Build: Adjust configuration order
Reorder the configuration steps, to provide more intuitive
configuration. Invert the current order, and remove the use of FORCE to
create a configuration additively instead of using overriding. Allows
cmake command-line variables to override all other options as is
expected.
Change-Id: I64730b7db230cdaf2f86f1d27d882dc9111607be
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Raef Coles <raef.coles@arm.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 71a2497..75986f7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -11,6 +11,14 @@
############################ CONFIGURATION #####################################
+# Some compiler flags depend on the CPU / platform config. This include should
+# be run before the toolchain file so the compiler can be configured properly.
+if (NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload.cmake)
+ Message(FATAL_ERROR "Unsupported TFM_PLATFORM ${TFM_PLATFORM}")
+else()
+ include(platform/ext/target/${TFM_PLATFORM}/preload.cmake)
+endif()
+
include(config/set_config.cmake)
if(NOT ${CMAKE_GENERATOR} STREQUAL "Unix Makefiles" AND
@@ -28,14 +36,6 @@
############################### Compiler configuration #########################
-# Some compiler flags depend on the CPU / platform config. This include should
-# be run before the toolchain file so the compiler can be configured properly.
-if (NOT EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/preload.cmake)
- Message(FATAL_ERROR "Unsupported TFM_PLATFORM ${TFM_PLATFORM}")
-else()
- include(platform/ext/target/${TFM_PLATFORM}/preload.cmake)
-endif()
-
#Legacy compat option - load CMAKE_TOOLCHAIN_FILE as a TFM_TOOLCHAIN_FILE
if (CMAKE_TOOLCHAIN_FILE)
message(DEPRECATION "SETTING CMAKE_TOOLCHAIN_FILE is deprecated. It has been replaced with TFM_TOOLCHAIN_FILE.")
diff --git a/config/build_type/debug.cmake b/config/build_type/debug.cmake
index b79c6bf..1256381 100644
--- a/config/build_type/debug.cmake
+++ b/config/build_type/debug.cmake
@@ -5,4 +5,4 @@
#
#-------------------------------------------------------------------------------
-set(MBEDCRYPTO_BUILD_TYPE relwithdebinfo CACHE STRING "Build type of Mbed Crypto library" FORCE)
+set(MBEDCRYPTO_BUILD_TYPE relwithdebinfo CACHE STRING "Build type of Mbed Crypto library")
diff --git a/config/build_type/minsizerel.cmake b/config/build_type/minsizerel.cmake
index 2a055ce..b9bb0a3 100644
--- a/config/build_type/minsizerel.cmake
+++ b/config/build_type/minsizerel.cmake
@@ -5,4 +5,4 @@
#
#-------------------------------------------------------------------------------
-set(MCUBOOT_LOG_LEVEL "NONE" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]" FORCE)
+set(MCUBOOT_LOG_LEVEL "OFF" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
diff --git a/config/build_type/release.cmake b/config/build_type/release.cmake
index 2a055ce..b9bb0a3 100644
--- a/config/build_type/release.cmake
+++ b/config/build_type/release.cmake
@@ -5,4 +5,4 @@
#
#-------------------------------------------------------------------------------
-set(MCUBOOT_LOG_LEVEL "NONE" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]" FORCE)
+set(MCUBOOT_LOG_LEVEL "OFF" CACHE STRING "Level of logging to use for MCUboot [OFF, ERROR, WARNING, INFO, DEBUG]")
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index 32b1923..54c37bc 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -5,29 +5,29 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_medium CACHE STRING "Profile to use" FORCE)
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
-set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level" FORCE)
+set(TFM_PROFILE profile_medium CACHE STRING "Profile to use")
+set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+set(TFM_ISOLATION_LEVEL 2 CACHE STRING "Isolation level")
############################ Partitions ########################################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)" FORCE)
+set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage" FORCE)
+set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
-set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition" FORCE)
+set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
################################## Tests #######################################
# TFM_CRYPTO_TEST_ALG_CCM is the only test mode left enabled, to go with the
# reduced crypto config
-set(TFM_CRYPTO_TEST_ALG_CBC OFF CACHE BOOL "Test CBC cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm" FORCE)
-set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm" FORCE)
+set(TFM_CRYPTO_TEST_ALG_CBC OFF CACHE BOOL "Test CBC cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
+set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
