modules: tf-m: Add Kconfig option for older PS format

TF-M recently added a new format for the protected storage data.
In order to keep backwards compatibility it added the configuration
TFM_PS_SUPPORT_FORMAT_TRANSITION to allow new versions of TF-M to read
the older data format.

This allows the option to be selected as a Kconfig option
in sdk-nrf.

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

modules/trusted-firmware-m/CMakeLists.txt

@@ -85,6 +85,8 @@ set_property(TARGET zephyr_property_target
   $<$<BOOL:${CONFIG_NRF_SECURE_APPROTECT_LOCK}>:-DCONFIG_NRF_SECURE_APPROTECT_LOCK=ON>
   $<$<BOOL:${CONFIG_NRF_SECURE_APPROTECT_USER_HANDLING}>:-DCONFIG_NRF_SECURE_APPROTECT_USER_HANDLING=ON>
   $<$<BOOL:${CONFIG_IDENTITY_KEY_TFM}>:-DCONFIG_IDENTITY_KEY_TFM=ON>
+  $<$<BOOL:${CONFIG_TFM_PS_SUPPORT_FORMAT_TRANSITION}>:-DPS_SUPPORT_FORMAT_TRANSITION=ON>
+
 )
 
 if(CONFIG_TFM_PROFILE_TYPE_MINIMAL)

modules/trusted-firmware-m/Kconfig

@@ -286,6 +286,16 @@ config TFM_PS_STACK_SIZE
 	default 0x1200 if TFM_PS_NUM_ASSETS > 70
 	default 0xC00 if TFM_PS_NUM_ASSETS > 30
 	default 0x700
+
+config TFM_PS_SUPPORT_FORMAT_TRANSITION
+	bool "Allow reading Protected Storage data from TF-M versions prior to 2.2"
+	help
+	  TF-M version 2.2 introduced a new storage format for the Protected Storage
+	  data. To avoid breaking firmware upgrades to version 2.2 TF-M allows reading
+	  the Protected Storage data stored with earlier versions using this configuration.
+	  This is relevant for TF-M enabled applications built with NCS version 3.1 and prior
+	  that want to perform a firmware upgrade to NCS version 3.2 onwards.
+
 endmenu
 
 # Copied from secure_fw/spm/Kconfig, removed CONFIG prefix