:orphan:

.. title:: CONFIG_BUILD_WITH_TFM

.. kconfig:: CONFIG_BUILD_WITH_TFM

CONFIG_BUILD_WITH_TFM
#####################

*Build with TF-M as the Secure Execution Environment*

Type: ``bool``

Help
====

.. code-block:: none

    When enabled, this option instructs the Zephyr build process to
    additionally generate a TF-M image for the Secure Execution
    environment, along with the Zephyr image. The Zephyr image
    itself is to be executed in the Non-Secure Processing Environment.
    The required dependency on TRUSTED_EXECUTION_NONSECURE
    ensures that the Zephyr image is built as a Non-Secure image. Both
    TF-M and Zephyr images, as well as the veneer object file that links
    them, are generated during the normal Zephyr build process.

    Notes:
      Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
          ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.

      By default we allow Zephyr preemptible threads be preempted
      while performing a secure function call.

Direct dependencies
===================

\ :kconfig:`BOARD_BL5340_DVK_CPUAPP <CONFIG_BOARD_BL5340_DVK_CPUAPP>` || \ :kconfig:`BOARD_BL5340_DVK_CPUAPP_NS <CONFIG_BOARD_BL5340_DVK_CPUAPP_NS>` || \ :kconfig:`BOARD_MPS2_AN521_CPU0 <CONFIG_BOARD_MPS2_AN521_CPU0>` || \ :kconfig:`BOARD_MPS2_AN521_CPU0_NS <CONFIG_BOARD_MPS2_AN521_CPU0_NS>` || \ :kconfig:`BOARD_MPS2_AN521_CPU1 <CONFIG_BOARD_MPS2_AN521_CPU1>` || \ :kconfig:`BOARD_NRF5340DK_NRF5340_CPUAPP <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPP>` || \ :kconfig:`BOARD_NRF5340DK_NRF5340_CPUAPP_NS <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPP_NS>` || \ :kconfig:`BOARD_NRF9160DK_NRF9160 <CONFIG_BOARD_NRF9160DK_NRF9160>` || \ :kconfig:`BOARD_NRF9160DK_NRF9160_NS <CONFIG_BOARD_NRF9160DK_NRF9160_NS>` || (\ :kconfig:`TRUSTED_EXECUTION_NONSECURE <CONFIG_TRUSTED_EXECUTION_NONSECURE>` && \ :kconfig:`TFM_BOARD <CONFIG_TFM_BOARD>` != "" && \ :kconfig:`ARM_TRUSTZONE_M <CONFIG_ARM_TRUSTZONE_M>` && 0)

*(Includes any dependencies from ifs and menus.)*

Defaults
========

- y if \ :kconfig:`BOARD_BL5340_DVK_CPUAPP_NS <CONFIG_BOARD_BL5340_DVK_CPUAPP_NS>`
- y if \ :kconfig:`TRUSTED_EXECUTION_NONSECURE <CONFIG_TRUSTED_EXECUTION_NONSECURE>`
- y if \ :kconfig:`BOARD_NRF5340DK_NRF5340_CPUAPP_NS <CONFIG_BOARD_NRF5340DK_NRF5340_CPUAPP_NS>`
- y if \ :kconfig:`BOARD_NRF9160DK_NRF9160_NS <CONFIG_BOARD_NRF9160DK_NRF9160_NS>`

Symbols selected by this symbol
===============================

- \ :kconfig:`BUILD_OUTPUT_HEX <CONFIG_BUILD_OUTPUT_HEX>`

Symbols implied by this symbol
==============================

- \ :kconfig:`INIT_ARCH_HW_AT_BOOT <CONFIG_INIT_ARCH_HW_AT_BOOT>`
- \ :kconfig:`ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS <CONFIG_ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS>`

Kconfig definitions
===================



At ``<Zephyr Boards>/arm/bl5340_dvk/Kconfig.defconfig:28``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:22``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_BL5340_DVK_CPUAPP_NS
    	depends on BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS

----

At ``<Zephyr Boards>/arm/mps2_an521/Kconfig.defconfig:21``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:22``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if TRUSTED_EXECUTION_NONSECURE
    	depends on BOARD_MPS2_AN521_CPU0 || BOARD_MPS2_AN521_CPU0_NS || BOARD_MPS2_AN521_CPU1

----

At ``<Zephyr Boards>/arm/nrf5340dk_nrf5340/Kconfig.defconfig:14``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:22``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
    	depends on BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS

----

At ``<Zephyr Boards>/arm/nrf9160dk_nrf9160/Kconfig.defconfig:14``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:22``

Menu path: (Top)

.. code-block:: kconfig

    config BUILD_WITH_TFM
    	bool
    	default y if BOARD_NRF9160DK_NRF9160_NS
    	depends on BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160_NS

----

At ``<External Modules>/trusted-firmware-m/Kconfig.tfm:25``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:33`` → ``<External Modules>/Kconfig:74`` → ``<External Modules>/trusted-firmware-m/Kconfig:7``

Menu path: (Top) → Modules

.. code-block:: kconfig

    menuconfig BUILD_WITH_TFM
    	bool "Build with TF-M as the Secure Execution Environment"
    	select BUILD_OUTPUT_HEX
    	imply INIT_ARCH_HW_AT_BOOT
    	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    	depends on TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && 0
    	help
    	  When enabled, this option instructs the Zephyr build process to
    	  additionally generate a TF-M image for the Secure Execution
    	  environment, along with the Zephyr image. The Zephyr image
    	  itself is to be executed in the Non-Secure Processing Environment.
    	  The required dependency on TRUSTED_EXECUTION_NONSECURE
    	  ensures that the Zephyr image is built as a Non-Secure image. Both
    	  TF-M and Zephyr images, as well as the veneer object file that links
    	  them, are generated during the normal Zephyr build process.
	  
    	  Notes:
    	    Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
    	        ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.
	  
    	    By default we allow Zephyr preemptible threads be preempted
    	    while performing a secure function call.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*