From 17fd1f8fba3bd862c53ca98f618ac574efef58dd Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Thu, 5 May 2022 12:04:26 +0200 Subject: [PATCH] boards: Enable TF-M by default for nordic SoC NS boards Enable TF-M by default for nordic nRF5340 and nrf9160 SoC boards. Signed-off-by: Joakim Andersson --- boards/arm/bl5340_dvk/Kconfig.defconfig | 15 --------------- boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig | 15 --------------- boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig | 15 --------------- boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig | 15 --------------- .../Kconfig.defconfig | 15 --------------- .../Kconfig.defconfig | 14 -------------- soc/arm/nordic_nrf/Kconfig | 18 +++++++++++++++++- 7 files changed, 17 insertions(+), 90 deletions(-) diff --git a/boards/arm/bl5340_dvk/Kconfig.defconfig b/boards/arm/bl5340_dvk/Kconfig.defconfig index 38a06c8b91d..e033f718dba 100644 --- a/boards/arm/bl5340_dvk/Kconfig.defconfig +++ b/boards/arm/bl5340_dvk/Kconfig.defconfig @@ -13,21 +13,6 @@ config BOARD config I2C default GPIO || DAC -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default y if BOARD_BL5340_DVK_CPUAPP_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default y - -endif # BUILD_WITH_TFM - # Code Partition: # # For the secure version of the board the firmware is linked at the beginning diff --git a/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig b/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig index d337e2f1a1c..09ebfbf50ba 100644 --- a/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig +++ b/boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig @@ -8,21 +8,6 @@ if BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS config BOARD default "nrf5340dk_nrf5340_cpuapp" if BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default y if BOARD_NRF5340DK_NRF5340_CPUAPP_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default y - -endif # BUILD_WITH_TFM - # Code Partition: # # For the secure version of the board the firmware is linked at the beginning diff --git a/boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig b/boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig index cd052dc7a20..7d9046f63b5 100644 --- a/boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig +++ b/boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig @@ -8,21 +8,6 @@ if BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160_NS config BOARD default "nrf9160dk_nrf9160" -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default y if BOARD_NRF9160DK_NRF9160_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default y - -endif # BUILD_WITH_TFM - # For the secure version of the board the firmware is linked at the beginning # of the flash, or into the code-partition defined in DT if it is intended to # be loaded by MCUboot. If the secure firmware is to be combined with a non- diff --git a/boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig b/boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig index 2674e87cad4..ea7150ede5f 100644 --- a/boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig +++ b/boards/arm/nrf9161dk_nrf9161/Kconfig.defconfig @@ -8,21 +8,6 @@ if BOARD_NRF9161DK_NRF9161 || BOARD_NRF9161DK_NRF9161_NS config BOARD default "nrf9161dk_nrf9161" -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default y if BOARD_NRF9161DK_NRF9161_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default y - -endif # BUILD_WITH_TFM - # For the secure version of the board the firmware is linked at the beginning # of the flash, or into the code-partition defined in DT if it is intended to # be loaded by MCUboot. If the secure firmware is to be combined with a non- diff --git a/boards/arm/raytac_mdbt53_db_40_nrf5340/Kconfig.defconfig b/boards/arm/raytac_mdbt53_db_40_nrf5340/Kconfig.defconfig index a0a59dc13ab..103bc77168e 100644 --- a/boards/arm/raytac_mdbt53_db_40_nrf5340/Kconfig.defconfig +++ b/boards/arm/raytac_mdbt53_db_40_nrf5340/Kconfig.defconfig @@ -8,21 +8,6 @@ if BOARD_RAYTAC_MDBT53_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53_DB_40_NRF534 config BOARD default "raytac_mdbt53_db_40_nrf5340_cpuapp" -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default n if BOARD_RAYTAC_MDBT53_DB_40_NRF5340_CPUAPP_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default n - -endif # BUILD_WITH_TFM - # Code Partition: # # For the secure version of the board the firmware is linked at the beginning diff --git a/boards/arm/raytac_mdbt53v_db_40_nrf5340/Kconfig.defconfig b/boards/arm/raytac_mdbt53v_db_40_nrf5340/Kconfig.defconfig index 54c3d6cccf0..1639553b37e 100644 --- a/boards/arm/raytac_mdbt53v_db_40_nrf5340/Kconfig.defconfig +++ b/boards/arm/raytac_mdbt53v_db_40_nrf5340/Kconfig.defconfig @@ -7,20 +7,6 @@ if BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53V_DB_40_NRF5 config BOARD default "raytac_mdbt53v_db_40_nrf5340_cpuapp" if BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP || BOARD_RAYTAC_MDBT53V_DB_40_NRF5340_CPUAPP_NS -# By default, if we build for a Non-Secure version of the board, -# enable building with TF-M as the Secure Execution Environment. -config BUILD_WITH_TFM - default n if BOARD_BL5340_DVK_CPUAPP_NS - -if BUILD_WITH_TFM - -# By default, if we build with TF-M, instruct build system to -# flash the combined TF-M (Secure) & Zephyr (Non Secure) image -config TFM_FLASH_MERGED_BINARY - bool - default n - -endif # BUILD_WITH_TFM # Code Partition: # diff --git a/soc/arm/nordic_nrf/Kconfig b/soc/arm/nordic_nrf/Kconfig index 0e3b3e4ee6d..19e49c05454 100644 --- a/soc/arm/nordic_nrf/Kconfig +++ b/soc/arm/nordic_nrf/Kconfig @@ -25,13 +25,29 @@ config NRF_SOC_SECURE_SUPPORTED For non-secure the functions must redirect to secure services exposed by the secure firmware. +config BUILD_WITH_TFM + default y if TRUSTED_EXECUTION_NONSECURE + help + By default, if we build for a Non-Secure version of the board, + enable building with TF-M as the Secure Execution Environment. + +if BUILD_WITH_TFM + +config TFM_FLASH_MERGED_BINARY + default y + help + By default, if we build with TF-M, instruct build system to + flash the combined TF-M (Secure) & Zephyr (Non Secure) image + config TFM_LOG_LEVEL_SILENCE default y if !$(dt_nodelabel_has_prop,uart1,pinctrl-names) - depends on BUILD_WITH_TFM help Disable TF-M secure output if the uart1 node has not assigned GPIO pins using pinctrl. +endif # BUILD_WITH_TFM + + config NRF_MPU_FLASH_REGION_SIZE hex default 0x1000