################################## Dependencies ################################
-set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h" CACHE PATH "Config to use for Mbed Crypto" FORCE)
+set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h" CACHE PATH "Config to use for Mbed Crypto")
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 2219192..b4059a3 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -5,40 +5,40 @@
#
#-------------------------------------------------------------------------------
-set(TFM_PROFILE profile_small CACHE STRING "Profile to use" FORCE)
-set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
-set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level" FORCE)
+set(TFM_PROFILE profile_small CACHE STRING "Profile to use")
+set(TFM_PSA_API OFF CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
+set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
########################## BL2 #################################################
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately" FORCE)
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
############################ Partitions ########################################
-set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition" FORCE)
+set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)" FORCE)
+set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(CRYPTO_ASYMMETRIC_MODULE_DISABLED TRUE CACHE BOOL "Disable PSA Crypto Asymmetric key module" FORCE)
+set(CRYPTO_ASYMMETRIC_MODULE_DISABLED TRUE CACHE BOOL "Disable PSA Crypto Asymmetric key module")
-set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation" FORCE)
+set(SYMMETRIC_INITIAL_ATTESTATION ON CACHE BOOL "Use symmetric crypto for inital attestation")
-set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable Platform partition" FORCE)
+set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable Platform partition")
-set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition" FORCE)
+set(TFM_PARTITION_AUDIT_LOG OFF CACHE BOOL "Enable Audit Log partition")
################################## Tests #######################################
# TFM_CRYPTO_TEST_ALG_CCM is the only test mode left enabled, to go with the
# reduced crypto config
-set(TFM_CRYPTO_TEST_ALG_CBC OFF CACHE BOOL "Test CBC cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode" FORCE)
-set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm" FORCE)
-set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm" FORCE)
+set(TFM_CRYPTO_TEST_ALG_CBC OFF CACHE BOOL "Test CBC cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_CTR OFF CACHE BOOL "Test CTR cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_GCM OFF CACHE BOOL "Test GCM cryptography mode")
+set(TFM_CRYPTO_TEST_ALG_SHA_512 OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
+set(TFM_CRYPTO_TEST_HKDF OFF CACHE BOOL "Test SHA-512 cryptography algorithm")
################################## Dependencies ################################
-set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h" CACHE PATH "Config to use for Mbed Crypto" FORCE)
+set(TFM_MBEDCRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h" CACHE PATH "Config to use for Mbed Crypto")
diff --git a/config/set_config.cmake b/config/set_config.cmake
index 82ebe41..3a67162 100644
--- a/config/set_config.cmake
+++ b/config/set_config.cmake
@@ -9,42 +9,43 @@
# docs/getting_started/tfm_build_instructions.rst under Cmake Configuration. If
# the sequence is updated here the docs must also be updated.
-# First load defaults.
-include(${CMAKE_SOURCE_DIR}/config/config_default.cmake)
+# Load extra config
+if (TFM_EXTRA_CONFIG_PATH)
+ include(${TFM_EXTRA_CONFIG_PATH})
+endif()
-# Then load the build type config, overriding defaults and command line.
+# Load PSA config, setting options not already set
+if (TEST_PSA_API)
+ include(config/tests/config_test_psa_api.cmake)
+endif()
+
+# Load build type config, setting options not already set
string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWERCASE)
if (EXISTS ${CMAKE_SOURCE_DIR}/config/build_type/${CMAKE_BUILD_TYPE_LOWERCASE}.cmake)
include(${CMAKE_SOURCE_DIR}/config/build_type/${CMAKE_BUILD_TYPE_LOWERCASE}.cmake)
endif()
-# If configured for tests, load config specific to tests overriding defaults.
-if (TEST_PSA_API)
- include(${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api.cmake)
+# Load platform config, setting options not already set
+if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config.cmake)
+ include(platform/ext/target/${TFM_PLATFORM}/config.cmake)
endif()
-# Then load the profile, overriding build type config, defaults and command
-# line.
