boards: Enable TF-M by default for nordic SoC NS boards

Enable TF-M by default for nordic nRF5340 and nrf9160 SoC boards.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>

boards/arm/bl5340_dvk/Kconfig.defconfig

@@ -13,21 +13,6 @@ config BOARD
 config I2C
 	default GPIO || DAC
 
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default y if BOARD_BL5340_DVK_CPUAPP_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default y
-
-endif # BUILD_WITH_TFM
-
 # Code Partition:
 #
 # For the secure version of the board the firmware is linked at the beginning

boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig

@@ -8,21 +8,6 @@ if  BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS
 config BOARD
 	default "nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS
 
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default y if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default y
-
-endif # BUILD_WITH_TFM
-
 # Code Partition:
 #
 # For the secure version of the board the firmware is linked at the beginning

boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig

@@ -8,21 +8,6 @@ if BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160_NS
 config BOARD
 	default "nrf9160dk_nrf9160"
 
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default y if BOARD_NRF9160DK_NRF9160_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default y
-
-endif # BUILD_WITH_TFM
-
 # For the secure version of the board the firmware is linked at the beginning
 # of the flash, or into the code-partition defined in DT if it is intended to
 # be loaded by MCUboot. If the secure firmware is to be combined with a non-

boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig

@@ -8,21 +8,6 @@ if BOARD_NRF9161DK_NRF9161 || BOARD_NRF9161DK_NRF9161_NS
 config BOARD
 	default "nrf9161dk_nrf9161"
 
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default y if BOARD_NRF9161DK_NRF9161_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default y
-
-endif # BUILD_WITH_TFM
-
 # For the secure version of the board the firmware is linked at the beginning
 # of the flash, or into the code-partition defined in DT if it is intended to
 # be loaded by MCUboot. If the secure firmware is to be combined with a non-

boards/arm/raytac_mdbt53_db_40_nrf5340/Kconfig.defconfig

@@ -8,21 +8,6 @@ if  BOARD_RAYTAC_MDBT53_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53_DB_40_NRF534
 config BOARD
 	default "raytac_mdbt53_db_40_nrf5340_cpuapp"
 
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default n if BOARD_RAYTAC_MDBT53_DB_40_NRF5340_CPUAPP_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default n
-
-endif # BUILD_WITH_TFM
-
 # Code Partition:
 #
 # For the secure version of the board the firmware is linked at the beginning

boards/arm/raytac_mdbt53v_db_40_nrf5340/Kconfig.defconfig

@@ -7,20 +7,6 @@ if  BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53V_DB_40_NRF5
 
 config BOARD
 	default "raytac_mdbt53v_db_40_nrf5340_cpuapp" if BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP_NS
-# By default, if we build for a Non-Secure version of the board,
-# enable building with TF-M as the Secure Execution Environment.
-config BUILD_WITH_TFM
-	default n if BOARD_BL5340_DVK_CPUAPP_NS
-
-if BUILD_WITH_TFM
-
-# By default, if we build with TF-M, instruct build system to
-# flash the combined TF-M (Secure) & Zephyr (Non Secure) image
-config TFM_FLASH_MERGED_BINARY
-	bool
-	default n
-
-endif # BUILD_WITH_TFM
 
 # Code Partition:
 #

soc/arm/nordic_nrf/Kconfig

@@ -25,13 +25,29 @@ config NRF_SOC_SECURE_SUPPORTED
 	  For non-secure the functions must redirect to secure services exposed
 	  by the secure firmware.
 
+config BUILD_WITH_TFM
+	default y if TRUSTED_EXECUTION_NONSECURE
+	help
+	  By default, if we build for a Non-Secure version of the board,
+	  enable building with TF-M as the Secure Execution Environment.
+
+if BUILD_WITH_TFM
+
+config TFM_FLASH_MERGED_BINARY
+	default y
+	help
+	  By default, if we build with TF-M, instruct build system to
+	  flash the combined TF-M (Secure) & Zephyr (Non Secure) image
+
 config TFM_LOG_LEVEL_SILENCE
 	default y if !$(dt_nodelabel_has_prop,uart1,pinctrl-names)
-	depends on BUILD_WITH_TFM
 	help
 	  Disable TF-M secure output if the uart1 node has not assigned GPIO
 	  pins using pinctrl.
 
+endif # BUILD_WITH_TFM
+
+
 config NRF_MPU_FLASH_REGION_SIZE
 	hex
 	default 0x1000