Kconfig: Refine platform Kconfig configs
Add more configs from config_base.cmake and operate the
relationship like dependency with SPM and secure partition
configs. To make the structure clear, these configs are
modularized.
Signed-off-by: Jianliang Shen <jianliang.shen@arm.com>
Change-Id: I82e46ff646acc4e569be841ff1541844fb463e0d
diff --git a/config/kconfig.cmake b/config/kconfig.cmake
index 8a03be0..a059444 100644
--- a/config/kconfig.cmake
+++ b/config/kconfig.cmake
@@ -278,9 +278,6 @@
include(${CMAKE_SOURCE_DIR}/config/build_type/${CMAKE_BUILD_TYPE_LOWERCASE}.cmake)
endif()
-# Include coprocessor configs
-include(config/cp_config_default.cmake)
-
# Load defaults, setting options not already set
include(config/config_base.cmake)
diff --git a/lib/ext/tf-m-tests/Kconfig b/lib/ext/tf-m-tests/Kconfig
index 34dc3ee..df5216c 100644
--- a/lib/ext/tf-m-tests/Kconfig
+++ b/lib/ext/tf-m-tests/Kconfig
@@ -106,6 +106,7 @@
config TEST_S_FPU
bool "FPU"
+ depends on CONFIG_TFM_ENABLE_FP
default n
endmenu
@@ -188,6 +189,7 @@
config TEST_NS_FPU
bool "FPU"
+ depends on CONFIG_TFM_ENABLE_FP
default n
config TEST_NS_IPC
diff --git a/platform/Kconfig b/platform/Kconfig
index 45cba5e..f8e59fd 100644
--- a/platform/Kconfig
+++ b/platform/Kconfig
@@ -1,65 +1,33 @@
#-------------------------------------------------------------------------------
-# Copyright (c) 2022, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
-rsource "Kconfig.arch"
-
menu "Platform options"
-config PLATFORM_DEFAULT_BL1
- bool "Use default BL1"
- default y
+rsource "Kconfig.arch"
-config PLATFORM_DEFAULT_ATTEST_HAL
- bool "Use default attest hal implementation"
- default y
-
-config PLATFORM_DEFAULT_NV_COUNTERS
- bool "Use default nv counter implementation"
- default y
- depends on PLATFORM_DEFAULT_OTP_WRITEABLE
-
-config PLATFORM_DEFAULT_CRYPTO_KEYS
- bool "Use default crypto keys implementation"
- default y
-
-config PLATFORM_DEFAULT_ROTPK
- bool "Use default root of trust public key"
- default y
-
-config PLATFORM_DEFAULT_IAK
- bool "Use default initial attestation_key"
- default y
-
-config PLATFORM_DEFAULT_UART_STDOUT
- bool "Use default uart stdout implementation"
- default y
-
-config PLATFORM_DEFAULT_NV_SEED
- bool "Use default NV seed implementation"
- default y
-
-config PLATFORM_DEFAULT_OTP
- bool "Use trusted on-chip flash to implement OTP memory"
- default y
-
-config PLATFORM_DEFAULT_OTP_WRITEABLE
- bool "Use OTP memory with write support"
- default y
-
-config PLATFORM_DEFAULT_PROVISIONING
- bool "Use default provisioning implementation"
- default y
-
-config PLATFORM_DEFAULT_SYSTEM_RESET_HALT
- bool "Use default system reset/halt implementation"
- default y
-
-config PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT
- bool
+config SECURE_UART1
+ bool "Enable secure UART1"
default n
+config TFM_DUMMY_PROVISIONING
+ bool "Provision with dummy values"
+ default y
+ select PLATFORM_DEFAULT_OTP_WRITEABLE if PLATFORM_DEFAULT_OTP
+ help
+ NOT to be used in production
+
+################################# Crypto dependencies ##########################
+
+config CRYPTO_HW_ACCELERATOR
+ bool "Enable the crypto hardware accelerator"
+ depends on CRYPTO_HW_ACCELERATOR_TYPE != ""
+ default n
+
+rsource "Kconfig.fpu"
+rsource "Kconfig.platform"
+
endmenu
diff --git a/platform/Kconfig.arch b/platform/Kconfig.arch
index 24254fa..9b1ba08 100644
--- a/platform/Kconfig.arch
+++ b/platform/Kconfig.arch
@@ -101,16 +101,3 @@
string
default "FPv5_D16" if FP_ARCH_FPV5_D16
default ""
-
-################################# Platform Hardware topology ###################
-config TFM_MULTI_CORE_TOPOLOGY
- bool
- default n
- help
- Dual-cpu architecture
-
-config CONFIG_TFM_USE_TRUSTZONE
- bool
- default n
- help
- Enable use of TrustZone to transition between NSPE and SPE
diff --git a/platform/Kconfig.fpu b/platform/Kconfig.fpu
new file mode 100644
index 0000000..793bdee
--- /dev/null
+++ b/platform/Kconfig.fpu
@@ -0,0 +1,62 @@
+
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+################################# FPU ####################################
+
+menu "FPU/MVE"
+
+ config CONFIG_TFM_LAZY_STACKING
+ bool
+ default n
+ help
+ Enable lazy stacking
+
+ config CONFIG_TFM_ENABLE_CP10CP11
+ bool
+ default n
+ help
+ Make FPU and MVE operational when SPE and/or NSPE require FPU or MVE usage.
