The latest development version of this page may be more current than this released 2.7.5 version.

CONFIG_BUILD_WITH_TFM

Build with TF-M as the Secure Execution Environment

Type: bool

Help

When enabled, this option instructs the Zephyr build process to
additionally generate a TF-M image for the Secure Execution
environment, along with the Zephyr image. The Zephyr image
itself is to be executed in the Non-Secure Processing Environment.
The required dependency on TRUSTED_EXECUTION_NONSECURE
ensures that the Zephyr image is built as a Non-Secure image. Both
TF-M and Zephyr images, as well as the veneer object file that links
them, are generated during the normal Zephyr build process.

Notes:
  Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
      ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.

  By default we allow Zephyr preemptible threads be preempted
  while performing a secure function call.

Direct dependencies

(ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS)) || (ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_MPS2_AN521_CPU0 || BOARD_MPS2_AN521_CPU0_NS || BOARD_MPS2_AN521_CPU1)) || (ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS)) || (ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160_NS)) || (ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != “” && ARM_TRUSTZONE_M && 0)

(Includes any dependencies from ifs and menus.)

Defaults

Symbols selected by this symbol

Symbols implied by this symbol

Kconfig definitions

At boards/arm/bl5340_dvk/Kconfig.defconfig:28

Included via Kconfig:8Kconfig.zephyr:22

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if BOARD_BL5340_DVK_CPUAPP_NS
    depends on ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS)

At boards/arm/mps2_an521/Kconfig.defconfig:21

Included via Kconfig:8Kconfig.zephyr:22

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if TRUSTED_EXECUTION_NONSECURE
    depends on ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_MPS2_AN521_CPU0 || BOARD_MPS2_AN521_CPU0_NS || BOARD_MPS2_AN521_CPU1)

At boards/arm/nrf5340dk_nrf5340/Kconfig.defconfig:14

Included via Kconfig:8Kconfig.zephyr:22

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if BOARD_NRF5340DK_NRF5340_CPUAPP_NS
    depends on ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS)

At boards/arm/nrf9160dk_nrf9160/Kconfig.defconfig:14

Included via Kconfig:8Kconfig.zephyr:22

Menu path: (Top)

config BUILD_WITH_TFM
    bool
    default y if BOARD_NRF9160DK_NRF9160_NS
    depends on ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && (BOARD_NRF9160DK_NRF9160 || BOARD_NRF9160DK_NRF9160_NS)

At modules/trusted-firmware-m/Kconfig.tfm:25

Included via Kconfig:8Kconfig.zephyr:33modules/Kconfig:74modules/trusted-firmware-m/Kconfig:7

Menu path: (Top) → Modules

menuconfig BUILD_WITH_TFM
    bool "Build with TF-M as the Secure Execution Environment"
    select BUILD_OUTPUT_HEX
    imply INIT_ARCH_HW_AT_BOOT
    imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
    depends on ZEPHYR_TRUSTED_FIRMWARE_M_MODULE && TRUSTED_EXECUTION_NONSECURE && TFM_BOARD != "" && ARM_TRUSTZONE_M && 0
    help
      When enabled, this option instructs the Zephyr build process to
      additionally generate a TF-M image for the Secure Execution
      environment, along with the Zephyr image. The Zephyr image
      itself is to be executed in the Non-Secure Processing Environment.
      The required dependency on TRUSTED_EXECUTION_NONSECURE
      ensures that the Zephyr image is built as a Non-Secure image. Both
      TF-M and Zephyr images, as well as the veneer object file that links
      them, are generated during the normal Zephyr build process.

      Notes:
        Building with the "_ns" BOARD variant (e.g. "mps2_an521_ns")
            ensures that CONFIG_TRUSTED_EXECUTION_NONSECURE is enabled.

        By default we allow Zephyr preemptible threads be preempted
        while performing a secure function call.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)