CONFIG_BUILD_WITH_TFM¶
Build with TF-M as the Secure Execution Environment
Build with TF-M as the Secure Execution Environment
Build with TF-M as the Secure Execution Environment
Type: bool
Help¶
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
Help¶
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
Help¶
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
Direct dependencies¶
BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS || BOARD_MPS2_AN521_CPU0 || BOARD_MPS2_AN521_CPU0_NS || BOARD_MPS2_AN521_CPU1 || BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS || (TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != “” && ARM_TRUSTZONE_M && !TFM_MINIMAL) || (TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != “” && ARM_TRUSTZONE_M && TFM_MINIMAL) || (TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != “” && ARM_TRUSTZONE_M && 0)
(Includes any dependencies from ifs and menus.)
Defaults¶
Symbols selected by this symbol¶
Symbols implied by this symbol¶
Kconfig definitions¶
At <Zephyr>/boards/arm/bl5340_dvk/Kconfig.defconfig:28
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:22
Menu path: (Top)
config BUILD_WITH_TFM
bool
default y if BOARD_BL5340_DVK_CPUAPP_NS
depends on BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS
At <Zephyr>/boards/arm/mps2_an521/Kconfig.defconfig:21
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:22
Menu path: (Top)
config BUILD_WITH_TFM
bool
default y if TRUSTED_EXECUTION_NONSECURE
depends on BOARD_MPS2_AN521_CPU0 || BOARD_MPS2_AN521_CPU0_NS || BOARD_MPS2_AN521_CPU1
At <Zephyr>/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig:14
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:22
Menu path: (Top)
config BUILD_WITH_TFM
bool
default n
depends on BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS
At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:14 → <nRF>/modules/trusted-firmware-m/Kconfig:34 → <Zephyr>/modules/trusted-firmware-m/Kconfig:7
Menu path: (Top) → Modules → trusted-firmware-m (/home/runner/work/sdk-nrf/sdk-nrf/ncs/modules/tee/tfm)
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
select BUILD_OUTPUT_HEX
imply INIT_ARCH_HW_AT_BOOT
imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && !TFM_MINIMAL
help
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:14 → <nRF>/modules/trusted-firmware-m/Kconfig:43
Menu path: (Top) → Modules → trusted-firmware-m (/home/runner/work/sdk-nrf/sdk-nrf/ncs/modules/tee/tfm)
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
select BUILD_OUTPUT_HEX
imply INIT_ARCH_HW_AT_BOOT
imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && TFM_MINIMAL
help
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
At <Zephyr>/modules/trusted-firmware-m/Kconfig.tfm:25
Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:31 → <Zephyr>/modules/Kconfig:74 → <Zephyr>/modules/trusted-firmware-m/Kconfig:7
Menu path: (Top) → Modules
menuconfig BUILD_WITH_TFM
bool "Build with TF-M as the Secure Execution Environment"
select BUILD_OUTPUT_HEX
imply INIT_ARCH_HW_AT_BOOT
imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && 0
help
When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.
Notes:
Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
By default we allow Zephyr preemptible threads be preempted
while performing a secure function call.
(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)