From c294069b7d547df9334249332e3a6273525511a6 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Tue, 21 May 2024 16:14:02 +0300 Subject: [PATCH] modules: tf-m: restore check on CONFIG_TFM_PARTITION_INITIAL_ATTESTATION Restore the check that was introduced in cd8d4ccad55544b38637632e747a3b00a8c01016 and removed in cac7f4058ff3668b67fdb2c972ee9bb2fee1bfb5, rather than checking only CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION in the tfm_psa_test sample. Signed-off-by: Tomi Fontanilles --- modules/trusted-firmware-m/CMakeLists.txt | 10 ++++++++++ modules/trusted-firmware-m/Kconfig.tfm | 1 + modules/trusted-firmware-m/Kconfig.tfm.partitions | 1 - samples/tfm_integration/tfm_psa_test/CMakeLists.txt | 11 ----------- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/modules/trusted-firmware-m/CMakeLists.txt b/modules/trusted-firmware-m/CMakeLists.txt index f3bfc574cc0..0824a758902 100644 --- a/modules/trusted-firmware-m/CMakeLists.txt +++ b/modules/trusted-firmware-m/CMakeLists.txt @@ -199,6 +199,16 @@ if (CONFIG_BUILD_WITH_TFM) message(FATAL_ERROR "Unsupported ZEPHYR_TOOLCHAIN_VARIANT: ${ZEPHYR_TOOLCHAIN_VARIANT}") endif() + if (CONFIG_TFM_PARTITION_INITIAL_ATTESTATION AND CONFIG_TFM_QCBOR_PATH STREQUAL "") + # TODO: Remove this when QCBOR licensing issues w/t_cose have been resolved, + # or only allow it when 'QCBOR_PATH' is set to a local path where QCBOR has + # been manually downloaded by the user before starting the build. + message(FATAL_ERROR "CONFIG_TFM_PARTITION_INITIAL_ATTESTATION is not available " + "with TF-M due to licensing issues with a dependent library. This " + "restriction will be removed once licensing issues have been resolved." + ) + endif() + string(REPLACE "toolchain" "toolchain_ns" TFM_TOOLCHAIN_NS_FILE ${TFM_TOOLCHAIN_FILE}) if(CONFIG_BOARD_LPCXPRESSO55S69_LPC55S69_CPU0_NS) diff --git a/modules/trusted-firmware-m/Kconfig.tfm b/modules/trusted-firmware-m/Kconfig.tfm index e8f860fa2f6..3f3fbfff161 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm +++ b/modules/trusted-firmware-m/Kconfig.tfm @@ -393,6 +393,7 @@ config TFM_PSA_TEST_STORAGE config TFM_PSA_TEST_INITIAL_ATTESTATION bool "Initial attestation tests" depends on MAIN_STACK_SIZE >= 4096 + select TFM_PARTITION_INITIAL_ATTESTATION help Enable the PSA Initial Attestation test suite. diff --git a/modules/trusted-firmware-m/Kconfig.tfm.partitions b/modules/trusted-firmware-m/Kconfig.tfm.partitions index 67b46f5328b..1e45ad144ca 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm.partitions +++ b/modules/trusted-firmware-m/Kconfig.tfm.partitions @@ -45,7 +45,6 @@ config TFM_PARTITION_INITIAL_ATTESTATION bool "Secure partition 'Initial Attestation'" depends on TFM_PARTITION_CRYPTO depends on TFM_INITIAL_ATTESTATION_KEY - default n help Setting this option will cause '-DTFM_PARTITION_INITIAL_ATTESTATION' to be passed to the TF-M build system. Look at 'config_default.cmake' diff --git a/samples/tfm_integration/tfm_psa_test/CMakeLists.txt b/samples/tfm_integration/tfm_psa_test/CMakeLists.txt index f195f0d79d0..03f55dccad1 100644 --- a/samples/tfm_integration/tfm_psa_test/CMakeLists.txt +++ b/samples/tfm_integration/tfm_psa_test/CMakeLists.txt @@ -24,17 +24,6 @@ get_target_property(TFM_TOOLCHAIN_NS_FILE tfm TFM_TOOLCHAIN_NS_FILE) set(TFM_TEST_REPO_PATH ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/../tf-m-tests) set(PSA_ARCH_TESTS_PATH ${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/../psa-arch-tests) -if (CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION AND CONFIG_TFM_QCBOR_PATH STREQUAL "") -# TODO: Remove this when QCBOR licensing issues w/t_cose have been resolved, -# or only allow it when 'QCBOR_PATH' is set to a local path where QCBOR has -# been manually downloaded by the user before starting the build. -message(FATAL_ERROR "CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION is not available " - "with TF-M due to licensing issues with a dependent library. This " - "restriction will be removed once licensing issues have been resolved." - ) -endif() - - set(TFM_TEST_DIR "${TFM_TEST_REPO_PATH}/tests_psa_arch/spe/partitions") set(PSA_ARCH_TESTS_CONFIG_FILE "${TFM_TEST_REPO_PATH}/tests_psa_arch/spe/config/config_test_psa_api.cmake") if (CONFIG_TFM_PSA_TEST_CRYPTO)