CONFIG_BUILD_WITH_TFM

Build with TF-M as the Secure Execution Environment

Build with TF-M as the Secure Execution Environment

Build with TF-M as the Secure Execution Environment

Type: bool

Help

When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.

Notes:
  Building with the "_nonsecure" BOARD variant (e.g.
  "mps2_an521_nonsecure") ensures that
  CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

  By default we allow Zephyr preemptible threads be preempted
  while performing a secure function call.

Help

When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.

Notes:
  Building with the "_nonsecure" BOARD variant (e.g.
  "mps2_an521_nonsecure") ensures that
  CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

  By default we allow Zephyr preemptible threads be preempted
  while performing a secure function call.

Help

When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.

Notes:
  Building with the "_nonsecure" BOARD variant (e.g.
  "mps2_an521_nonsecure") ensures that
  CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

  By default we allow Zephyr preemptible threads be preempted
  while performing a secure function call.

Symbols selected by this symbol

Kconfig definitions

At <Zephyr>/boards/arm/bl5340_dvk/Kconfig.defconfig:28

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:18

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if BOARD_BL5340_DVK_CPUAPPNS
    depends on BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPPNS

At <Zephyr>/boards/arm/mps2_an521/Kconfig.defconfig:20

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:18

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if TRUSTED_EXECUTION_NONSECURE
    depends on BOARD_MPS2_AN521

At <Zephyr>/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig:14

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:18

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default n
    depends on BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS

At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:23<Zephyr>/modules/Kconfig:6<BuildDir>/kconfig/Kconfig.modules:14<nRF>/modules/trusted-firmware-m/Kconfig:34<Zephyr>/modules/trusted-firmware-m/Kconfig:7

Menu path: (Top) → Modules → trusted-firmware-m (/home/runner/work/sdk-nrf/sdk-nrf/ncs/modules/tee/tfm)

menuconfig BUILD_WITH_TFM
    bool "Build with TF-M as the Secure Execution Environment"
    select BUILD_OUTPUT_HEX
    imply INIT_ARCH_HW_AT_BOOT
    imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && !TFM_MINIMAL
    help
      When enabled, this option instructs the Zephyr build process to
      additionally generate a TF-M image for the Secure Execution
      environment, along with the Zephyr image. The Zephyr image
      itself is to be executed in the Non-Secure Processing Environment.
      The required dependency on TRUSTED_EXECUTION_NONSECURE
      ensures that the Zephyr image is built as a Non-Secure image. Both
      TF-M and Zephyr images, as well as the veneer object file that links
      them, are generated during the normal Zephyr build process.

      Notes:
        Building with the "_nonsecure" BOARD variant (e.g.
        "mps2_an521_nonsecure") ensures that
        CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

        By default we allow Zephyr preemptible threads be preempted
        while performing a secure function call.

At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:23<Zephyr>/modules/Kconfig:6<BuildDir>/kconfig/Kconfig.modules:14<nRF>/modules/trusted-firmware-m/Kconfig:43

Menu path: (Top) → Modules → trusted-firmware-m (/home/runner/work/sdk-nrf/sdk-nrf/ncs/modules/tee/tfm)

menuconfig BUILD_WITH_TFM
    bool "Build with TF-M as the Secure Execution Environment"
    select BUILD_OUTPUT_HEX
    imply INIT_ARCH_HW_AT_BOOT
    imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && TFM_MINIMAL
    help
      When enabled, this option instructs the Zephyr build process to
      additionally generate a TF-M image for the Secure Execution
      environment, along with the Zephyr image. The Zephyr image
      itself is to be executed in the Non-Secure Processing Environment.
      The required dependency on TRUSTED_EXECUTION_NONSECURE
      ensures that the Zephyr image is built as a Non-Secure image. Both
      TF-M and Zephyr images, as well as the veneer object file that links
      them, are generated during the normal Zephyr build process.

      Notes:
        Building with the "_nonsecure" BOARD variant (e.g.
        "mps2_an521_nonsecure") ensures that
        CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

        By default we allow Zephyr preemptible threads be preempted
        while performing a secure function call.

At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25

Included via <Zephyr>/Kconfig:8<Zephyr>/Kconfig.zephyr:23<Zephyr>/modules/Kconfig:66<Zephyr>/modules/trusted-firmware-m/Kconfig:7

Menu path: (Top) → Modules

menuconfig BUILD_WITH_TFM
    bool "Build with TF-M as the Secure Execution Environment"
    select BUILD_OUTPUT_HEX
    imply INIT_ARCH_HW_AT_BOOT
    imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && 0
    help
      When enabled, this option instructs the Zephyr build process to
      additionally generate a TF-M image for the Secure Execution
      environment, along with the Zephyr image. The Zephyr image
      itself is to be executed in the Non-Secure Processing Environment.
      The required dependency on TRUSTED_EXECUTION_NONSECURE
      ensures that the Zephyr image is built as a Non-Secure image. Both
      TF-M and Zephyr images, as well as the veneer object file that links
      them, are generated during the normal Zephyr build process.

      Notes:
        Building with the "_nonsecure" BOARD variant (e.g.
        "mps2_an521_nonsecure") ensures that
        CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

        By default we allow Zephyr preemptible threads be preempted
        while performing a secure function call.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)