TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / sandbox / pfalcon / trusted-firmware-m / cdbe362da1049acbc52606def79f3f4c49bd11a3 / . / config / config_base.cmake
blob: de8e8117cab543aa2695194cfb5400481770baf5 [file] [log] [blame]
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]1#-------------------------------------------------------------------------------
Summer Qinf07cc312022-01-05 16:52:54 +0800[diff] [blame]2# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
Chris Brandcae20262022-06-23 12:05:33 -0700[diff] [blame]3# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
4# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]5#
6# SPDX-License-Identifier: BSD-3-Clause
7#
8#-------------------------------------------------------------------------------
9
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]10set(TFM_TOOLCHAIN_FILE ${CMAKE_SOURCE_DIR}/toolchain_GNUARM.cmake CACHE FILEPATH "Path to TFM compiler toolchain file")
Øyvind Rønningstada9d5eac2021-01-22 14:21:25 +0100[diff] [blame]11set(TFM_PLATFORM "" CACHE STRING "Platform to build TF-M for. Must be either a relative path from [TF-M]/platform/ext/target, or an absolute path.")
Raef Coles69817322020-10-19 14:14:14 +0100[diff] [blame]12set(CROSS_COMPILE arm-none-eabi CACHE STRING "Cross-compilation triplet")
13
Raef Coles15a37f82021-12-07 15:59:14 +0000[diff] [blame]14set(BL1 OFF CACHE BOOL "Whether to build BL1")
Raef Colesf0ba05b2021-11-25 09:57:17 +0000[diff] [blame]15set(BL2 ON CACHE BOOL "Whether to build BL2")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]16set(NS ON CACHE BOOL "Whether to build NS app")
17
18set(TEST_S OFF CACHE BOOL "Whether to build S regression tests")
19set(TEST_NS OFF CACHE BOOL "Whether to build NS regression tests")
20set(TEST_PSA_API "" CACHE STRING "Which (if any) of the PSA API tests should be compiled")
Raef Coles15a37f82021-12-07 15:59:14 +0000[diff] [blame]21set(TEST_BL1_1 OFF CACHE BOOL "Whether to build BL1_1 tests")
22set(TEST_BL1_2 OFF CACHE BOOL "Whether to build BL1_2 tests")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]23
Roman Mazurakff8e5072022-09-14 00:08:48 +0300[diff] [blame]24set(PLATFORM_HAS_ISOLATION_L3_SUPPORT OFF CACHE BOOL "Platform supports Isolation level 3")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]25set(TFM_ISOLATION_LEVEL 1 CACHE STRING "Isolation level")
Kevin Peng386374c2021-11-04 14:36:17 +0800[diff] [blame]26set(PSA_FRAMEWORK_HAS_MM_IOVEC OFF CACHE BOOL "Enable MM-IOVEC")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]27set(TFM_PROFILE "" CACHE STRING "Profile to use")
Tamas Banb881bea2020-11-04 16:18:36 +0000[diff] [blame]28set(TFM_FIH_PROFILE OFF CACHE STRING "Fault injection hardening profile [OFF, LOW, MEDIUM, HIGH]")
Anton Komleva07180c2022-10-24 23:53:47 +0100[diff] [blame]29set(CONFIG_TFM_SPM_BACKEND "SFN" CACHE STRING "The SPM backend [IPC, SFN]")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]30
Sherry Zhnag482b88b2021-08-19 17:51:47 +0800[diff] [blame]31# An NSPE client_id is provided by the NSPE OS via the SPM or directly by the SPM.
32# When `TFM_NS_MANAGE_NSID` is `ON`, TF-M supports NSPE OS providing NSPE client_id.
33set(TFM_NS_MANAGE_NSID OFF CACHE BOOL "Support NSPE OS providing NSPE client_id")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]34
35set(TFM_EXTRA_CONFIG_PATH "" CACHE PATH "Path to extra cmake config file")
Kevin Peng38800662021-07-14 10:28:23 +0800[diff] [blame]36
37set(TFM_MANIFEST_LIST ${CMAKE_SOURCE_DIR}/tools/tfm_manifest_list.yaml CACHE FILEPATH "TF-M native Secure Partition manifests list file")
David Hub2694202021-07-15 14:58:39 +0800[diff] [blame]38set(TFM_EXTRA_MANIFEST_LIST_FILES "" CACHE FILEPATH "Extra manifest list file(s), used to list extra Secure Partition manifests.")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]39set(TFM_EXTRA_GENERATED_FILE_LIST_PATH "" CACHE PATH "Path to extra generated file list. Appended to stardard TFM generated file list.")
