@@ -22,6 +22,9 @@ if(CONFIG_TFM_PARTITION_PLATFORM AND CONFIG_SOC_FAMILY_NORDIC_NRF)
2222 )
2323endif ()
2424
25+ set_property (GLOBAL PROPERTY
26+ tfm_PM_HEX_FILE $< TARGET_PROPERTY:tfm,TFM_S_HEX_FILE>
27+ )
2528if (CONFIG_TFM_USE_NS_APP )
2629 set_property (GLOBAL PROPERTY
2730 app_PM_HEX_FILE $< TARGET_PROPERTY:tfm,TFM_NS_HEX_FILE>
@@ -37,148 +40,53 @@ if(CONFIG_BOOTLOADER_MCUBOOT AND NOT CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY)
3740
3841 set (mcuboot_single_slot )
3942 mcuboot_single_check (mcuboot_single_slot )
40-
41- if (mcuboot_single_slot )
42- set_property (TARGET zephyr_property_target
43- APPEND PROPERTY TFM_CMAKE_OPTIONS
44- -DNRF_NS_SECONDARY=n
45- )
46- else ()
47- set_property (TARGET zephyr_property_target
48- APPEND PROPERTY TFM_CMAKE_OPTIONS
49- -DNRF_NS_SECONDARY=y
50- )
51- endif ()
52- endif ()
53-
54- if (CONFIG_TFM_HW_INIT_RESET_ON_BOOT )
55- set_property (TARGET zephyr_property_target
56- APPEND PROPERTY TFM_CMAKE_OPTIONS
57- -DNRF_HW_INIT_RESET_ON_BOOT=ON
58- )
59-
60- if (CONFIG_TFM_HW_INIT_NRF_PERIPHERALS )
61- set_property (TARGET zephyr_property_target
62- APPEND PROPERTY TFM_CMAKE_OPTIONS
63- -DNRF_HW_INIT_NRF_PERIPHERALS=ON
64- )
65- endif ()
66- endif ()
67-
68- if (CONFIG_TFM_ALLOW_NON_SECURE_RESET )
69- set_property (TARGET zephyr_property_target
70- APPEND PROPERTY TFM_CMAKE_OPTIONS
71- -DNRF_ALLOW_NON_SECURE_RESET=ON )
7243endif ()
7344
7445set_property (TARGET zephyr_property_target
7546 APPEND PROPERTY TFM_CMAKE_OPTIONS
7647 -DCONFIG_TFM_HALT_ON_CORE_PANIC=${CONFIG_TFM_HALT_ON_CORE_PANIC}
77- )
78-
79- set_property (TARGET zephyr_property_target
80- APPEND PROPERTY TFM_CMAKE_OPTIONS
8148 -DCONFIG_HW_UNIQUE_KEY=${CONFIG_HW_UNIQUE_KEY}
8249 -DCONFIG_HW_UNIQUE_KEY_RANDOM=${CONFIG_HW_UNIQUE_KEY_RANDOM}
8350 -DCRYPTO_TFM_BUILTIN_KEYS_DRIVER=${CONFIG_TFM_CRYPTO_BUILTIN_KEYS}
84- )
85-
86- set_property (TARGET zephyr_property_target
87- APPEND PROPERTY TFM_CMAKE_OPTIONS
8851 -DSECURE_UART1=${CONFIG_TFM_SECURE_UART}
89- )
90-
91- if (CONFIG_TFM_SECURE_UART0 )
92- set_property (TARGET zephyr_property_target
93- APPEND PROPERTY TFM_CMAKE_OPTIONS
94- -DNRF_SECURE_UART_INSTANCE=0
95- )
96- endif ()
97-
98- if (CONFIG_TFM_SECURE_UART1 )
99- set_property (TARGET zephyr_property_target
100- APPEND PROPERTY TFM_CMAKE_OPTIONS
101- -DNRF_SECURE_UART_INSTANCE=1
102- )
103- endif ()
104-
105- if (CONFIG_TFM_SECURE_UART00 )
106- set_property (TARGET zephyr_property_target
107- APPEND PROPERTY TFM_CMAKE_OPTIONS
108- -DNRF_SECURE_UART_INSTANCE=00
