesa198a442020-11-24 11:42:53 +0000[diff] [blame]38set(TFM_INSTALL_PATH ${CMAKE_BINARY_DIR}/install CACHE PATH "Path to which to install TF-M files")
39
Karl Zhangf897e9e2021-01-08 17:52:53 +0800[diff] [blame]40set(TFM_CODE_COVERAGE OFF CACHE BOOL "Whether to build the binary for lcov tools by adding -g")
41
Summer Qin2cd2ab72020-04-22 14:55:00 +0800[diff] [blame]42set(TFM_SP_META_PTR_ENABLE OFF CACHE BOOL "Use Partition Metadata Pointer")
43
Summer Qind8395932021-02-25 14:56:49 +0800[diff] [blame]44set(TFM_PXN_ENABLE OFF CACHE BOOL "Use Privileged execute never (PXN)")
45
Øyvind Rønningstadf2c8dad2021-01-15 15:33:33 +0100[diff] [blame]46set(TFM_EXCEPTION_INFO_DUMP OFF CACHE BOOL "On fatal errors in the secure firmware, capture info about the exception. Print the info if the SPM log level is sufficient.")
47
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]48########################## BL2 #################################################
49
Mark Horvath8576e382021-03-12 10:24:55 +0100[diff] [blame]50set(DEFAULT_MCUBOOT_SECURITY_COUNTERS ON CACHE BOOL "Whether to use the default security counter configuration defined by TF-M project")
51set(DEFAULT_MCUBOOT_FLASH_MAP ON CACHE BOOL "Whether to use the default flash map defined by TF-M project")
52
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]53set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
54set(MCUBOOT_EXECUTION_SLOT 1 CACHE STRING "Slot from which to execute the image, used for XIP mode")
55set(MCUBOOT_LOG_LEVEL "INFO" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
56set(MCUBOOT_HW_KEY ON CACHE BOOL "Whether to embed the entire public key in the image metadata instead of the hash only")
David Vincze0c515de2020-11-25 19:02:57 +0100[diff] [blame]57set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Upgrade strategy for images")
Sherry Zhangc4d8e2c2021-05-31 15:22:05 +0800[diff] [blame]58set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]59set(MCUBOOT_MEASURED_BOOT ON CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token")
60set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters")
61set(MCUBOOT_ENC_IMAGES OFF CACHE BOOL "Enable encrypted image upgrade support")
62set(MCUBOOT_ENCRYPT_RSA OFF CACHE BOOL "Use RSA for encrypted image upgrade support")
Tamas Ban1bfc9da2020-07-09 13:55:38 +0100[diff] [blame]63set(MCUBOOT_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]64
65# Note - If either SIGNATURE_TYPE or KEY_LEN are changed, the entries for KEY_S
66# and KEY_NS will either have to be updated manually or removed from the cache.
67# `cmake .. -UMCUBOOT_KEY_S -UMCUBOOT_KEY_NS`. Once removed from the cache it
68# will be set to default again.
69set(MCUBOOT_SIGNATURE_TYPE "RSA" CACHE STRING "Algorithm to use for signature validation")
70set(MCUBOOT_SIGNATURE_KEY_LEN 3072 CACHE STRING "Key length to use for signature validation")
71set(MCUBOOT_KEY_S "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}.pem" CACHE FILEPATH "Path to key with which to sign secure binary")
72set(MCUBOOT_KEY_NS "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/root-${MCUBOOT_SIGNATURE_TYPE}-${MCUBOOT_SIGNATURE_KEY_LEN}_1.pem" CACHE FILEPATH "Path to key with which to sign non-secure binary")
73
74set(MCUBOOT_IMAGE_VERSION_S ${TFM_VERSION} CACHE STRING "Version number of S image")
75set(MCUBOOT_IMAGE_VERSION_NS 0.0.0 CACHE STRING "Version number of NS image")
76set(MCUBOOT_SECURITY_COUNTER_S "auto" CACHE STRING "Security counter for S image. auto sets it to IMAGE_VERSION_S")
77set(MCUBOOT_SECURITY_COUNTER_NS "auto" CACHE STRING "Security counter for NS image. auto sets it to IMAGE_VERSION_NS")
Raef Coles55e5e6b2021-01-19 11:41:08 +0000[diff] [blame]78set(MCUBOOT_S_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of secure image required by the non-secure image for upgrade to this non-secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
79set(MCUBOOT_NS_IMAGE_MIN_VER 0.0.0+0 CACHE STRING "Minimum version of non-secure image required by the secure image for upgrade to this secure image. If MCUBOOT_IMAGE_NUMBER == 1 this option has no effect")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]80