David Hub2694202021-07-15 14:58:39 +0800[diff] [blame]40set(TFM_EXTRA_PARTITION_PATHS "" CACHE PATH "List of extra Secure Partitions directories. An extra Secure Parition folder contains source code, CMakeLists.txt and manifest files")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]41
Anton Komleva07180c2022-10-24 23:53:47 +0100[diff] [blame]42set(TFM_SPM_LOG_LEVEL TFM_SPM_LOG_LEVEL_SILENCE CACHE STRING "Set default SPM log level as INFO level")
43set(TFM_PARTITION_LOG_LEVEL TFM_PARTITION_LOG_LEVEL_SILENCE CACHE STRING "Set default Secure Partition log level as INFO level")
Shawn Shan6f33aad2020-10-16 15:30:17 +0800[diff] [blame]44
Tamas Banf8b0b2d2020-10-26 13:03:13 +0000[diff] [blame]45set(TFM_CODE_SHARING OFF CACHE PATH "Enable code sharing between MCUboot and secure firmware")
David Vinczea6f501e2021-06-14 10:42:30 +0200[diff] [blame]46set(CONFIG_TFM_BOOT_STORE_MEASUREMENTS ON CACHE BOOL "Store measurement values from all the boot stages. Used for initial attestation token.")
David Vincze8c95d2a2022-01-19 10:11:58 +0100[diff] [blame]47set(CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS ON CACHE BOOL "Enable storing of encoded measurements in boot.")
Tamas Banf8b0b2d2020-10-26 13:03:13 +0000[diff] [blame]48
Raef Colesa198a442020-11-24 11:42:53 +0000[diff] [blame]49set(TFM_INSTALL_PATH ${CMAKE_BINARY_DIR}/install CACHE PATH "Path to which to install TF-M files")
50
Sebastian Bøeb73f1762021-10-28 14:23:13 +0200[diff] [blame]51set(TFM_DEBUG_SYMBOLS ON CACHE BOOL "Add debug symbols. Note that setting CMAKE_BUILD_TYPE to Debug or RelWithDebInfo will also add debug symbols.")
52set(TFM_CODE_COVERAGE OFF CACHE BOOL "Whether to build the binary for lcov tools")
Karl Zhangf897e9e2021-01-08 17:52:53 +0800[diff] [blame]53
Summer Qind8395932021-02-25 14:56:49 +0800[diff] [blame]54set(TFM_PXN_ENABLE OFF CACHE BOOL "Use Privileged execute never (PXN)")
55
Øyvind Rønningstadf2c8dad2021-01-15 15:33:33 +0100[diff] [blame]56set(TFM_EXCEPTION_INFO_DUMP OFF CACHE BOOL "On fatal errors in the secure firmware, capture info about the exception. Print the info if the SPM log level is sufficient.")
57
Sebastian Bøe055d83a2022-02-21 12:01:41 +0100[diff] [blame]58set(CONFIG_TFM_HALT_ON_CORE_PANIC OFF CACHE BOOL "On fatal errors in the secure firmware, halt instead of rebooting.")
59
Chris Brand30106ba2022-01-13 13:48:50 -0800[diff] [blame]60set(CONFIG_TFM_STACK_WATERMARKS OFF CACHE BOOL "Whether to pre-fill partition stacks with a set value to help determine stack usage")
61
Xinyu Zhanga2fab0e2022-10-24 15:37:46 +0800[diff] [blame]62set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/config_base.h" CACHE FILEPATH "User defined header file for TF-M config")
63
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]64############################ Platform ##########################################
65
David Hu8b526d42020-11-27 20:59:52 +0800[diff] [blame]66set(NUM_MAILBOX_QUEUE_SLOT 1 CACHE BOOL "Number of mailbox queue slots")
Mark Horvathdadc1ea2021-03-12 15:39:25 +0100[diff] [blame]67set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM OFF CACHE BOOL "Whether to use a platform specific inter-core communication instead of mailbox in dual-cpu topology")
David Hu60863942020-10-14 14:49:19 +0800[diff] [blame]68
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]69set(DEBUG_AUTHENTICATION CHIP_DEFAULT CACHE STRING "Debug authentication setting. [CHIP_DEFAULT, NONE, NS_ONLY, FULL")
70set(SECURE_UART1 OFF CACHE BOOL "Enable secure UART1")
71
72set(CRYPTO_HW_ACCELERATOR OFF CACHE BOOL "Whether to enable the crypto hardware accelerator on supported platforms")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]73
Raef Coles148b9472021-06-18 08:48:17 +0100[diff] [blame]74set(OTP_NV_COUNTERS_RAM_EMULATION OFF CACHE BOOL "Enable OTP/NV_COUNTERS emulation in RAM. Has no effect on non-default implementations of the OTP and NV_COUNTERS")
Raef Coles249aba92022-06-16 10:20:29 +0100[diff] [blame]75set(TFM_NS_NV_COUNTER_AMOUNT 0 CACHE STRING "How many NS NV counters are enabled")
Raef Coles148b9472021-06-18 08:48:17 +0100[diff] [blame]76
Raef Coles15a37f82021-12-07 15:59:14 +0000[diff] [blame]77set(PLATFORM_DEFAULT_BL1 ON CACHE STRING "Whether to use default BL1 or platform-specific one")
78
Raef Coles33ff1532021-06-18 09:18:08 +0100[diff] [blame]79set(PLATFORM_DEFAULT_ATTEST_HAL ON CACHE BOOL "Use default attest hal implementation.")
