tfm: Harded build against TF-M built with unsecure keys

Introduce Kconfig option in zephyr build system that reflects the TF-M
cmake config variable with the same default value for dummy provisioning
and have it satisfy the IAK present requirement.
This configuration is not suitable for production, and by having this
in zephyr configuration we can have this as part of the hardened
configuration check.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>

modules/trusted-firmware-m/CMakeLists.txt

@@ -95,6 +95,12 @@ if (CONFIG_BUILD_WITH_TFM)
     list(APPEND TFM_CMAKE_ARGS -DMCUBOOT_IMAGE_NUMBER=${CONFIG_TFM_MCUBOOT_IMAGE_NUMBER})
   endif()
 
+  if (CONFIG_TFM_DUMMY_PROVISIONING)
+    list(APPEND TFM_CMAKE_ARGS -DTFM_DUMMY_PROVISIONING=ON)
+  else()
+    list(APPEND TFM_CMAKE_ARGS -DTFM_DUMMY_PROVISIONING=OFF)
+  endif()
+
   if (CONFIG_TFM_EXCEPTION_INFO_DUMP)
     list(APPEND TFM_CMAKE_ARGS -DTFM_EXCEPTION_INFO_DUMP=ON)
   else()
@@ -580,4 +586,13 @@ if (CONFIG_BUILD_WITH_TFM)
       ${MERGED_FILE}
     )
   endif()
-endif()
+
+  if(CONFIG_TFM_DUMMY_PROVISIONING)
+    message(WARNING
+      "TFM_DUMMY_PROVISIONING is enabled:
+      The device will be provisioned using dummy keys and is NOT secure!
+      This is not suitable for production"
+      )
+  endif()
+
+endif() # CONFIG_BUILD_WITH_TFM

modules/trusted-firmware-m/Kconfig.tfm

@@ -180,6 +180,17 @@ config TFM_PARTITION_PLATFORM_CUSTOM_REBOOT
 	  Instead the application will have to override the weak ARM
 	  implementation of sys_arch_reset().
 
+config TFM_DUMMY_PROVISIONING
+	bool "Provision with dummy values. NOT to be used in production"
+	default y
+	help
+	  If this option is enabled (as it is by default), a set of dummy
+	  keys / data will be provisioned. The dummy IAK matches the IAK tested
+	  by the TF-M tests, and the dummy bl2 ROTPKs match the dummy bl2 keys
+	  used by default.
+	  This option MUST not be used in production hardware, as the keys are
+	  insecure.
+
 config TFM_BL2_NOT_SUPPORTED
 	bool
 	help