Build: Restructure and unify profiles
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I181d2d62217b94711a2a5a44d985f815563201d7
diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake
index e5fb0d0..0630abd 100644
--- a/config/profile/profile_large.cmake
+++ b/config/profile/profile_large.cmake
@@ -5,28 +5,31 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_large CACHE STRING "Profile to use")
-set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level")
+set(TFM_PROFILE profile_large CACHE STRING "Configuration profile")
-############################ Partitions ########################################
+############################ SPM CONFIGURATION ################################
-set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level")
+set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
-set(TFM_PARTITION_PROTECTED_STORAGE ON CACHE BOOL "Enable Protected Storage partition")
-set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+############################ PARTITION CONFIGURATION ##########################
-set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable the TF-M Platform partition")
+set(TFM_PARTITION_PROTECTED_STORAGE ON CACHE BOOL "Enable Protected Storage partition")
+set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
+set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
+set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
-set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
+################################## Advanced options #############################
-set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
-
-####################### Fault Injection Hardening ##############################
-set(MCUBOOT_FIH_PROFILE MEDIUM CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
+set(MCUBOOT_FIH_PROFILE MEDIUM CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
+set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
################################## Dependencies ################################
set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h" CACHE PATH "Config to use for Mbed Crypto")
set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_profile_large.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
-
-set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 26b1233..4a38a2f 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -5,20 +5,30 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_medium CACHE STRING "Profile to use")
-set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
+set(TFM_PROFILE profile_medium CACHE STRING "Configuration profile")
-############################ Partitions ########################################
+############################ SPM CONFIGURATION ################################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
+set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
-set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+############################ PARTITION CONFIGURATION ##########################
-set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
+set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable the TF-M Platform partition")
+set(TFM_PARTITION_PROTECTED_STORAGE ON CACHE BOOL "Enable Protected Storage partition")
+set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
+set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
+set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
+
+################################## Advanced options #############################
+
+set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
################################## Dependencies ################################
set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h" CACHE PATH "Config to use for Mbed Crypto")
set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_profile_medium.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
-
-set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index b45f1d3..c9e6415 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -5,42 +5,42 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_small CACHE STRING "Profile to use")
-set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
+set(TFM_PROFILE profile_medium CACHE STRING "Configuration profile")
-########################## BL2 #################################################
+############################ SPM CONFIGURATION ################################
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
+set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
+set(CONFIG_TFM_SPM_BACKEND "SFN" CACHE STRING "The SPM backend [IPC, SFN]")
-############################ Partitions ########################################
+############################ PARTITION CONFIGURATION ##########################
-set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
+set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Crypto partition")
+set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ON CACHE BOOL "Enable Internal Trusted Storage partition")
+set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable the TF-M Platform partition")
+set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
+set(TFM_PARTITION_INITIAL_ATTESTATION ON CACHE BOOL "Enable Initial Attestation partition")
+set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
+set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+################################## Advanced options #############################
-set(CRYPTO_CONC_OPER_NUM 4 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
# Profile Small assigns a much smller heap size for backend crypto library as
# asymmetric cryptography is not enabled and multi-part operations are enabled
# only.
# Assign 0x100 bytes for each operation and totally 0x800 byets for max 4
# concurrent operation as set in CRYPTO_CONC_OPER_NUM above
-set(CRYPTO_ENGINE_BUF_SIZE 0x400 CACHE STRING "Heap size for the crypto backend")
-set(CRYPTO_ASYM_SIGN_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
-set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
-set(CRYPTO_SINGLE_PART_FUNCS_DISABLED ON CACHE BOOL "Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers, to optimize memory footprint in resource-constrained devices")
+set(CRYPTO_ENGINE_BUF_SIZE 0x400 CACHE STRING "Heap size for the crypto backend")
+set(CRYPTO_ASYM_SIGN_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key signature module")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
+set(CRYPTO_SINGLE_PART_FUNCS_DISABLED ON CACHE BOOL "Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers, to optimize memory footprint in resource-constrained devices")
+set(CRYPTO_CONC_OPER_NUM 4 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
-set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
-
-set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable Platform partition")
-
-set(TFM_PARTITION_FIRMWARE_UPDATE OFF CACHE BOOL "Enable firmware update partition")
+set(PSA_FRAMEWORK_HAS_MM_IOVEC ON CACHE BOOL "Enable MM-IOVEC")
+set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")
+set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h" CACHE PATH "Config to use for Mbed Crypto")
set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_profile_small.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
-
-# Enable SFN model in Profile Small by default.
-set(CONFIG_TFM_SPM_BACKEND "SFN" CACHE STRING "The SPM backend [IPC, SFN]")
-set(PSA_FRAMEWORK_HAS_MM_IOVEC ON CACHE BOOL "Enable MM-IOVEC")
-set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")