+# Load accelerator config, setting options not already set
+if (CRYPTO_HW_ACCELERATOR)
+ if (EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/accelerator/${CRYPTO_HW_ACCELERATOR_TYPE}/config.cmake)
+ include(${CMAKE_SOURCE_DIR}/platform/ext/accelerator/${CRYPTO_HW_ACCELERATOR_TYPE}/config.cmake)
+ endif()
+endif()
+
+# Load profile config, setting options not already set
if (TFM_PROFILE)
- include(${CMAKE_SOURCE_DIR}/config/profile/${TFM_PROFILE}.cmake)
+ include(config/profile/${TFM_PROFILE}.cmake)
endif()
-# Then load the platform options, overriding profile, build type config,
-# defaults and command line.
-if (EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config.cmake)
- include(${CMAKE_SOURCE_DIR}/platform/ext/target/${TFM_PLATFORM}/config.cmake)
-endif()
+# Load defaults, setting options not already set
+include(config/config_default.cmake)
-# If CRYPTO_HW_ACCELERATOR is enabled by the platform, then load the
-# corresponding config if it exists
-if (CRYPTO_HW_ACCELERATOR AND EXISTS ${CMAKE_SOURCE_DIR}/platform/ext/accelerator/${CRYPTO_HW_ACCELERATOR_TYPE}/config.cmake)
- include(${CMAKE_SOURCE_DIR}/platform/ext/accelerator/${CRYPTO_HW_ACCELERATOR_TYPE}/config.cmake)
-endif()
-# Optionally load extra config, overriding platform options, overriding profile,
-# build type config, defaults and command line.
-if (TFM_EXTRA_CONFIG_PATH)
- include(${TFM_EXTRA_CONFIG_PATH})
-endif()
+############################ Sanity Check ######################################
include(${CMAKE_SOURCE_DIR}/config/check_config.cmake)
diff --git a/config/tests/config_test_psa_api.cmake b/config/tests/config_test_psa_api.cmake
index d67a626..9f8bb8f 100644
--- a/config/tests/config_test_psa_api.cmake
+++ b/config/tests/config_test_psa_api.cmake
@@ -8,12 +8,12 @@
############ Override defaults for PSA API tests ##############################
# CRYPTO_ENGINE_BUF_SIZE needs to be much larger for PSA API tests.
-if(CRYPTO_ENGINE_BUF_SIZE LESS 0x5000)
- set(CRYPTO_ENGINE_BUF_SIZE 0x5000 CACHE STRING "Heap size for the crypto backend" FORCE)
+if(NOT (CRYPTO_ENGINE_BUF_SIZE GREATER 0x5000))
+ set(CRYPTO_ENGINE_BUF_SIZE 0x5000 CACHE STRING "Heap size for the crypto backend")
endif()
# When building for the PSA Crypto API tests, ensure the ITS max asset size is
# set to at least the size of the largest asset created by the tests
-if (("${TEST_PSA_API}" STREQUAL "CRYPTO") AND (ITS_MAX_ASSET_SIZE LESS 1229))
- set(ITS_MAX_ASSET_SIZE "1229" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area" FORCE)
+if (("${TEST_PSA_API}" STREQUAL "CRYPTO") AND NOT (ITS_MAX_ASSET_SIZE GREATER 1229))
+ set(ITS_MAX_ASSET_SIZE "1229" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
endif()
diff --git a/docs/getting_started/tfm_build_instruction.rst b/docs/getting_started/tfm_build_instruction.rst
index 7e92be1..503dd8b 100644
--- a/docs/getting_started/tfm_build_instruction.rst
+++ b/docs/getting_started/tfm_build_instruction.rst
@@ -38,23 +38,23 @@
All configuration options are provided by cmake variables, and their default
values, with docstrings, can be found in ``config/config_default.cmake``.
-Configuration is provided in multiple stages, and each subsequent stage
-can override settings of the previous stage.
+Configuration is provided in multiple stages. Each stage will not override any
+config that has already been set at any of the prior stages.
- 1. ``config/config_default.cmake`` is loaded.
- 2. Command-line variable settings are applied.
- 3. If it exists, CMAKE_BUILD_TYPE specific config is applied from
- ``config/build_type/<build_type>.cmake``.
- 4. If TEST_PSA_TEST is set, then PSA API test related config is applied from
- ``config/tests/config_test_psa_api.cmake``.