109- )
110- endif ()
111-
112- if (CONFIG_TFM_SECURE_UART20 )
113- set_property (TARGET zephyr_property_target
114- APPEND PROPERTY TFM_CMAKE_OPTIONS
115- -DNRF_SECURE_UART_INSTANCE=20
116- )
117- endif ()
118-
119- if (CONFIG_TFM_SECURE_UART21 )
120- set_property (TARGET zephyr_property_target
121- APPEND PROPERTY TFM_CMAKE_OPTIONS
122- -DNRF_SECURE_UART_INSTANCE=21
123- )
124- endif ()
125-
126- if (CONFIG_TFM_SECURE_UART22 )
127- set_property (TARGET zephyr_property_target
128- APPEND PROPERTY TFM_CMAKE_OPTIONS
129- -DNRF_SECURE_UART_INSTANCE=22
130- )
131- endif ()
132-
133- if (CONFIG_TFM_SECURE_UART30 )
134- set_property (TARGET zephyr_property_target
135- APPEND PROPERTY TFM_CMAKE_OPTIONS
136- -DNRF_SECURE_UART_INSTANCE=30
137- )
138- endif ()
139-
140- set_property (TARGET zephyr_property_target
141- APPEND PROPERTY TFM_CMAKE_OPTIONS
14252 -DCONFIG_TFM_LOG_SHARE_UART=${CONFIG_TFM_SECURE_UART_SHARE_INSTANCE}
143- )
144-
145- set_property (GLOBAL PROPERTY
146- tfm_PM_HEX_FILE $< TARGET_PROPERTY:tfm,TFM_S_HEX_FILE>
147- )
148-
149- set_property (TARGET zephyr_property_target
150- APPEND PROPERTY TFM_CMAKE_OPTIONS
15153 -DZEPHYR_NRF_MODULE_DIR=${ZEPHYR_NRF_MODULE_DIR}
152- )
153-
154- set_property (TARGET zephyr_property_target
155- APPEND PROPERTY TFM_CMAKE_OPTIONS
15654 -DZEPHYR_BASE=${ZEPHYR_BASE}
55+ -DCRYPTO_HW_ACCELERATOR=ON
56+ -DPLATFORM_DEFAULT_NV_SEED=OFF
57+ -DTFM_CPU_FREQ_MHZ=${CONFIG_TFM_CPU_FREQ_MHZ}
58+ # Pass Zephyr Python to TF-M so both uses identical Python.
59+ -DPython3_EXECUTABLE=${Python3_EXECUTABLE}
60+ -DPROJECT_CONFIG_HEADER_FILE=${CMAKE_CURRENT_BINARY_DIR}/tfm_config.h
61+ -DTFM_EXTRA_CONFIG_PATH= "${CMAKE_CURRENT_BINARY_DIR} /config_extra.cmake"
62+ $< $< BOOL:mcuboot_single_slot> >
63+ $< $< NOT:$< BOOL:mcuboot_single_slot> > >
64+ $< $< BOOL:${CONFIG_TFM_HW_INIT_RESET_ON_BOOT} > >
65+ $< $< BOOL:${CONFIG_TFM_HW_INIT_NRF_PERIPHERALS} > >
66+ $< $< BOOL:${CONFIG_TFM_ALLOW_NON_SECURE_RESET} > >
67+ $< $< BOOL:${CONFIG_TFM_SECURE_UART0} > >
68+ $< $< BOOL:${CONFIG_TFM_SECURE_UART1} > >
69+ $< $< BOOL:${CONFIG_TFM_SECURE_UART00} > >
70+ $< $< BOOL:${CONFIG_TFM_SECURE_UART20} > >
71+ $< $< BOOL:${CONFIG_TFM_SECURE_UART21} > >
72+ $< $< BOOL:${CONFIG_TFM_SECURE_UART22} > >
73+ $< $< BOOL:${CONFIG_TFM_SECURE_UART30} > >
74+ $< $< BOOL:${CONFIG_TFM_ALLOW_NON_SECURE_FAULT_HANDLING} > >
75+ $< $< BOOL:${CONFIG_TFM_LOG_LEVEL_SILENCE} > >
76+ # NCSDK-13530 - Allow TF-M crypto to not depend on ITS when PSA crypto storage is disabled.