80set(PLATFORM_DEFAULT_NV_COUNTERS ON CACHE BOOL "Use default nv counter implementation.")
81set(PLATFORM_DEFAULT_CRYPTO_KEYS ON CACHE BOOL "Use default crypto keys implementation.")
82set(PLATFORM_DEFAULT_ROTPK ON CACHE BOOL "Use default root of trust public key.")
83set(PLATFORM_DEFAULT_IAK ON CACHE BOOL "Use default initial attestation_key.")
84set(PLATFORM_DEFAULT_UART_STDOUT ON CACHE BOOL "Use default uart stdout implementation.")
85set(PLATFORM_DEFAULT_NV_SEED ON CACHE BOOL "Use default NV seed implementation.")
Raef Coles148b9472021-06-18 08:48:17 +0100[diff] [blame]86set(PLATFORM_DEFAULT_OTP ON CACHE BOOL "Use trusted on-chip flash to implement OTP memory")
Michel Jaouend0fd8d92021-10-14 09:22:41 +0200[diff] [blame]87set(PLATFORM_DEFAULT_OTP_WRITEABLE ON CACHE BOOL "Use OTP memory with write support")
Raef Colesaefbe082021-06-18 08:53:43 +0100[diff] [blame]88set(PLATFORM_DEFAULT_PROVISIONING ON CACHE BOOL "Use default provisioning implementation")
Raef Coles236c1882022-09-13 13:35:43 +0100[diff] [blame]89set(PLATFORM_DEFAULT_SYSTEM_RESET_HALT ON CACHE BOOL "Use default system reset/halt implementation")
Raef Colesaefbe082021-06-18 08:53:43 +0100[diff] [blame]90
91set(TFM_DUMMY_PROVISIONING ON CACHE BOOL "Provision with dummy values. NOT to be used in production")
Satish Kumarfab99222021-07-22 16:32:15 +0100[diff] [blame]92set(PLATFORM_IS_FVP FALSE CACHE BOOL "Whether to enable FVP or FPGA build of the platform.")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]93
Satish Kumare945bc22021-07-31 08:26:27 +0100[diff] [blame]94set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.")
95set(PLATFORM_PSA_ADAC_SOURCE_PATH "DOWNLOAD" CACHE PATH "Path to source dir of psa-adac.")
96set(PLATFORM_PSA_ADAC_VERSION "427923cc0152578d536fb2065154d5d0dd874910" CACHE STRING "The version of psa-adac to use.")