Ioannis Glaropoulos855321a2021-05-11 12:44:39 +0200[diff] [blame]81set(MCUBOOT_MBEDCRYPTO_CONFIG_FILEPATH "${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/config/mcuboot-mbedtls-cfg.h" CACHE FILEPATH "Mbedtls config file to use with MCUboot")
82
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]83############################ Platform ##########################################
84
85set(TFM_MULTI_CORE_TOPOLOGY OFF CACHE BOOL "Whether to build for a dual-cpu architecture")
David Hu8b526d42020-11-27 20:59:52 +0800[diff] [blame]86set(NUM_MAILBOX_QUEUE_SLOT 1 CACHE BOOL "Number of mailbox queue slots")
David Hu60863942020-10-14 14:49:19 +0800[diff] [blame]87
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]88set(DEBUG_AUTHENTICATION CHIP_DEFAULT CACHE STRING "Debug authentication setting. [CHIP_DEFAULT, NONE, NS_ONLY, FULL")
89set(SECURE_UART1 OFF CACHE BOOL "Enable secure UART1")
90
91set(CRYPTO_HW_ACCELERATOR OFF CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
92set(CRYPTO_HW_ACCELERATOR_OTP_STATE OFF CACHE STRING "Whether to enable the crypto hardware accelerator OTP memory on supported platforms (Set to PROVISIONING to enable OTP provisioning)")
93
94set(PLATFORM_DUMMY_ATTEST_HAL TRUE CACHE BOOL "Use dummy attest hal implementation. Should not be used in production.")
95set(PLATFORM_DUMMY_NV_COUNTERS TRUE CACHE BOOL "Use dummy nv counter implementation. Should not be used in production.")
96set(PLATFORM_DUMMY_CRYPTO_KEYS TRUE CACHE BOOL "Use dummy crypto keys. Should not be used in production.")
97set(PLATFORM_DUMMY_ROTPK TRUE CACHE BOOL "Use dummy root of trust public key. Dummy key is the public key for the default keys in bl2. Should not be used in production.")
98set(PLATFORM_DUMMY_IAK TRUE CACHE BOOL "Use dummy initial attestation_key. Should not be used in production.")
Gabor Abonyi931622b2020-10-19 15:08:40 +0200[diff] [blame]99set(PLATFORM_DEFAULT_UART_STDOUT TRUE CACHE BOOL "Use default uart stdout implementation.")
Summer Qin9347dc72021-07-12 18:57:57 +0800[diff] [blame]100set(PLATFORM_DUMMY_NV_SEED TRUE CACHE BOOL "Use dummy NV seed implementation. Should not be used in production.")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]101
102############################ Partitions ########################################
103
104set(TFM_PARTITION_PROTECTED_STORAGE ON CACHE BOOL "Enable Protected Storage partition")
Jamie Fox865778b2020-10-23 19:52:51 +0100[diff] [blame]105set(PS_CREATE_FLASH_LAYOUT ON CACHE BOOL "Create flash FS if it doesn't exist for Protected Storage partition")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]106set(PS_ENCRYPTION ON CACHE BOOL "Enable encryption for Protected Storage partition")
107set(PS_RAM_FS OFF CACHE BOOL "Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition")
108set(PS_ROLLBACK_PROTECTION ON CACHE BOOL "Enable rollback protection for Protected Storage partition")
Jamie Fox34a7a232020-10-20 16:19:09 +0100[diff] [blame]109set(PS_VALIDATE_METADATA_FROM_FLASH ON CACHE BOOL "Validate filesystem metadata every time it is read from flash")
Jamie Fox865778b2020-10-23 19:52:51 +0100[diff] [blame]110set(PS_MAX_ASSET_SIZE "2048" CACHE STRING "The maximum asset size to be stored in the Protected Storage area")
111set(PS_NUM_ASSETS "10" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
112set(PS_CRYPTO_AEAD_ALG PSA_ALG_GCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]113
114set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
Jamie Fox865778b2020-10-23 19:52:51 +0100[diff] [blame]115set(ITS_CREATE_FLASH_LAYOUT ON CACHE BOOL "Create flash FS if it doesn't exist for Internal Trusted Storage partition")
116set(ITS_RAM_FS OFF CACHE BOOL "Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition")
Jamie Fox34a7a232020-10-20 16:19:09 +0100[diff] [blame]117set(ITS_VALIDATE_METADATA_FROM_FLASH ON CACHE BOOL "Validate filesystem metadata every time it is read from flash")
