patrick/zephyr
1
0
Fork 0
Code Issues Pull requests Actions 7 Packages Projects Releases Wiki Activity
zephyr/modules/trusted-firmware-m/Kconfig.tfm.partitions
Kevin Townsend cd8d4ccad5 modules: tfm: Disable initial attestation service 
Prevents Zephyr from enabling the initial attestation service in TF-M,
due to a dependency it has on an incompatibly-licensed library (QCBOR).

This update checks if either of the following config flags are
enabled at build time:

- `CONFIG_TFM_PARTITION_INITIAL_ATTESTATION`
- `CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION`

If either of these are set to true, a fatal error will be thrown at
build time, indicating the reason for the failure.

This change can be reverted once a longer term solution to the QCBOR
license issues has been resolved.

Signed-off-by: Kevin Townsend <kevin.townsend@linaro.org>
2023-02-11 07:59:06 +09:00

94 lines
3.4 KiB
Plaintext
Raw Blame History

# Configuration for the partitions in the TF-M Module
# Copyright (c) 2021 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0
if BUILD_WITH_TFM
config TFM_PARTITION_PROTECTED_STORAGE
bool "Secure partition 'Protected Storage'"
depends on TFM_PARTITION_PLATFORM # Specfically TFM_SP_PLATFORM_NV_COUNTER service
depends on TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
depends on TFM_PARTITION_CRYPTO
default y
help
Setting this option will cause '-DTFM_PARTITION_PROTECTED_STORAGE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
bool "Secure partition 'Internal Trusted Storage'"
default y
help
Setting this option will cause '-DTFM_PARTITION_INTERNAL_TRUSTED_STORAGE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_CRYPTO
bool "Secure partition 'Crypto'"
default y
help
Setting this option will cause '-DTFM_PARTITION_CRYPTO'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_INITIAL_ATTESTATION
bool "Secure partition 'Initial Attestation'"
depends on TFM_PARTITION_CRYPTO
default n
help
Setting this option will cause '-DTFM_PARTITION_INITIAL_ATTESTATION'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_PLATFORM
bool "Secure partition 'Platform'"
default y
help
Setting this option will cause '-DTFM_PARTITION_PLATFORM'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
config TFM_PARTITION_FIRMWARE_UPDATE
bool "Include the secure parition 'Firmware Update'"
select TFM_MCUBOOT_DATA_SHARING
default n
help
Setting this option will cause '-DTFM_PARTITION_FIRMWARE_UPDATE'
to be passed to the TF-M build system. Look at 'config_default.cmake'
in the trusted-firmware-m repository for details regarding this
parameter. Any dependencies between the various TFM_PARTITION_*
options are handled by the build system in the trusted-firmware-m
repository.
choice TFM_PARTITION_LOG_LEVEL
prompt "TF-M Partition Log Level" if !TFM_LOG_LEVEL_SILENCE
default TFM_PARTITION_LOG_LEVEL_INFO
config TFM_PARTITION_LOG_LEVEL_DEBUG
bool "Debug"
config TFM_PARTITION_LOG_LEVEL_INFO
bool "Info"
config TFM_PARTITION_LOG_LEVEL_ERROR
bool "Error"
config TFM_PARTITION_LOG_LEVEL_SILENCE
bool "Off"
endchoice
endif # BUILD_WITH_TFM
Reference in a new issue View git blame Copy permalink