diff --git a/arch/arm/core/aarch32/Kconfig b/arch/arm/core/aarch32/Kconfig index 2cd72950039..25ee5c3fd96 100644 --- a/arch/arm/core/aarch32/Kconfig +++ b/arch/arm/core/aarch32/Kconfig @@ -217,70 +217,6 @@ config ARM_NONSECURE_FIRMWARE resources of the Cortex-M MCU, and, therefore, it shall avoid accessing them. - -menu "ARM TrustZone Options" -depends on ARM_SECURE_FIRMWARE || ARM_NONSECURE_FIRMWARE - -comment "Secure firmware" - depends on ARM_SECURE_FIRMWARE - -comment "Non-secure firmware" - depends on !ARM_SECURE_FIRMWARE - -config ARM_SECURE_BUSFAULT_HARDFAULT_NMI - bool "BusFault, HardFault, and NMI target Secure state" - depends on ARM_SECURE_FIRMWARE - help - Force NMI, HardFault, and BusFault (in Mainline ARMv8-M) - exceptions as Secure exceptions. - -config ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS - bool "Secure Firmware has Secure Entry functions" - depends on ARM_SECURE_FIRMWARE - help - Option indicates that ARM Secure Firmware contains - Secure Entry functions that may be called from - Non-Secure state. Secure Entry functions must be - located in Non-Secure Callable memory regions. - -config ARM_NSC_REGION_BASE_ADDRESS - hex "ARM Non-Secure Callable Region base address" - depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS - default 0 - help - Start address of Non-Secure Callable section. - - Notes: - - The default value (i.e. when the user does not configure - the option explicitly) instructs the linker script to - place the Non-Secure Callable section, automatically, - inside the .text area. - - Certain requirements/restrictions may apply regarding - the size and the alignment of the starting address for - a Non-Secure Callable section, depending on the available - security attribution unit (SAU or IDAU) for a given SOC. - -config ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS - bool "Non-Secure Firmware uses Secure Entry functions" - depends on ARM_NONSECURE_FIRMWARE - help - Option indicates that ARM Non-Secure Firmware uses Secure - Entry functions provided by the Secure Firmware. The Secure - Firmware must be configured to provide these functions. - -config ARM_ENTRY_VENEERS_LIB_NAME - string "Entry Veneers symbol file" - depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS \ - || ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS - default "libentryveneers.a" - help - Library file to find the symbol table for the entry veneers. - The library will typically come from building the Secure - Firmware that contains secure entry functions, and allows - the Non-Secure Firmware to call into the Secure Firmware. - -endmenu - choice prompt "Floating point ABI" default FP_HARDABI @@ -304,8 +240,4 @@ endchoice rsource "cortex_m/Kconfig" rsource "cortex_r/Kconfig" -rsource "cortex_m/mpu/Kconfig" - -rsource "cortex_m/tz/Kconfig" - endif # !ARM64 diff --git a/arch/arm/core/aarch32/cortex_m/Kconfig b/arch/arm/core/aarch32/cortex_m/Kconfig index 49b737daef2..ceba210c859 100644 --- a/arch/arm/core/aarch32/cortex_m/Kconfig +++ b/arch/arm/core/aarch32/cortex_m/Kconfig @@ -279,4 +279,7 @@ config SW_VECTOR_RELAY endmenu +rsource "mpu/Kconfig" +rsource "tz/Kconfig" + endif # CPU_CORTEX_M diff --git a/arch/arm/core/aarch32/cortex_m/tz/Kconfig b/arch/arm/core/aarch32/cortex_m/tz/Kconfig index cc5ca3bfae1..07c9b29fb9e 100644 --- a/arch/arm/core/aarch32/cortex_m/tz/Kconfig +++ b/arch/arm/core/aarch32/cortex_m/tz/Kconfig @@ -9,3 +9,70 @@ config ARM_TRUSTZONE_M depends on ARMV8_M_SE help Platform has support for ARM TrustZone-M. + +if ARM_TRUSTZONE_M + +menu "ARM TrustZone-M Options" +depends on ARM_SECURE_FIRMWARE || ARM_NONSECURE_FIRMWARE + +comment "Secure firmware" + depends on ARM_SECURE_FIRMWARE + +comment "Non-secure firmware" + depends on !ARM_SECURE_FIRMWARE + +config ARM_SECURE_BUSFAULT_HARDFAULT_NMI + bool "BusFault, HardFault, and NMI target Secure state" + depends on ARM_SECURE_FIRMWARE + help + Force NMI, HardFault, and BusFault (in Mainline ARMv8-M) + exceptions as Secure exceptions. + +config ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS + bool "Secure Firmware has Secure Entry functions" + depends on ARM_SECURE_FIRMWARE + help + Option indicates that ARM Secure Firmware contains + Secure Entry functions that may be called from + Non-Secure state. Secure Entry functions must be + located in Non-Secure Callable memory regions. + +config ARM_NSC_REGION_BASE_ADDRESS + hex "ARM Non-Secure Callable Region base address" + depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS + default 0 + help + Start address of Non-Secure Callable section. + + Notes: + - The default value (i.e. when the user does not configure + the option explicitly) instructs the linker script to + place the Non-Secure Callable section, automatically, + inside the .text area. + - Certain requirements/restrictions may apply regarding + the size and the alignment of the starting address for + a Non-Secure Callable section, depending on the available + security attribution unit (SAU or IDAU) for a given SOC. + +config ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS + bool "Non-Secure Firmware uses Secure Entry functions" + depends on ARM_NONSECURE_FIRMWARE + help + Option indicates that ARM Non-Secure Firmware uses Secure + Entry functions provided by the Secure Firmware. The Secure + Firmware must be configured to provide these functions. + +config ARM_ENTRY_VENEERS_LIB_NAME + string "Entry Veneers symbol file" + depends on ARM_FIRMWARE_HAS_SECURE_ENTRY_FUNCS \ + || ARM_FIRMWARE_USES_SECURE_ENTRY_FUNCS + default "libentryveneers.a" + help + Library file to find the symbol table for the entry veneers. + The library will typically come from building the Secure + Firmware that contains secure entry functions, and allows + the Non-Secure Firmware to call into the Secure Firmware. + +endmenu + +endif # ARM_TRUSTZONE_M