CONFIG_BUILD_WITH_TFM

Build with TF-M as the Secure Execution Environment

Type: bool

Help

When enabled, this option instructs the Zephyr build process to additionaly generate a TF-M image for the Secure Execution environment, along with the Zephyr image. The Zephyr image itself is to be executed in the Non-Secure Processing Environment. The required dependency on TRUSTED_EXECUTION_NONSECURE ensures that the Zephyr image is built as a Non-Secure image. Both TF-M and Zephyr images, as well as the veneer object file that links them, are generated during the normal Zephyr build process.

Note:

Building with the “_nonsecure” BOARD variant (e.g. “mps2_an521_nonsecure”) ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

Default

• n

Symbols selected by this symbol

• PM_SINGLE_IMAGE

• CMSIS_RTOS_V2

Symbols implied by this symbol

• POLL

• THREAD_NAME

• THREAD_STACK_INFO

• INIT_STACKS

• THREAD_MONITOR

• BUILD_OUTPUT_HEX

• INIT_ARCH_HW_AT_BOOT

Kconfig definitions

At <Zephyr>/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig:22

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:18

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default n
    depends on BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS || BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS

---

At <nRF>/subsys/partition_manager/Kconfig:130

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:23 → <Zephyr>/modules/Kconfig:6 → <BuildDir>/Kconfig/Kconfig.modules:2 → <nRF>/Kconfig.nrf:25 → <nRF>/subsys/Kconfig:36

Menu path: (Top) → Modules → nrf (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrf) → Nordic nRF Connect → Partition Manager

config BUILD_WITH_TFM
    bool
    select PM_SINGLE_IMAGE

---

At <Zephyr>/modules/Kconfig.tfm:22

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:23 → <Zephyr>/modules/Kconfig:32

Menu path: (Top) → Modules

menuconfig BUILD_WITH_TFM
    bool "Build with TF-M as the Secure Execution Environment"
    select CMSIS_RTOS_V2
    imply POLL
    imply THREAD_NAME
    imply THREAD_STACK_INFO
    imply INIT_STACKS
    imply THREAD_MONITOR
    imply BUILD_OUTPUT_HEX
    imply INIT_ARCH_HW_AT_BOOT
    depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M
    help
      When enabled, this option instructs the Zephyr build process to
      additionaly generate a TF-M image for the Secure Execution
      environment, along with the Zephyr image. The Zephyr image
      itself is to be executed in the Non-Secure Processing Environment.
      The required dependency on TRUSTED_EXECUTION_NONSECURE
      ensures that the Zephyr image is built as a Non-Secure image. Both
      TF-M and Zephyr images, as well as the veneer object file that links
      them, are generated during the normal Zephyr build process.

      Note:
        Building with the "_nonsecure" BOARD variant (e.g.
        "mps2_an521_nonsecure") ensures that
        CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)