77+ $< $< NOT:$< BOOL:${CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C} > > >
78+ $< $< BOOL:${CONFIG_BOOTLOADER_MCUBOOT} > >
79+ $< $< BOOL:${CONFIG_TFM_NRF_PROVISIONING} > >
80+ $< $< BOOL:${CONFIG_TFM_PSA_FRAMEWORK_HAS_MM_IOVEC} > >
81+ $< $< BOOL:${CONFIG_NRF_TRACE_PORT} > >
82+ $< $< BOOL:${CONFIG_TFM_CONN_HANDLE_MAX_NUM} > ${CONFIG_TFM_CONN_HANDLE_MAX_NUM} >
83+ $< $< BOOL:${CONFIG_NRF_APPROTECT_LOCK} > >
84+ $< $< BOOL:${CONFIG_NRF_APPROTECT_USER_HANDLING} > >
85+ $< $< BOOL:${CONFIG_NRF_SECURE_APPROTECT_LOCK} > >
86+ $< $< BOOL:${CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING} > >
87+ $< $< BOOL:${CONFIG_IDENTITY_KEY_TFM} > >
15788)
15889
159- set_property (TARGET zephyr_property_target
160- APPEND PROPERTY TFM_CMAKE_OPTIONS
161- -DCRYPTO_HW_ACCELERATOR=True
162- )
163-
164- set_property (TARGET zephyr_property_target
165- APPEND PROPERTY TFM_CMAKE_OPTIONS -DPLATFORM_DEFAULT_NV_SEED=OFF
166- )
167-
168- if (CONFIG_TFM_ALLOW_NON_SECURE_FAULT_HANDLING )
169- set_property (TARGET zephyr_property_target
170- APPEND PROPERTY TFM_CMAKE_OPTIONS
171- -DNRF_ALLOW_NON_SECURE_FAULT_HANDLING=True
172- )
173- endif ()
174-
175- if (CONFIG_TFM_LOG_LEVEL_SILENCE )
176- set_property (TARGET zephyr_property_target
177- APPEND PROPERTY TFM_CMAKE_OPTIONS
178- -DPLATFORM_DEFAULT_UART_STDOUT=OFF
179- )
180- endif ()
181-
18290if (CONFIG_TFM_PROFILE_TYPE_MINIMAL )
18391 set_property (TARGET zephyr_property_target
18492 APPEND PROPERTY TFM_CMAKE_OPTIONS
@@ -204,116 +112,24 @@ if(CONFIG_TFM_PLATFORM_NV_COUNTER_MODULE_DISABLED)
204112 -DPLATFORM_DEFAULT_OTP=OFF
205113 -DPLATFORM_DEFAULT_OTP_WRITEABLE=OFF
206114 -DPLATFORM_DEFAULT_NV_COUNTERS=OFF
207- )
208- endif ()
209-
210- if (NOT CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C )
211- # Workaround: NCSDK-13530
212- # Allow TF-M crypto to not depend on ITS when PSA crypto storage is disabled.
213- set_property (TARGET zephyr_property_target
214- APPEND PROPERTY TFM_CMAKE_OPTIONS
215- -DCRYPTO_STORAGE_DISABLED=TRUE
216- )
217- endif ()
218-
219- if (CONFIG_BOOTLOADER_MCUBOOT )
220- set_property (TARGET zephyr_property_target
221- APPEND PROPERTY TFM_CMAKE_OPTIONS
222- -DCONFIG_BOOTLOADER_MCUBOOT=TRUE
223115 )
224116endif ()
225117
226118if (CONFIG_TFM_NRF_PROVISIONING )
227- set_property (TARGET zephyr_property_target
228- APPEND PROPERTY TFM_CMAKE_OPTIONS
229- -DNRF_PROVISIONING=ON
230- )
231-
232119 message ("
233120 TF-M Provisioning has been enabled
234121 The device must be correctly provisioned in order to boot.
235122 See TF-M: Provisioning image sample on how to provision the device for TF-M.
236123 " )
237124endif ()
238125
239- if (CONFIG_TFM_PSA_FRAMEWORK_HAS_MM_IOVEC )
240- set_property (TARGET zephyr_property_target
241- APPEND PROPERTY TFM_CMAKE_OPTIONS
242- -DPSA_FRAMEWORK_HAS_MM_IOVEC=ON
243- )
244- endif ()
245-
246126if (CONFIG_NFCT_PINS_AS_GPIOS OR CONFIG_TFM_NFCT_PINS_AS_GPIOS )
247127 set_property (TARGET zephyr_property_target
248128 APPEND PROPERTY TFM_CMAKE_OPTIONS
249129 -DCONFIG_NFCT_PINS_AS_GPIOS=ON
250130 )
251131endif ()
252132
253- if (CONFIG_TFM_CPU_FREQ_MHZ )
254- set_property (TARGET zephyr_property_target
255- APPEND PROPERTY TFM_CMAKE_OPTIONS
256- -DTFM_CPU_FREQ_MHZ=${CONFIG_TFM_CPU_FREQ_MHZ}
257- )
258- endif ()
259-
260- if (CONFIG_NRF_TRACE_PORT )
261- set_property (TARGET zephyr_property_target
262- APPEND PROPERTY TFM_CMAKE_OPTIONS
263- -DCONFIG_NRF_TRACE_PORT=${CONFIG_NRF_TRACE_PORT}
264- )
265- endif ()
266-
267- set_property (TARGET zephyr_property_target
268- APPEND PROPERTY TFM_CMAKE_OPTIONS
269- # Pass Zephyr Python to TF-M so both uses identical Python.
