:orphan:

.. title:: BUILD_WITH_TFM

.. option:: CONFIG_BUILD_WITH_TFM

*Build with TF-M as the Secure Execution Environment*

Type: ``bool``

Help
====

.. code-block:: none

    When enabled, this option instructs the Zephyr build process to
    additionaly generate a TF-M image for the Secure Execution
    environment, along with the Zephyr image. The Zephyr image
    itself is to be executed in the Non-Secure Processing Environment.
    The required dependency on TRUSTED_EXECUTION_NONSECURE
    ensures that the Zephyr image is built as a Non-Secure image. Both
    TF-M and Zephyr images, as well as the veneer object file that links
    them, are generated during the normal Zephyr build process.

    Notes:
      Building with the "_nonsecure" BOARD variant (e.g.
      "mps2_an521_nonsecure") ensures that
      CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.

      By default we allow Zephyr preemptible threads be preempted
      while performing a secure function call.

Direct dependencies
===================

\ :option:`BOARD_BL5340_DVK_CPUAPP <CONFIG_BOARD_BL5340_DVK_CPUAPP>` || \ :option:`BOARD_BL5340_DVK_CPUAPPNS <CONFIG_BOARD_BL5340_DVK_CPUAPPNS>` || \ :option:`BOARD_MPS2_AN521 <CONFIG_BOARD_MPS2_AN521>` || \ :option:`BOARD_NRF5340DK_NRF5340_CPUAPP <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPP>` || \ :option:`BOARD_NRF5340DK_NRF5340_CPUAPPNS <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPPNS>` || \ :option:`BOARD_NRF9160DK_NRF9160 <CONFIG_BOARD_NRF9160DK_NRF9160>` || \ :option:`BOARD_NRF9160DK_NRF9160NS <CONFIG_BOARD_NRF9160DK_NRF9160NS>` || (\ :option:`TRUSTED_EXECUTION_NONSECURE <CONFIG_TRUSTED_EXECUTION_NONSECURE>` && \ :option:`TFM_BOARD <CONFIG_TFM_BOARD>` != "" && \ :option:`ARM_TRUSTZONE_M <CONFIG_ARM_TRUSTZONE_M>` && 0)

*(Includes any dependencies from ifs and menus.)*

Defaults
========

- y if \ :option:`BOARD_BL5340_DVK_CPUAPPNS <CONFIG_BOARD_BL5340_DVK_CPUAPPNS>`
- y if \ :option:`TRUSTED_EXECUTION_NONSECURE <CONFIG_TRUSTED_EXECUTION_NONSECURE>`
- y if \ :option:`BOARD_NRF5340DK_NRF5340_CPUAPPNS <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPPNS>`
- y if \ :option:`BOARD_NRF9160DK_NRF9160NS <CONFIG_BOARD_NRF9160DK_NRF9160NS>`

Symbols selected by this symbol
===============================

- \ :option:`BUILD_OUTPUT_HEX <CONFIG_BUILD_OUTPUT_HEX>`

Symbols implied by this symbol
==============================

- \ :option:`INIT_ARCH_HW_AT_BOOT <CONFIG_INIT_ARCH_HW_AT_BOOT>`
- \ :option:`ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS <CONFIG_ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS>`

Kconfig definitions
===================



At ``<Zephyr Boards>/arm/bl5340_dvk/Kconfig.defconfig:28``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:18``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_BL5340_DVK_CPUAPPNS
    	depends on BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPPNS

----

At ``<Zephyr Boards>/arm/mps2_an521/Kconfig.defconfig:20``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:18``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if TRUSTED_EXECUTION_NONSECURE
    	depends on BOARD_MPS2_AN521

----

At ``<Zephyr Boards>/arm/nrf5340dk_nrf5340/Kconfig.defconfig:14``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:18``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_NRF5340DK_NRF5340_CPUAPPNS
    	depends on BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS

----

At ``<Zephyr Boards>/arm/nrf9160dk_nrf9160/Kconfig.defconfig:14``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:18``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_NRF9160DK_NRF9160NS
    	depends on BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160NS

----

At ``<External Modules>/trusted-firmware-m/Kconfig:25``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:23`` → ``<External Modules>/Kconfig:66``

Menu path: (Top) → Modules

.. code-block:: kconfig

    menuconfig BUILD_WITH_TFM
    	bool "Build with TF-M as the Secure Execution Environment"
    	select BUILD_OUTPUT_HEX
    	imply INIT_ARCH_HW_AT_BOOT
    	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    	depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && 0
    	help
    	  When enabled, this option instructs the Zephyr build process to
    	  additionaly generate a TF-M image for the Secure Execution
    	  environment, along with the Zephyr image. The Zephyr image
    	  itself is to be executed in the Non-Secure Processing Environment.
    	  The required dependency on TRUSTED_EXECUTION_NONSECURE
    	  ensures that the Zephyr image is built as a Non-Secure image. Both
    	  TF-M and Zephyr images, as well as the veneer object file that links
    	  them, are generated during the normal Zephyr build process.
	  
    	  Notes:
    	    Building with the "_nonsecure" BOARD variant (e.g.
    	    "mps2_an521_nonsecure") ensures that
    	    CONFIG_TRUSTED_EXECUTION_NONSECURE ie enabled.
	  
    	    By default we allow Zephyr preemptible threads be preempted
    	    while performing a secure function call.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*