97
Raef Coles15a37f82021-12-07 15:59:14 +0000[diff] [blame]98set(BL1_HEADER_SIZE 0x000 CACHE STRING "BL1 Header size")
99set(BL1_TRAILER_SIZE 0x000 CACHE STRING "BL1 Trailer size")
100
Raef Colesf0ba05b2021-11-25 09:57:17 +0000[diff] [blame]101set(BL2_HEADER_SIZE 0x000 CACHE STRING "BL2 Header size")
102set(BL2_TRAILER_SIZE 0x000 CACHE STRING "BL2 Trailer size")
103
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]104############################ Partitions ########################################
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]105set(TFM_PARTITION_PROTECTED_STORAGE OFF CACHE BOOL "Enable Protected Storage partition")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]106set(PS_ENCRYPTION ON CACHE BOOL "Enable encryption for Protected Storage partition")
Jamie Fox865778b2020-10-23 19:52:51 +0100[diff] [blame]107set(PS_CRYPTO_AEAD_ALG PSA_ALG_GCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in Protected Storage")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]108
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]109set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]110
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]111set(TFM_PARTITION_CRYPTO OFF CACHE BOOL "Enable Crypto partition")
Raef Coles79809c72022-03-02 13:48:20 +0000[diff] [blame]112set(CRYPTO_TFM_BUILTIN_KEYS_DRIVER ON CACHE BOOL "Whether to allow crypto service to store builtin keys. Without this, ALL builtin keys must be stored in a platform-specific location")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]113
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]114set(TFM_PARTITION_INITIAL_ATTESTATION OFF CACHE BOOL "Enable Initial Attestation partition")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]115set(SYMMETRIC_INITIAL_ATTESTATION OFF CACHE BOOL "Use symmetric crypto for inital attestation")
Joakim Andersson7f572ff2022-08-09 16:50:36 +0200[diff] [blame]116set(ATTEST_INCLUDE_TEST_CODE OFF CACHE BOOL "Include minimal development tests in the initial attestation regression test suite")
David Vincze75ee5162022-06-08 17:23:09 +0200[diff] [blame]117set(ATTEST_KEY_BITS 256 CACHE STRING "The size of the initial attestation key in bits")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]118
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]119set(TFM_PARTITION_PLATFORM OFF CACHE BOOL "Enable Platform partition")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]120
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]121################################## Dependencies ################################
122
123set(MBEDCRYPTO_PATH "DOWNLOAD" CACHE PATH "Path to Mbed Crypto (or DOWNLOAD to fetch automatically")
Antonio de Angelis90bee0f2022-07-13 11:22:41 +0100[diff] [blame]124set(MBEDCRYPTO_VERSION "mbedtls-3.2.1" CACHE STRING "The version of Mbed Crypto to use")
Summer Qin853a5472022-04-01 16:53:45 +0800[diff] [blame]125set(MBEDCRYPTO_GIT_REMOTE "https://github.com/Mbed-TLS/mbedtls.git" CACHE STRING "The URL (or path) to retrieve MbedTLS from.")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]126set(MBEDCRYPTO_BUILD_TYPE "${CMAKE_BUILD_TYPE}" CACHE STRING "Build type of Mbed Crypto library")
Håkon Øye Amundsen8ab569b2021-11-04 13:59:04 +0000[diff] [blame]127set(TFM_MBEDCRYPTO_CONFIG_PATH
128 "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h" CACHE PATH
129 "Config to use for Mbed Crypto. For increased flexibility when pointing to a file, set the type \
130of this setting to 'STRING' by passing the :<type> portion when specifying the setting value in \
131the command line. E.g. '-DTFM_MBEDCRYPTO_CONFIG_PATH:STRING=some_file_which_is_generated.h' \
132This can be useful if the config file is generated and placed inside a directory already added \
133to the include path of mbedtls.")
Summer Qin7c0d8d32021-12-17 15:43:08 +0800[diff] [blame]134set(TFM_MBEDCRYPTO_PSA_CRYPTO_CONFIG_PATH "${CMAKE_SOURCE_DIR}/lib/ext/mbedcrypto/mbedcrypto_config/crypto_config_default.h" CACHE PATH "Config to use psa crypto setting for Mbed Crypto.")
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]135set(TFM_MBEDCRYPTO_PLATFORM_EXTRA_CONFIG_PATH "" CACHE PATH "Config to append to standard Mbed Crypto config, used by platforms to cnfigure feature support")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]136
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]137set(MCUBOOT_PATH "DOWNLOAD" CACHE PATH "Path to MCUboot (or DOWNLOAD to fetch automatically")
138set(MCUBOOT_VERSION "v1.9.0" CACHE STRING "The version of MCUboot to use")
Raef Coles9ec67e62020-07-10 09:40:35 +0100[diff] [blame]139
140set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch tests (or DOWNLOAD to fetch automatically")
Summer Qindaa230f2022-11-09 14:28:07 +0800[diff] [blame]141set(PSA_ARCH_TESTS_VERSION "cf8bd71" CACHE STRING "The version of PSA arch tests to use")
David Vincze0c515de2020-11-25 19:02:57 +0100[diff] [blame]142
Gabor Abonyie3222f92022-04-07 13:53:03 +0200[diff] [blame]143set(NS_EVALUATION_APP_PATH "" CACHE PATH "Path to TFM NS Evaluation Application")
144
David Vincze0c515de2020-11-25 19:02:57 +0100[diff] [blame]145################################################################################
146################################################################################
147
148# Specifying the accepted values for certain configuration options to facilitate
149# their later validation.
150
Tamas Banb881bea2020-11-04 16:18:36 +0000[diff] [blame]151########################## FIH #################################################
152
153set_property(CACHE TFM_FIH_PROFILE PROPERTY STRINGS "OFF;LOW;MEDIUM;HIGH")