TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / next / TF-M / trusted-firmware-m / refs/heads/feature-build-split-v2 / . / secure_fw / spm / Kconfig
blob: 4077c6318ccbbe6d3f794f2d74fe84bf5c2602cf [file] [log] [blame]
#-------------------------------------------------------------------------------
# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
menu "SPM"
config TFM_ISOLATION_LEVEL
int "Isolation level"
default 1
range 1 3 if PLATFORM_HAS_ISOLATION_L3_SUPPORT
range 1 2
help
SFN backend only supports level 1.
IPC backend can support all 3 levels.
Isolation level 3 requires platform support.
choice
prompt "SPM Backend"
config CONFIG_TFM_SPM_BACKEND_SFN
bool "SFN Backend"
# Multi-core platform based on inter-core communication cannot fully work with SFN
# backend yet.
# TO-DO: Check whether it depends on TFM_PARTITION_NS_AGENT_MAILBOX or TFM_MULTI_CORE_TOPOLOGY
depends on !TFM_PARTITION_NS_AGENT_MAILBOX && TFM_ISOLATION_LEVEL = 1
config CONFIG_TFM_SPM_BACKEND_IPC
bool "IPC Backend"
select CONFIG_TFM_PARTITION_META
endchoice
config CONFIG_TFM_SPM_BACKEND
string
default "IPC" if CONFIG_TFM_SPM_BACKEND_IPC
default "SFN" if CONFIG_TFM_SPM_BACKEND_SFN
default ""
choice
prompt "FIH Profile"
default TFM_FIH_PROFILE_OFF
help
Fault injection hardening profile
config TFM_FIH_PROFILE_OFF
bool "OFF"
config TFM_FIH_PROFILE_LOW
bool "Low"
config TFM_FIH_PROFILE_MEDIUM
bool "Medium"
config TFM_FIH_PROFILE_HIGH
bool "High"
endchoice
config TFM_FIH_PROFILE
string
default "OFF" if TFM_FIH_PROFILE_OFF
default "LOW" if TFM_FIH_PROFILE_LOW
default "MEDIUM" if TFM_FIH_PROFILE_MEDIUM
default "HIGH" if TFM_FIH_PROFILE_HIGH
config PSA_FRAMEWORK_HAS_MM_IOVEC
bool "MM-IOVEC"
default n
depends on TFM_ISOLATION_LEVEL = 1
help
Memory-mapped IOVECs feature, supported only for isolation level 1
################################# Misc #########################################
config TFM_EXCEPTION_INFO_DUMP
bool "Exception information dump"
default n
help
On fatal errors in the secure firmware, capture info about the
exception. Print the info if the "SPM Log Level" is sufficient.
config CONFIG_TFM_HALT_ON_CORE_PANIC
bool "Halt instead of rebooting"
default n
help
On fatal errors in the secure firmware, halt instead of rebooting.
This would be helpful for debugging.
config TFM_PXN_ENABLE
bool "PXN"
depends on ARCH_ARM_V81MM
default n
help
Privileged eXecute-Never.
Enables the PXN feature in common MPU driver and isolation setup.
config CONFIG_TFM_STACK_WATERMARKS
bool "Stack Watermarks"
depends on TFM_ISOLATION_LEVEL != 3
help
Whether to pre-fill partition stacks with a set value to help
determine stack usage.
Not supported for isolation level 3 yet.
config NUM_MAILBOX_QUEUE_SLOT
int "Number of mailbox queue slots"
depends on TFM_PARTITION_NS_AGENT_MAILBOX
default 1
################################# SPM log level ################################
choice SPM_LOG_LEVEL
prompt "SPM Log Level"
default SPM_LOG_LEVEL_SILENCE
config SPM_LOG_LEVEL_DEBUG
bool "Debug"
config SPM_LOG_LEVEL_INFO
bool "Info"
config SPM_LOG_LEVEL_ERROR
bool "Error"
config SPM_LOG_LEVEL_SILENCE
bool "Silence"
endchoice
config TFM_SPM_LOG_LEVEL
int
default 3 if SPM_LOG_LEVEL_DEBUG
default 2 if SPM_LOG_LEVEL_INFO
default 1 if SPM_LOG_LEVEL_ERROR
default 0 if SPM_LOG_LEVEL_SILENCE
endmenu
config TFM_SPM_LOG_RAW_ENABLED
bool
default y if TFM_SPM_LOG_LEVEL != 0 || TFM_SP_LOG_RAW_ENABLED
default n
######################## Promptless (non-user) config options ##################
########### Do NOT change the following config options anywhere! ###############
config CONFIG_TFM_PARTITION_META
def_bool n
config TFM_PARTITION_NS_AGENT_MAILBOX
bool
default y if TFM_MULTI_CORE_TOPOLOGY
default n
config TFM_PARTITION_NS_AGENT_TZ
bool
default y if CONFIG_TFM_USE_TRUSTZONE
default n