patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 7 Packages Projects Releases Wiki Activity
zephyr/modules/trusted-firmware-m/Kconfig.tfm.partitions
Joakim Andersson 2687376eff tfm: Enforce initial attestation with required key provisioned 
Enforce that the initial attestation partition has the required
initial attestation key provisioned.

If the initial attestation key (IAK) is not present during boot of
TF-M the system will panic during initialization.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-12-12 19:08:46 +01:00

95 lines
3.5 KiB
Plaintext
Raw Blame History

# Configuration for the partitions in the TF-M Module
# Copyright (c) 2021 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0
if BUILD_WITH_TFM
config TFM_PARTITION_PROTECTED_STORAGE
bool "Secure partition 'Protected Storage'"
depends on TFM_PARTITION_PLATFORM # Specfically TFM_SP_PLATFORM_NV_COUNTER service
depends on TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
depends on TFM_PARTITION_CRYPTO
default y
help
Setting this option will cause '-DTFM_PARTITION_PROTECTED_STORAGE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
bool "Secure partition 'Internal Trusted Storage'"
default y
help
Setting this option will cause '-DTFM_PARTITION_INTERNAL_TRUSTED_STORAGE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_CRYPTO
bool "Secure partition 'Crypto'"
default y
help
Setting this option will cause '-DTFM_PARTITION_CRYPTO'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_INITIAL_ATTESTATION
bool "Secure partition 'Initial Attestation'"
depends on TFM_PARTITION_CRYPTO
depends on TFM_INITIAL_ATTESTATION_KEY
default n
help
Setting this option will cause '-DTFM_PARTITION_INITIAL_ATTESTATION'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_PLATFORM
bool "Secure partition 'Platform'"
default y
help
Setting this option will cause '-DTFM_PARTITION_PLATFORM'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_FIRMWARE_UPDATE
bool "Include the secure parition 'Firmware Update'"
select TFM_MCUBOOT_DATA_SHARING
default n
help
Setting this option will cause '-DTFM_PARTITION_FIRMWARE_UPDATE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
choice TFM_PARTITION_LOG_LEVEL
prompt "TF-M Partition Log Level" if !TFM_LOG_LEVEL_SILENCE
default TFM_PARTITION_LOG_LEVEL_INFO
config TFM_PARTITION_LOG_LEVEL_DEBUG
bool "Debug"
config TFM_PARTITION_LOG_LEVEL_INFO
bool "Info"
config TFM_PARTITION_LOG_LEVEL_ERROR
bool "Error"
config TFM_PARTITION_LOG_LEVEL_SILENCE
bool "Off"
endchoice
endif # BUILD_WITH_TFM
Reference in a new issue View git blame Copy permalink