Jamie Fox865778b2020-10-23 19:52:51 +0100[diff] [blame]118set(ITS_MAX_ASSET_SIZE "512" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
119set(ITS_NUM_ASSETS "10" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]120set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
121
122set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
Soby Mathew4739c732020-10-07 12:11:05 +0100[diff] [blame]123# CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
Summer Qine8412b42020-10-15 14:20:21 +0800[diff] [blame]124set(CRYPTO_ENGINE_BUF_SIZE 0x2080 CACHE STRING "Heap size for the crypto backend")
Soby Mathew4739c732020-10-07 12:11:05 +0100[diff] [blame]125set(CRYPTO_CONC_OPER_NUM 8 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
Ioannis Glaropoulos829aa752021-06-15 12:37:02 +0200[diff] [blame]126set(CRYPTO_RNG_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto random number generator module")
Soby Mathew4739c732020-10-07 12:11:05 +0100[diff] [blame]127set(CRYPTO_KEY_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Key module")
128set(CRYPTO_AEAD_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto AEAD module")
129set(CRYPTO_MAC_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto MAC module")
130set(CRYPTO_HASH_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Hash module")
131set(CRYPTO_CIPHER_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Cipher module")
David Hu0c250bc2021-05-12 10:55:53 +0800[diff] [blame]132set(CRYPTO_ASYM_SIGN_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
133set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
Håkon Øye Amundsen112e48d2021-01-19 15:41:10 +0100[diff] [blame]134set(CRYPTO_KEY_DERIVATION_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto key derivation module")
Soby Mathew4739c732020-10-07 12:11:05 +0100[diff] [blame]135set(CRYPTO_IOVEC_BUFFER_SIZE 5120 CACHE STRING "Default size of the internal scratch buffer used for PSA FF IOVec allocations")
David Hub3d7d682021-06-25 14:55:35 +0800[diff] [blame]136# TODO CRYPTO_KEY_ID_ENCODES_OWNER shall be aligned with underlying crypto
137# library key ID encoding configuration
138set(CRYPTO_KEY_ID_ENCODES_OWNER ON CACHE BOOL "Encode client ID into Crypto PSA key ID")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]139
140set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
141set(SYMMETRIC_INITIAL_ATTESTATION OFF CACHE BOOL "Use symmetric crypto for inital attestation")
142set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include optional claims in initial attestation token")
143set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token")
144
145set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
146
147set(TFM_PARTITION_AUDIT_LOG ON CACHE BOOL "Enable Audit Log partition")
148
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]149set(FORWARD_PROT_MSG OFF CACHE BOOL "Whether to forward all PSA RoT messages to a Secure Enclave")
Sherry Zhang07b42412021-01-07 14:19:41 +0800[diff] [blame]150set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
Sherry Zhang539ade42021-05-19 15:14:27 +0800[diff] [blame]151set(TFM_FWU_BOOTLOADER_LIB "mcuboot" CACHE STRING "Bootloader configure file for Firmware Update partition")
Mark Horvathb9ac0d52020-09-09 10:48:22 +0200[diff] [blame]152
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]153################################## Tests #######################################
154
Raef Colesabe4f2c2020-10-02 10:32:35 +0100[diff] [blame]155set(TFM_INTERACTIVE_TEST OFF CACHE BOOL "Enable interactive tests")
Kevin Peng6a121d02021-05-10 13:53:58 +0800[diff] [blame]156set(TFM_ENABLE_SLIH_TEST OFF CACHE BOOL "Enable Second-Level Interrupt Handling tests")
Kevin Pengfb9f2ce2021-05-27 15:13:46 +0800[diff] [blame]157set(TFM_ENABLE_FLIH_TEST OFF CACHE BOOL "Enable First-Level Interrupt Handling tests")
Raef Colesc342d5c2020-10-12 10:08:38 +0100[diff] [blame]158set(TFM_PERIPH_ACCESS_TEST OFF CACHE BOOL "Enable peripheral access tests")
Raef Colesabe4f2c2020-10-02 10:32:35 +0100[diff] [blame]159
