Build: Add conditional build for secure context management
Secure context management is only needed in multiple secure context
model. This patch adds a build flag to disable context management.
It's set to ON by default.
Note that the NS client ID functionality will lose if secure context
management is disabled.
Change-Id: I06ed4fdee20a0192c54e2d08d453ee965ee3cbfc
Signed-off-by: Kevin Peng <kevin.peng@arm.com>
diff --git a/CommonConfig.cmake b/CommonConfig.cmake
index 63b2a15..6254cdb 100644
--- a/CommonConfig.cmake
+++ b/CommonConfig.cmake
@@ -318,16 +318,34 @@
endif()
endif()
+# The config for enable secure context management in TF-M
+if (NOT DEFINED CONFIG_TFM_ENABLE_CTX_MGMT)
+ set(CONFIG_TFM_ENABLE_CTX_MGMT ON)
+endif()
+
+if (CONFIG_TFM_ENABLE_CTX_MGMT)
+ add_definitions(-DCONFIG_TFM_ENABLE_CTX_MGMT)
+endif()
+
# This flag indicates if the non-secure OS is capable of identify the non-secure clients
# which call the secure services. It is diabled in IPC model.
if (NOT DEFINED TFM_NS_CLIENT_IDENTIFICATION)
if (TFM_PSA_API)
set(TFM_NS_CLIENT_IDENTIFICATION OFF)
else()
- set(TFM_NS_CLIENT_IDENTIFICATION ON)
+ if (CONFIG_TFM_ENABLE_CTX_MGMT)
+ set(TFM_NS_CLIENT_IDENTIFICATION ON)
+ else()
+ set(TFM_NS_CLIENT_IDENTIFICATION OFF)
+ endif()
endif()
endif()
+if (NOT CONFIG_TFM_ENABLE_CTX_MGMT AND TFM_NS_CLIENT_IDENTIFICATION)
+ # NS client ID is part of context management.
+ message(FATAL_ERROR "TFM_NS_CLIENT_IDENTIFICATION cannot be ON when CONFIG_TFM_ENABLE_CTX_MGMT is OFF")
+endif()
+
if (BL2)
# Add MCUBOOT_IMAGE_NUMBER definition to the compiler command line.
add_definitions(-DMCUBOOT_IMAGE_NUMBER=${MCUBOOT_IMAGE_NUMBER})