- 5. If it exists, TFM Profile specific config is applied from
- ``config/profile/<tfm_profile>.cmake``.
- 6. Target specific config from ``platform/ext/target/<target_platform>/config.cmake``
- is applied.
- 7. If CRYPTO_HW_ACCELERATOR is set, then a config specific to the
- accelerator type is applied if it exists.
- 8. If the ``TFM_EXTRA_CONFIG_PATH`` variable has been set, that file is
+ 1. Command-line variable settings are applied.
+ 2. If the ``TFM_EXTRA_CONFIG_PATH`` variable has been set, that file is
loaded.
+ 3. If TEST_PSA_TEST is set, then PSA API test related config is applied from
+ ``config/tests/config_test_psa_api.cmake``.
+ 4. If it exists, CMAKE_BUILD_TYPE specific config is applied from
+ ``config/build_type/<build_type>.cmake``.
+ 5. Target specific config from ``platform/ext/target/<target_platform>/config.cmake``
+ is applied.
+ 6. If CRYPTO_HW_ACCELERATOR is set, then a config specific to the
+ accelerator type is applied if it exists.
+ 7. If it exists, TFM Profile specific config is applied from
+ ``config/profile/<tfm_profile>.cmake``.
+ 8. ``config/config_default.cmake`` is loaded.
.. Warning::
This means that command-line settings are not applied when they conflict
diff --git a/platform/ext/accelerator/cc312/config.cmake b/platform/ext/accelerator/cc312/config.cmake
index 4f80592..a1ff9b8 100644
--- a/platform/ext/accelerator/cc312/config.cmake
+++ b/platform/ext/accelerator/cc312/config.cmake
@@ -8,6 +8,6 @@
############ Override defaults for CC312 Accelerator ##############################
# The CC312 needs atleast 0x4000 of heap size to work properly
-if(CRYPTO_ENGINE_BUF_SIZE LESS 0x4000)
- set(CRYPTO_ENGINE_BUF_SIZE 0x4000 CACHE STRING "Heap size for the crypto backend" FORCE)
-endif()
\ No newline at end of file
+if(NOT (CRYPTO_ENGINE_BUF_SIZE GREATER 0x4000))
+ set(CRYPTO_ENGINE_BUF_SIZE 0x4000 CACHE STRING "Heap size for the crypto backend")
+endif()
diff --git a/platform/ext/target/cypress/psoc64/config.cmake b/platform/ext/target/cypress/psoc64/config.cmake
index e194e35..d4411a8 100644
--- a/platform/ext/target/cypress/psoc64/config.cmake
+++ b/platform/ext/target/cypress/psoc64/config.cmake
@@ -5,20 +5,20 @@
#
#-------------------------------------------------------------------------------
-set(BL2 OFF CACHE BOOL "Whether to build BL2" FORCE)
+set(BL2 OFF CACHE BOOL "Whether to build BL2")
-set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode" FORCE)
+set(TFM_PSA_API ON CACHE BOOL "Use PSA api (IPC mode) instead of secure library mode")
-set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification" FORCE)
+set(TFM_NS_CLIENT_IDENTIFICATION OFF CACHE BOOL "Enable NS client identification")
############################ Platform ##########################################
-set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture" FORCE)
-set(TFM_MULTI_CORE_MULTI_CLIENT_CALL ON CACHE BOOL "Whether to enable multiple PSA client calls feature" FORCE)
+set(TFM_MULTI_CORE_TOPOLOGY ON CACHE BOOL "Whether to build for a dual-cpu architecture")
+set(TFM_MULTI_CORE_MULTI_CLIENT_CALL ON CACHE BOOL "Whether to enable multiple PSA client calls feature")
-set(PLATFORM_DUMMY_ATTEST_HAL FALSE CACHE BOOL "Use dummy attest hal implementation. Should not be used in production." FORCE)
-set(PLATFORM_DUMMY_NV_COUNTERS FALSE CACHE BOOL "Use dummy nv counter implementation. Should not be used in production." FORCE)
-set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production." FORCE)
+set(PLATFORM_DUMMY_ATTEST_HAL FALSE CACHE BOOL "Use dummy attest hal implementation. Should not be used in production.")
