:orphan:

.. title:: CONFIG_TFM_KEY_FILE_NS

.. kconfig:: CONFIG_TFM_KEY_FILE_NS

CONFIG_TFM_KEY_FILE_NS
######################

*Path to private key used to sign non-secure firmware images.*

Type: ``string``

Help
====

.. code-block:: none

    The path and filename for the .pem file containing the private key
    that should be used by the BL2 bootloader when signing non-secure
    firmware images.

Direct dependencies
===================

\ :kconfig:`BUILD_WITH_TFM <CONFIG_BUILD_WITH_TFM>` && \ :kconfig:`BUILD_WITH_TFM <CONFIG_BUILD_WITH_TFM>` && 0

*(Includes any dependencies from ifs and menus.)*

Default
=======

- "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem"

Kconfig definition
==================



At ``<External Modules>/trusted-firmware-m/Kconfig.tfm:63``

Included via ``Kconfig:8`` → ``Kconfig.zephyr:33`` → ``<External Modules>/Kconfig:80`` → ``<External Modules>/trusted-firmware-m/Kconfig:7``

Menu path: (Top) → Modules → Build with TF-M as the Secure Execution Environment

.. code-block:: kconfig

    config TFM_KEY_FILE_NS
    	string "Path to private key used to sign non-secure firmware images."
    	default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
    	depends on BUILD_WITH_TFM && BUILD_WITH_TFM && 0
    	help
    	  The path and filename for the .pem file containing the private key
    	  that should be used by the BL2 bootloader when signing non-secure
    	  firmware images.

*(The 'depends on' condition includes propagated dependencies from ifs and menus.)*