+ This alone only enables the coprocessors CP10-CP11, whereas CONFIG_TFM_FLOAT_ABI=hard
+ along with CONFIG_TFM_ENABLE_FP, CONFIG_TFM_ENABLE_MVE or CONFIG_TFM_ENABLE_MVE_FP
+ compiles the code with hardware FP or MVE instructions and ABI.
+
+ config CONFIG_TFM_ENABLE_FP
+ #TODO: depends on toolchain type
+ bool "Enable FP usage"
+ depends on CONFIG_TFM_FP_ARCH != ""
+ default n
+ imply CONFIG_TFM_LAZY_STACKING
+ select CONFIG_TFM_ENABLE_CP10CP11
+
+ config CONFIG_TFM_ENABLE_MVE
+ #TODO: depends on v8.1
+ bool "Enable integer MVE usage"
+ default n
+ imply CONFIG_TFM_LAZY_STACKING
+ select CONFIG_TFM_ENABLE_CP10CP11
+
+ config CONFIG_TFM_ENABLE_MVE_FP
+ bool "Enable floating-point MVE usage"
+ depends on CONFIG_TFM_FP_ARCH != ""
+ default n
+ imply CONFIG_TFM_LAZY_STACKING
+ select CONFIG_TFM_ENABLE_CP10CP11
+
+ config CONFIG_TFM_FLOAT_ABI
+ #TODO: shall be int to align with compile options
+ string
+ default "hard" if CONFIG_TFM_ENABLE_FP || CONFIG_TFM_ENABLE_MVE || CONFIG_TFM_ENABLE_MVE_FP
+ default "soft"
+ help
+ Set float abi hard to enable hardware floating-point instructions and
+ hardware floating-point linkage.
+
+ Set float abi soft, meaning software library functions for
+ floating-point operations and software floating-point linkage.
+
+endmenu
diff --git a/platform/Kconfig.platform b/platform/Kconfig.platform
new file mode 100644
index 0000000..e2e666c
--- /dev/null
+++ b/platform/Kconfig.platform
@@ -0,0 +1,183 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+################################# Platform dependencies ########################
+
+config PLATFORM_SVC_HANDLERS
+ bool "Platform specific SVC handlers"
+ default n
+
+config PLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT
+ def_bool n
+
+config PLATFORM_HAS_ISOLATION_L3_SUPPORT
+ def_bool n
+ help
+ Platform supports Isolation level 3
+
+################################# Test dependencies ############################
+
+config PS_TEST_NV_COUNTERS
+ def_bool y
+ help
+ Use the test NV counters to test Protected Storage rollback scenarios
+
+config PLATFORM_SLIH_IRQ_TEST_SUPPORT
+ def_bool n
+ help
+ Platform supports SLIH IRQ tests
+
+config PLATFORM_FLIH_IRQ_TEST_SUPPORT
+ def_bool n
+ help
+ Platform supports FLIH IRQ tests
+
+######################### TFM psa api test target ##############################
+
+config PSA_API_TEST_TARGET
+ def_string ""
+
+################################# Debug authentication #########################
+
+config DEBUG_AUTHENTICATION_CHIP_DEFAULT
+ def_bool y
+
+config DEBUG_AUTHENTICATION_NONE
+ def_bool n
+
+config DEBUG_AUTHENTICATION_NS_ONLY
+ def_bool n
+
+config DEBUG_AUTHENTICATION_FULL
+ def_bool n
+
+config DEBUG_AUTHENTICATION
+ string
+ default "CHIP_DEFAULT" if DEBUG_AUTHENTICATION_CHIP_DEFAULT
+ default "NONE" if DEBUG_AUTHENTICATION_NONE
+ default "NS_ONLY" if DEBUG_AUTHENTICATION_NS_ONLY
+ default "FULL" if DEBUG_AUTHENTICATION_FULL
+
+################################# Platform Hardware topology ###################
+config TFM_MULTI_CORE_TOPOLOGY
+ bool
+ default n
+ help
+ Dual-cpu architecture
+
+config CONFIG_TFM_USE_TRUSTZONE
+ bool
+ default n
+ help
+ Enable use of TrustZone to transition between NSPE and SPE
+
+######################### Cyrpto Hardware accelerator ##########################
+config CRYPTO_HW_ACCELERATOR_CC312
+ def_bool n
+ help
+ CryptoCell-312
+
+config CRYPTO_HW_ACCELERATOR_STM
+ def_bool n
+
+config CRYPTO_HW_ACCELERATOR_TYPE
+ string
+ default "cc312" if CRYPTO_HW_ACCELERATOR_CC312
+ default "stm" if CRYPTO_HW_ACCELERATOR_STM
+ default ""
+
+################################# Platform default #############################