+set(PLATFORM_DUMMY_NV_COUNTERS FALSE CACHE BOOL "Use dummy nv counter implementation. Should not be used in production.")
+set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production.")
# Disable default PDL IPC configuration. Use Cy_Platform_Init() in
# in psoc6_system_init_cm4.c and psoc6_system_init_cm0p.c instead.
diff --git a/platform/ext/target/mps3/an524/config.cmake b/platform/ext/target/mps3/an524/config.cmake
index 0001bb5..a1a74a5 100644
--- a/platform/ext/target/mps3/an524/config.cmake
+++ b/platform/ext/target/mps3/an524/config.cmake
@@ -5,9 +5,9 @@
#
#-------------------------------------------------------------------------------
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately" FORCE)
-set(MCUBOOT_UPGRADE_STRATEGY "DIRECT_XIP" CACHE STRING "Upgrade strategy for images [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]" FORCE)
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+set(MCUBOOT_UPGRADE_STRATEGY "DIRECT_XIP" CACHE STRING "Upgrade strategy for images [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]")
################################## Dependencies ################################
-set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library" FORCE)
+set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
diff --git a/platform/ext/target/musca_a/config.cmake b/platform/ext/target/musca_a/config.cmake
index 5f831d7..dd4e878 100644
--- a/platform/ext/target/musca_a/config.cmake
+++ b/platform/ext/target/musca_a/config.cmake
@@ -5,6 +5,6 @@
#
#-------------------------------------------------------------------------------
-set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]" FORCE)
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately" FORCE)
-set(PS_MAX_ASSET_SIZE "512" CACHE STRING "The maximum asset size to be stored in the Protected Storage area" FORCE)
+set(MCUBOOT_UPGRADE_STRATEGY "RAM_LOAD" CACHE STRING "Upgrade strategy when multiple boot images are loaded [OVERWRITE_ONLY, SWAP, DIRECT_XIP, RAM_LOAD]")
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+set(PS_MAX_ASSET_SIZE "512" CACHE STRING "The maximum asset size to be stored in the Protected Storage area")
diff --git a/platform/ext/target/musca_b1/config.cmake b/platform/ext/target/musca_b1/config.cmake
index ee9f267..a3bb018 100644
--- a/platform/ext/target/musca_b1/config.cmake
+++ b/platform/ext/target/musca_b1/config.cmake
@@ -5,10 +5,10 @@
#
#-------------------------------------------------------------------------------
-set(PLATFORM_DUMMY_ATTEST_HAL FALSE CACHE BOOL "Use dummy boot hal implementation. Should not be used in production." FORCE)
-set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode" FORCE)
+set(PLATFORM_DUMMY_ATTEST_HAL FALSE CACHE BOOL "Use dummy boot hal implementation. Should not be used in production.")
+set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
if(CRYPTO_HW_ACCELERATOR_OTP_STATE STREQUAL "ENABLED")
- set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production." FORCE)
+ set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production.")
endif()
diff --git a/platform/ext/target/musca_s1/config.cmake b/platform/ext/target/musca_s1/config.cmake
index deaa848..27a90c5 100644
--- a/platform/ext/target/musca_s1/config.cmake
+++ b/platform/ext/target/musca_s1/config.cmake
@@ -5,9 +5,9 @@
#
#-------------------------------------------------------------------------------
-set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms" FORCE)
-set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode" FORCE)
+set(CRYPTO_HW_ACCELERATOR ON CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
+set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryptography mode")
if(CRYPTO_HW_ACCELERATOR_OTP_STATE STREQUAL "ENABLED")
- set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production." FORCE)
+ set(PLATFORM_DUMMY_CRYPTO_KEYS FALSE CACHE BOOL "Use dummy crypto keys. Should not be used in production.")
endif()
diff --git a/platform/ext/target/nordic_nrf/common/nrf5340/config.cmake b/platform/ext/target/nordic_nrf/common/nrf5340/config.cmake
index c45baae..de72e7d 100644
--- a/platform/ext/target/nordic_nrf/common/nrf5340/config.cmake
+++ b/platform/ext/target/nordic_nrf/common/nrf5340/config.cmake
@@ -6,7 +6,7 @@
#
#-------------------------------------------------------------------------------
-set(SECURE_UART1 ON CACHE BOOL "Enable secure UART1" FORCE)
-set(PSA_API_TEST_TARGET "nrf" CACHE STRING "PSA API test target" FORCE)
-set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/${NRF_PATH}/common/core/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
-set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area" FORCE)
+set(SECURE_UART1 ON CACHE BOOL "Enable secure UART1")
+set(PSA_API_TEST_TARGET "nrf" CACHE STRING "PSA API test target")
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/${NRF_PATH}/common/core/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list.")
