The latest development version of this page may be more current than this released 3.0.0 version.

CONFIG_TFM_KEY_FILE_NS

Path to private key used to sign non-secure firmware images.

Type: string

Help

The path and filename for the .pem file containing the private key
that should be used by the BL2 bootloader when signing non-secure
firmware images.

Direct dependencies

BUILD_WITH_TFM && BUILD_WITH_TFM && 0

(Includes any dependencies from ifs and menus.)

Default

• “${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem”

Kconfig definition

At modules/trusted-firmware-m/Kconfig.tfm:63

Included via Kconfig:8 → Kconfig.zephyr:33 → modules/Kconfig:80 → modules/trusted-firmware-m/Kconfig:7

Menu path: (Top) → Modules → Build with TF-M as the Secure Execution Environment

config TFM_KEY_FILE_NS
    string "Path to private key used to sign non-secure firmware images."
    default "${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
    depends on BUILD_WITH_TFM && BUILD_WITH_TFM && 0
    help
      The path and filename for the .pem file containing the private key
      that should be used by the BL2 bootloader when signing non-secure
      firmware images.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)