Kevin Peng95b55062020-11-09 11:27:25 +0800[diff] [blame]160set(PS_TEST_NV_COUNTERS ON CACHE BOOL "Use the test NV counters to test Protected Storage rollback scenarios")
Jamie Fox87014842020-10-22 23:28:10 +0100[diff] [blame]161
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]162set(TFM_CRYPTO_TEST_ALG_CBC ON CACHE BOOL "Test CBC cryptography mode")
163set(TFM_CRYPTO_TEST_ALG_CCM ON CACHE BOOL "Test CCM cryptography mode")
164set(TFM_CRYPTO_TEST_ALG_CFB ON CACHE BOOL "Test CFB cryptography mode")
165set(TFM_CRYPTO_TEST_ALG_CTR ON CACHE BOOL "Test CTR cryptography mode")
166set(TFM_CRYPTO_TEST_ALG_GCM ON CACHE BOOL "Test GCM cryptography mode")
167set(TFM_CRYPTO_TEST_ALG_SHA_512 ON CACHE BOOL "Test SHA-512 cryptography algorithm")
Antonio de Angelis6eb5ecb2021-07-29 11:33:48 +0200[diff] [blame]168set(TFM_CRYPTO_TEST_HKDF ON CACHE BOOL "Test the HKDF key derivation algorithm")
169set(TFM_CRYPTO_TEST_ECDH ON CACHE BOOL "Test the ECDH key agreement algorithm")
Sherry Zhang4c697c62021-03-09 16:07:16 +0800[diff] [blame]170set(TFM_FWU_TEST_REQUEST_REBOOT OFF CACHE BOOL "Test psa_fwu_request_reboot")
171set(TFM_FWU_TEST_WRITE_WITH_NULL OFF CACHE BOOL "Test psa_fwu_write with data block NULL")
172set(TFM_FWU_TEST_QUERY_WITH_NULL OFF CACHE BOOL "Test psa_fwu_query with info NULL")
Sherry Zhang1d815812021-05-24 11:14:24 +0800[diff] [blame]173set(TFM_FWU_TEST_SECURE OFF CACHE BOOL "Enable the secure firmware update tests")
Sherry Zhang4c697c62021-03-09 16:07:16 +0800[diff] [blame]174
David Hueaf9fc72021-06-05 17:38:53 +0800[diff] [blame]175set(ATTEST_TEST_GET_PUBLIC_KEY OFF CACHE BOOL "Require to retrieve Initial Attestation public in runtime for test purpose")
176
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]177################################## Dependencies ################################
178
179set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
Summer Qin359167d2021-07-05 18:11:50 +0800[diff] [blame]180set(MBEDCRYPTO_VERSION "mbedtls-3.0.0" CACHE STRING "The version of Mbed Crypto to use")
Øyvind Rønningstad6d3f3df2021-02-10 18:25:56 +0100[diff] [blame]181set(MBEDCRYPTO_GIT_REMOTE "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]182set(MBEDCRYPTO_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING "Build type of Mbed Crypto library")
183set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h" CACHE PATH "Config to use for Mbed Crypto")
184set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH "" CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
185
186set(TFM_TEST_REPO_PATH "DOWNLOAD" CACHE PATH "Path to TFM-TEST repo (or DOWNLOAD to fetch automatically")
Summer Qinc19c76622021-07-21 16:55:10 +0800[diff] [blame]187set(TFM_TEST_REPO_VERSION "e1a8c9f" CACHE STRING "The version of tf-m-tests to use")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]188set(CMSIS_5_PATH "DOWNLOAD" CACHE PATH "Path to CMSIS_5 (or DOWNLOAD to fetch automatically")
189
David Vincze7e1c5a42021-07-28 23:41:35 +0200[diff] [blame]190set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
191set(MCUBOOT_VERSION "TF-Mv1.4-integ" CACHE STRING "The version of MCUboot to use")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]192
193set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
Summer Qin56c75f12021-07-23 18:21:14 +0800[diff] [blame]194set(PSA_ARCH_TESTS_VERSION "51ff2bd" CACHE STRING "The version of PSA arch tests to use")
David Vincze0c515de2020-11-25 19:02:57 +0100[diff] [blame]195
196################################################################################
197################################################################################
198
199# Specifying the accepted values for certain configuration options to facilitate
200# their later validation.
201
202########################## BL2 #################################################
203
204set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWAP;DIRECT_XIP;RAM_LOAD")
Tamas Banb881bea2020-11-04 16:18:36 +0000[diff] [blame]205
206########################## FIH #################################################
207
208set_property(CACHE TFM_FIH_PROFILE PROPERTY STRINGS "OFF;LOW;MEDIUM;HIGH")