Introduce config header files to set TF-M specific configs
This patch introduces config header files to set TF-M specific configs.
-config_base.h: Default TF-M project config file.
-config_profile_*.h: TF-M project config files for different Profiles.
-config_tfm_target.h: Header files provided by platform owners to
customize TF-M configs for their platforms.
-config_<partition>.h: Header files to set default configs for each partition
in case there is any config not set in TF-M project config file.
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: I2180c5bd8d1f155cc047f158cfdbcddde8d3240e
diff --git a/config/config_base.cmake b/config/config_base.cmake
index ba3504e..e4c229a 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -62,6 +62,8 @@
set(CONFIG_TFM_STACK_WATERMARKS OFF CACHE BOOL "Whether to pre-fill partition stacks with a set value to help determine stack usage")
+set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/config_base.h" CACHE FILEPATH "User defined header file for TF-M config")
+
############################ Platform ##########################################
set(NUM_MAILBOX_QUEUE_SLOT 1 CACHE BOOL "Number of mailbox queue slots")
diff --git a/config/config_base.h b/config/config_base.h
new file mode 100644
index 0000000..32858a9
--- /dev/null
+++ b/config/config_base.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_BASE_H__
+#define __CONFIG_BASE_H__
+
+#endif /* __CONFIG_BASE_H__ */
diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h
new file mode 100644
index 0000000..b737a57
--- /dev/null
+++ b/config/profile/config_profile_large.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PROFILE_LARGE_H__
+#define __CONFIG_PROFILE_LARGE_H__
+
+#endif /* __CONFIG_PROFILE_LARGE_H__ */
diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h
new file mode 100644
index 0000000..9584472
--- /dev/null
+++ b/config/profile/config_profile_medium.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PROFILE_MEDIUM_H__
+#define __CONFIG_PROFILE_MEDIUM_H__
+
+#endif /* __CONFIG_PROFILE_MEDIUM_H__ */
diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h
new file mode 100644
index 0000000..b4ddc4a
--- /dev/null
+++ b/config/profile/config_profile_medium_arotless.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PROFILE_MEDIUM_AROTLESS_H__
+#define __CONFIG_PROFILE_MEDIUM_AROTLESS_H__
+
+#endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h
new file mode 100644
index 0000000..713f5f3
--- /dev/null
+++ b/config/profile/config_profile_small.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PROFILE_SMALL_H__
+#define __CONFIG_PROFILE_SMALL_H__
+
+#endif /* __CONFIG_PROFILE_SMALL_H__ */
diff --git a/config/profile/profile_large.cmake b/config/profile/profile_large.cmake
index 3896693..322f96f 100644
--- a/config/profile/profile_large.cmake
+++ b/config/profile/profile_large.cmake
@@ -5,12 +5,13 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_large CACHE STRING "Configuration profile")
+set(TFM_PROFILE profile_large CACHE STRING "Configuration profile")
+set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/profile/config_profile_large.h" CACHE FILEPATH "User defined header file for TF-M config")
############################ SPM CONFIGURATION ################################
set(TFM_ISOLATION_LEVEL 3 CACHE STRING "Isolation level")
-set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
+set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
############################ PARTITION CONFIGURATION ##########################
@@ -24,9 +25,9 @@
################################## Advanced options #############################
-set(MCUBOOT_FIH_PROFILE MEDIUM CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
-set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+set(MCUBOOT_FIH_PROFILE MEDIUM CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
+set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
################################## Dependencies ################################
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 8f4d8d7..1e3d870 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -5,12 +5,13 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_medium CACHE STRING "Configuration profile")
+set(TFM_PROFILE profile_medium CACHE STRING "Configuration profile")
+set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/profile/config_profile_medium.h" CACHE FILEPATH "User defined header file for TF-M config")
############################ SPM CONFIGURATION ################################
set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
-set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
+set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
############################ PARTITION CONFIGURATION ##########################
@@ -24,9 +25,9 @@
################################## Advanced options #############################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
-set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
+set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
+set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED ON CACHE BOOL "Disable PSA Crypto asymmetric key encryption module")
################################## Dependencies ################################
diff --git a/config/profile/profile_medium_arotless.cmake b/config/profile/profile_medium_arotless.cmake
index 4d908d3..0fa898c 100755
--- a/config/profile/profile_medium_arotless.cmake
+++ b/config/profile/profile_medium_arotless.cmake
@@ -5,7 +5,8 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_medium_arotless CACHE STRING "Profile to use")
+set(TFM_PROFILE profile_medium_arotless CACHE STRING "Profile to use")
+set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/profile/config_profile_medium_arotless.h" CACHE FILEPATH "User defined header file for TF-M config")
############################ SPM CONFIGURATION ################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 07d8875..756f349 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -5,12 +5,13 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_small CACHE STRING "Configuration profile")
+set(TFM_PROFILE profile_small CACHE STRING "Configuration profile")
+set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/profile/config_profile_small.h" CACHE FILEPATH "User defined header file for TF-M config")
############################ SPM CONFIGURATION ################################
set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
-set(CONFIG_TFM_SPM_BACKEND "SFN" CACHE STRING "The SPM backend [IPC, SFN]")
+set(CONFIG_TFM_SPM_BACKEND "SFN" CACHE STRING "The SPM backend [IPC, SFN]")
############################ PARTITION CONFIGURATION ##########################
@@ -36,11 +37,11 @@
set(CRYPTO_CONC_OPER_NUM 4 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
set(PSA_FRAMEWORK_HAS_MM_IOVEC ON CACHE BOOL "Enable MM-IOVEC")
-set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")
+set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")
set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
-set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h" CACHE PATH "Config to use for Mbed Crypto")
-set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_profile_small.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
+set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h" CACHE PATH "Config to use for Mbed Crypto")
+set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_profile_small.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
diff --git a/config/set_config.cmake b/config/set_config.cmake
index f5b3e3a..0b10f7e 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -108,3 +108,25 @@
# Set secure log configs
# It also depends on regression test config.
include(config/tfm_secure_log.cmake)
+
+add_library(tfm_config INTERFACE)
+
+# Set user defined TF-M config header file
+if(PROJECT_CONFIG_HEADER_FILE)
+ if(NOT EXISTS ${PROJECT_CONFIG_HEADER_FILE})
+ message(FATAL_ERROR "${PROJECT_CONFIG_HEADER_FILE} does not exist! Please use absolute path.")
+ endif()
+ target_compile_definitions(tfm_config
+ INTERFACE
+ PROJECT_CONFIG_HEADER_FILE="${PROJECT_CONFIG_HEADER_FILE}"
+ )
+endif()
+
+# Set platform defined TF-M config header file
+set(TARGET_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config_tfm_target.h")
+if(EXISTS ${TARGET_CONFIG_HEADER_FILE})
+ target_compile_definitions(tfm_config
+ INTERFACE
+ TARGET_CONFIG_HEADER_FILE="${TARGET_CONFIG_HEADER_FILE}"
+ )
+endif()