+
+config PLATFORM_DEFAULT_BL1
+ bool "Use default BL1"
+ default y
+
+config PLATFORM_DEFAULT_ATTEST_HAL
+ def_bool y
+ help
+ Use default attest hal implementation
+
+config PLATFORM_DEFAULT_NV_COUNTERS
+ def_bool y
+ depends on PLATFORM_DEFAULT_OTP_WRITEABLE
+ help
+ Use default nv counter implementation
+
+config PLATFORM_DEFAULT_CRYPTO_KEYS
+ def_bool y
+ help
+ Use default crypto keys implementation
+
+config PLATFORM_DEFAULT_ROTPK
+ def_bool y
+ help
+ Use default root of trust public key
+
+config PLATFORM_DEFAULT_IAK
+ def_bool y
+ help
+ Use default initial attestation_key
+
+config PLATFORM_DEFAULT_UART_STDOUT
+ def_bool y
+ help
+ Use default uart stdout implementation
+
+config PLATFORM_DEFAULT_NV_SEED
+ def_bool y
+ help
+ Use default NV seed implementation
+
+config PLATFORM_DEFAULT_OTP
+ bool "Use trusted on-chip flash to implement OTP memory"
+ default y
+ help
+ Use trusted on-chip flash to implement OTP memory
+
+config PLATFORM_DEFAULT_OTP_WRITEABLE
+ def_bool y
+ help
+ Use OTP memory with write support
+
+config PLATFORM_DEFAULT_PROVISIONING
+ def_bool y
+ help
+ Use default provisioning implementation
+
+config PLATFORM_DEFAULT_SYSTEM_RESET_HALT
+ bool "Use default system halt implementation"
+ default y
+ help
+ Use default system reset/halt implementation
+
+config PLATFORM_DEFAULT_IMAGE_SIGNING
+ def_bool y
+ help
+ Use default image signing implementation
+
+config TFM_PLAT_SPECIFIC_MULTI_CORE_COMM
+ bool "Use a platform specific inter-core communication"
+ depends on TFM_MULTI_CORE_TOPOLOGY
+ help
+ Whether to use a platform specific inter-core communication instead of
+ mailbox in dual-cpu topology
+
+config OTP_NV_COUNTERS_RAM_EMULATION
+ bool "Enable OTP/NV_COUNTERS emulation in RAM"
+ default n
+ depends on PLATFORM_DEFAULT_OTP || PLATFORM_DEFAULT_NV_COUNTERS
+ help
+ Enable OTP/NV_COUNTERS emulation in RAM. Has no effect on non-default
+ implementations of the OTP and NV_COUNTERS
+
+config TFM_NS_NV_COUNTER_AMOUNT
+ int "Numbers of NS NV counters"
+ default 0
+ range 0 3
+
+config PSA_API_TEST_TARGET
+ def_string ""
diff --git a/secure_fw/partitions/crypto/Kconfig b/secure_fw/partitions/crypto/Kconfig
index 3838b07..913860d 100644
--- a/secure_fw/partitions/crypto/Kconfig
+++ b/secure_fw/partitions/crypto/Kconfig
@@ -8,6 +8,7 @@
menuconfig TFM_PARTITION_CRYPTO
bool "Crypto"
depends on TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
+ select CRYPTO_NV_SEED if !CRYPTO_HW_ACCELERATOR
default n
if TFM_PARTITION_CRYPTO
diff --git a/secure_fw/partitions/crypto/Kconfig.comp b/secure_fw/partitions/crypto/Kconfig.comp
index 6836061..e5bf087 100644
--- a/secure_fw/partitions/crypto/Kconfig.comp
+++ b/secure_fw/partitions/crypto/Kconfig.comp
@@ -14,6 +14,7 @@
config CRYPTO_ENGINE_BUF_SIZE
hex "Crypto engine buffer size"
+ default 0x4000 if CRYPTO_HW_ACCELERATOR_CC312
default 0x2080
help
The mbed TLS library requires to provide a static buffer to be used as
@@ -71,8 +72,10 @@
default y
config CRYPTO_NV_SEED
- bool "Use stored NV seed to provide entropy"
- default y
+ bool
+ default n if CRYPTO_HW_ACCELERATOR
+ help
+ Use stored NV seed to provide entropy
config CRYPTO_SINGLE_PART_FUNCS_DISABLED
bool "Disable single-part operations"
diff --git a/secure_fw/spm/Kconfig b/secure_fw/spm/Kconfig
index f4077ff..5357c40 100644
--- a/secure_fw/spm/Kconfig
+++ b/secure_fw/spm/Kconfig
@@ -76,6 +76,7 @@
bool "Enable code sharing between MCUboot and secure firmware"
#FIXME: Shall check IAR
default n
+ depends on !CRYPTO_HW_ACCELERATOR
config TFM_EXCEPTION_INFO_DUMP
bool "Exception information dump"