270- -DPython3_EXECUTABLE=${Python3_EXECUTABLE}
271- )
272-
273- # CONN_HANDLE_MAX_NUM is only needed if IPC mode is used
274- # The maximal number of secure services that are connected or requested at the same time
275- if (CONFIG_TFM_CONN_HANDLE_MAX_NUM )
276- set_property (TARGET zephyr_property_target
277- APPEND PROPERTY TFM_CMAKE_OPTIONS
278- -DCONFIG_TFM_DOORBELL_API=${CONFIG_TFM_CONN_HANDLE_MAX_NUM}
279- )
280- endif ()
281-
282- if (CONFIG_NRF_APPROTECT_LOCK )
283- set_property (TARGET zephyr_property_target
284- APPEND PROPERTY TFM_CMAKE_OPTIONS
285- -DCONFIG_NRF_APPROTECT_LOCK=ON
286- )
287- endif ()
288-
289- if (CONFIG_NRF_APPROTECT_USER_HANDLING )
290- set_property (TARGET zephyr_property_target
291- APPEND PROPERTY TFM_CMAKE_OPTIONS
292- -DCONFIG_NRF_APPROTECT_USER_HANDLING=ON
293- )
294- endif ()
295-
296- if (CONFIG_NRF_SECURE_APPROTECT_LOCK )
297- set_property (TARGET zephyr_property_target
298- APPEND PROPERTY TFM_CMAKE_OPTIONS
299- -DCONFIG_NRF_SECURE_APPROTECT_LOCK=ON
300- )
301- endif ()
302-
303- if (CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING )
304- set_property (TARGET zephyr_property_target
305- APPEND PROPERTY TFM_CMAKE_OPTIONS
306- -DCONFIG_NRF_SECURE_APPROTECT_USER_HANDLING=ON
307- )
308- endif ()
309-
310- if (CONFIG_IDENTITY_KEY_TFM )
311- set_property (TARGET zephyr_property_target
312- APPEND PROPERTY TFM_CMAKE_OPTIONS
313- -DCONFIG_IDENTITY_KEY_TFM=ON
314- )
315- endif ()
316-
317133zephyr_include_directories (${ZEPHYR_NRF_MODULE_DIR} /include/tfm )
318134
319135# Default values from config_base.h in TF-M.
@@ -365,20 +181,10 @@ set(CONFIG_TFM_DOORBELL_API ${CONFIG_TFM_DOORBELL_API})
365181configure_file (${CMAKE_CURRENT_SOURCE_DIR} /tfm_config.h.in
366182 ${CMAKE_CURRENT_BINARY_DIR} /tfm_config.h )
367183
368- set_property (TARGET zephyr_property_target
369- APPEND PROPERTY TFM_CMAKE_OPTIONS
370- -DPROJECT_CONFIG_HEADER_FILE=${CMAKE_CURRENT_BINARY_DIR}/tfm_config.h
371- )
372-
373184configure_file (${NRF_DIR} /subsys/nrf_security/configs/config_extra.cmake.in
374185 ${CMAKE_CURRENT_BINARY_DIR} /config_extra.cmake
375186)
376187
377- set_property (TARGET zephyr_property_target
378- APPEND PROPERTY TFM_CMAKE_OPTIONS
379- -DTFM_EXTRA_CONFIG_PATH= "${CMAKE_CURRENT_BINARY_DIR} /config_extra.cmake"
380- )
381-
382188set (BYPRODUCT_KERNEL_SIGNED_HEX_NAME "${CMAKE_BINARY_DIR} /zephyr/tfm_merged.hex"
383189 CACHE FILEPATH "Kernel hex file" FORCE
384190)
0 commit comments