+set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
diff --git a/platform/ext/target/nordic_nrf/common/nrf9160/config.cmake b/platform/ext/target/nordic_nrf/common/nrf9160/config.cmake
index c45baae..de72e7d 100644
--- a/platform/ext/target/nordic_nrf/common/nrf9160/config.cmake
+++ b/platform/ext/target/nordic_nrf/common/nrf9160/config.cmake
@@ -6,7 +6,7 @@
#
#-------------------------------------------------------------------------------
-set(SECURE_UART1 ON CACHE BOOL "Enable secure UART1" FORCE)
-set(PSA_API_TEST_TARGET "nrf" CACHE STRING "PSA API test target" FORCE)
-set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/${NRF_PATH}/common/core/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list." FORCE)
-set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area" FORCE)
+set(SECURE_UART1 ON CACHE BOOL "Enable secure UART1")
+set(PSA_API_TEST_TARGET "nrf" CACHE STRING "PSA API test target")
+set(TFM_EXTRA_GENERATED_FILE_LIST_PATH ${CMAKE_CURRENT_SOURCE_DIR}/${NRF_PATH}/common/core/generated_file_list.yaml CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list.")
+set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
diff --git a/platform/ext/target/nuvoton/m2351/config.cmake b/platform/ext/target/nuvoton/m2351/config.cmake
index dbd87a5..7c52078 100644
--- a/platform/ext/target/nuvoton/m2351/config.cmake
+++ b/platform/ext/target/nuvoton/m2351/config.cmake
@@ -5,7 +5,7 @@
#
#-------------------------------------------------------------------------------
-set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately" FORCE)
-set(PS_MAX_ASSET_SIZE 512 CACHE STRING "The maximum asset size to be stored in the Protected Storage area" FORCE)
-set(PS_NUM_ASSETS 12 CACHE STRING "The maximum number of assets to be stored in the Protected Storage area" FORCE)
-set(ITS_NUM_ASSETS 12 CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area" FORCE)
+set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each separately")
+set(PS_MAX_ASSET_SIZE 512 CACHE STRING "The maximum asset size to be stored in the Protected Storage area")
+set(PS_NUM_ASSETS 12 CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
+set(ITS_NUM_ASSETS 12 CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/config.cmake b/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
index 683c61f..15c6525 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
+++ b/platform/ext/target/nxp/lpcxpresso55s69/config.cmake
@@ -5,5 +5,5 @@
#
#-------------------------------------------------------------------------------
-set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area" FORCE)
-set(PS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area" FORCE)
+set(ITS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
+set(PS_NUM_ASSETS "5" CACHE STRING "The maximum number of assets to be stored in the Protected Storage area")
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/config.cmake b/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
index b0049e6..c6757da 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
+++ b/platform/ext/target/stm/nucleo_l552ze_q/config.cmake
@@ -7,8 +7,8 @@
########################## BL2 #################################################
-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately" FORCE)
+set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
-set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library" FORCE)
+set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")
diff --git a/platform/ext/target/stm/stm32l562e_dk/config.cmake b/platform/ext/target/stm/stm32l562e_dk/config.cmake
index b0049e6..c6757da 100644
--- a/platform/ext/target/stm/stm32l562e_dk/config.cmake
+++ b/platform/ext/target/stm/stm32l562e_dk/config.cmake
@@ -7,8 +7,8 @@
########################## BL2 #################################################
-set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately" FORCE)
+set(MCUBOOT_IMAGE_NUMBER 2 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
-set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library" FORCE)
+set(MBEDCRYPTO_BUILD_TYPE minsizerel CACHE STRING "Build type of Mbed Crypto library")