tfm: Add option to enable the SFN model

Add option to enable the SFN model when building TF-M. The SFN model will eventually replace the Library model. Change the default model to be IPC, which follows the default configuration of TF-M. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2022-09-22 16:47:21 +02:00 · 2022-09-22 16:47:21 +02:00 · 3abcc19fd7
commit 3abcc19fd7
parent 63e45c8c7b
3 changed files with 59 additions and 13 deletions
--- a/modules/trusted-firmware-m/CMakeLists.txt
+++ b/modules/trusted-firmware-m/CMakeLists.txt
@ -31,12 +31,17 @@ set(TFM_CRYPTO_MODULES


 if (CONFIG_BUILD_WITH_TFM)
-  if (CONFIG_TFM_IPC)
+  if (CONFIG_TFM_LIBRARY)
+    list(APPEND TFM_CMAKE_ARGS -DTFM_LIB_MODEL=ON)
+  else()
    list(APPEND TFM_CMAKE_ARGS -DTFM_LIB_MODEL=OFF)
    # PSA API awareness for the Non-Secure application
    target_compile_definitions(app PRIVATE "TFM_PSA_API")
-  else()
-    list(APPEND TFM_CMAKE_ARGS -DTFM_LIB_MODEL=ON)
+    if (CONFIG_TFM_SFN)
+      list(APPEND TFM_CMAKE_ARGS -DCONFIG_TFM_SPM_BACKEND="SFN")
+    else() # CONFIG_TFM_IPC
+      list(APPEND TFM_CMAKE_ARGS -DCONFIG_TFM_SPM_BACKEND="IPC")
+    endif()
  endif()
  if (CONFIG_TFM_REGRESSION_S)
    list(APPEND TFM_CMAKE_ARGS -DTEST_S=ON)
@ -372,7 +377,7 @@ if (CONFIG_BUILD_WITH_TFM)
  endif()

  if(NOT CONFIG_TFM_BUILD_NS)
-    if(CONFIG_TFM_IPC)
+    if(CONFIG_TFM_IPC OR CONFIG_TFM_SFN)
      zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PLATFORM                 ${TFM_INTERFACE_SOURCE_DIR}/tfm_platform_ipc_api.c)
      zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_PROTECTED_STORAGE        ${TFM_INTERFACE_SOURCE_DIR}/tfm_ps_ipc_api.c)
      zephyr_library_sources_ifdef(CONFIG_TFM_PARTITION_INTERNAL_TRUSTED_STORAGE ${TFM_INTERFACE_SOURCE_DIR}/tfm_its_ipc_api.c)
--- a/modules/trusted-firmware-m/Kconfig.tfm
+++ b/modules/trusted-firmware-m/Kconfig.tfm
@ -276,14 +276,50 @@ config TFM_MCUBOOT_DATA_SHARING

 endif # TFM_BL2

-config TFM_IPC
-	bool "IPC" if TFM_PROFILE_TYPE_NOT_SET
-	default y if (TFM_PROFILE_TYPE_MEDIUM || TFM_PROFILE_TYPE_LARGE)
+choice TFM_MODEL
+	prompt "TF-M Firmware Framework model"
+	default TFM_IPC
 	help
-	  When enabled, this option signifies that the TF-M build supports
-	  the PSA API (IPC mode) instead of the secure library mode. When
-	  TF-M Profile option is supplied, do not allow manual setting of
-	  the IPC mode, as it is determined by the profile setting.
+	  The Firmware Framework M (FF-M) provides different programming models
+	  for Secure Partitions.
+
+config TFM_LIBRARY
+	bool "Library Model"
+	help
+	  Use the library model instead of PSA API.
+
+	  The library model conforms to the PSA Firmware Framework for M (FF-M)
+	  v1.0.
+
+	  NOTE: The Library Model will be removed and replaced by the SFN model.
+
+config TFM_IPC
+	bool "IPC Model"
+	help
+	  Use the IPC Model as the SPM backend for the PSA API.
+	  The IPC model supports the IPC and SFN Partition models, and
+	  isolation levels 1, 2 and 3.
+
+	  In this model each Secure Partition processes signals in any order,
+	  and can defer responding to a message while continuing to process
+	  other signals.
+
+	  The IPC model conforms to the PSA Firmware Framework for M (FF-M)
+	  v1.1.
+
+config TFM_SFN
+	bool "SFN model"
+	help
+	  Use the SFN Model as the SPM backend for the PSA API.
+	  The SFN model supports the SFN Partition model, and isolation level 1.
+
+	  In this model each Secure Partition is made up of a collection of
+	  callback functions which implement secure services.
+
+	  The SFN model conforms to the PSA Firmware Framework for M (FF-M)
+	  v1.1.
+
+endchoice # TFM_MODEL

 config TFM_REGRESSION_S
 	bool "TF-M Secure Regression tests"
--- a/modules/trusted-firmware-m/Kconfig.tfm.partitions
+++ b/modules/trusted-firmware-m/Kconfig.tfm.partitions
@ -7,6 +7,9 @@ if BUILD_WITH_TFM

 config TFM_PARTITION_PROTECTED_STORAGE
 	bool "Secure partition 'Protected Storage'"
+	depends on TFM_PARTITION_PLATFORM # Specfically TFM_SP_PLATFORM_NV_COUNTER service
+	depends on TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
+	depends on TFM_PARTITION_CRYPTO
 	default y
 	help
 	  Setting this option will cause '-DTFM_PARTITION_PROTECTED_STORAGE'
@ -40,6 +43,7 @@ config TFM_PARTITION_CRYPTO

 config TFM_PARTITION_INITIAL_ATTESTATION
 	bool "Secure partition 'Initial Attestation'"
+	depends on TFM_PARTITION_CRYPTO
 	default y
 	help
 	  Setting this option will cause '-DTFM_PARTITION_INITIAL_ATTESTATION'
@ -52,6 +56,7 @@ config TFM_PARTITION_INITIAL_ATTESTATION
 config TFM_PARTITION_PLATFORM
 	bool "Secure partition 'Platform'"
 	default y
+	depends on !TFM_SFN # Currently using PSA Framework version 1.0
 	help
 	  Setting this option will cause '-DTFM_PARTITION_PLATFORM'
 	  to be passed to the TF-M build system. Look at 'config_default.cmake'
@ -61,8 +66,8 @@ config TFM_PARTITION_PLATFORM
 	  repository.

 config TFM_PARTITION_AUDIT_LOG
-	bool "Secure partition 'Audit Log'" if !TFM_IPC
-	depends on !TFM_IPC
+	bool "Secure partition 'Audit Log'"
+	depends on TFM_LIBRARY
 	default y
 	help
 	  Setting this option will cause '-DTFM_PARTITION_AUDIT_LOG'