1#-------------------------------------------------------------------------------
2# SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8menu "SPM"
9config TFM_ISOLATION_LEVEL
10    int "Isolation level"
11    default 1
12    range 1 3 if PLATFORM_HAS_ISOLATION_L3_SUPPORT
13    range 1 2
14    help
15      SFN backend only supports level 1.
16      IPC backend can support all 3 levels.
17      Isolation level 3 requires platform support.
18
19choice CONFIG_TFM_SPM_BACKEND_CHOICE
20    prompt "SPM Backend"
21
22    config CONFIG_TFM_SPM_BACKEND_SFN
23        bool "SFN Backend"
24        # Multi-core platform based on inter-core communication cannot fully work with SFN
25        # backend yet.
26        # TO-DO: Check whether it depends on TFM_PARTITION_NS_AGENT_MAILBOX or TFM_MULTI_CORE_TOPOLOGY
27        depends on !TFM_PARTITION_NS_AGENT_MAILBOX && TFM_ISOLATION_LEVEL = 1
28
29    config CONFIG_TFM_SPM_BACKEND_IPC
30        bool "IPC Backend"
31        select CONFIG_TFM_PARTITION_META
32endchoice
33
34config CONFIG_TFM_SPM_BACKEND
35    string
36    default "IPC" if CONFIG_TFM_SPM_BACKEND_IPC
37    default "SFN" if CONFIG_TFM_SPM_BACKEND_SFN
38    default ""
39
40choice TFM_FIH_PROFILE_CHOICE
41    prompt "FIH Profile"
42    default TFM_FIH_PROFILE_OFF
43    help
44      Fault injection hardening profile
45
46    config TFM_FIH_PROFILE_OFF
47        bool "OFF"
48
49    config TFM_FIH_PROFILE_LOW
50        bool "Low"
51
52    config TFM_FIH_PROFILE_MEDIUM
53        bool "Medium"
54
55    config TFM_FIH_PROFILE_HIGH
56        bool "High"
57endchoice
58
59config TFM_FIH_PROFILE
60    string
61    default "OFF" if TFM_FIH_PROFILE_OFF
62    default "LOW" if TFM_FIH_PROFILE_LOW
63    default "MEDIUM" if TFM_FIH_PROFILE_MEDIUM
64    default "HIGH" if TFM_FIH_PROFILE_HIGH
65
66config PSA_FRAMEWORK_HAS_MM_IOVEC
67    bool "MM-IOVEC"
68    default n
69    depends on TFM_ISOLATION_LEVEL = 1
70    help
71      Memory-mapped IOVECs feature, supported only for isolation level 1
72
73################################# Misc #########################################
74
75config TFM_EXCEPTION_INFO_DUMP
76    bool "Exception information dump"
77    default n
78    help
79      On fatal errors in the secure firmware, capture info about the
80      exception. Print the info if the "SPM Log Level" is sufficient.
81
82config CONFIG_TFM_HALT_ON_CORE_PANIC
83    bool "Halt instead of rebooting"
84    default n
85    help
86      On fatal errors in the secure firmware, halt instead of rebooting.
87      This would be helpful for debugging.
88
89config TFM_PXN_ENABLE
90    bool "PXN"
91    depends on ARCH_ARM_V81MM
92    default n
93    help
94      Privileged eXecute-Never.
95      Enables the PXN feature in common MPU driver and isolation setup.
96
97config CONFIG_TFM_STACK_WATERMARKS
98    bool "Stack Watermarks"
99    depends on TFM_ISOLATION_LEVEL != 3
100    help
101      Whether to pre-fill partition stacks with a set value to help
102      determine stack usage.
103      Not supported for isolation level 3 yet.
104
105config NUM_MAILBOX_QUEUE_SLOT
106    int "Number of mailbox queue slots"
107    depends on TFM_PARTITION_NS_AGENT_MAILBOX
108    default 1
109
110################################# SPM log level ################################
111
112choice SPM_LOG_LEVEL
113    prompt "SPM Log Level"
114    default LOG_LEVEL_NONE
115
116    config LOG_LEVEL_VERBOSE
117        bool "Verbose"
118
119    config LOG_LEVEL_INFO
120        bool "Info"
121
122    config LOG_LEVEL_WARNING
123        bool "Warning"
124
125    config LOG_LEVEL_NOTICE
126        bool "Notice"
127
128    config LOG_LEVEL_ERROR
129        bool "Error"
130
131    config LOG_LEVEL_NONE
132        bool "None"
133endchoice
134
135config TFM_SPM_LOG_LEVEL
136    int
137    default 50 if LOG_LEVEL_VERBOSE
138    default 40 if LOG_LEVEL_INFO
139    default 30 if LOG_LEVEL_WARN
140    default 20 if LOG_LEVEL_NOTICE
141    default 10 if LOG_LEVEL_ERROR
142    default 0 if LOG_LEVEL_NONE
143
144endmenu
145
146config TFM_SPM_LOG_RAW_ENABLED
147    bool
148    default y if TFM_SPM_LOG_LEVEL != 0 || TFM_SP_LOG_RAW_ENABLED
149    default n
150
151######################## Promptless (non-user) config options ##################
152########### Do NOT change the following config options anywhere! ###############
153config CONFIG_TFM_PARTITION_META
154    def_bool n
155
156config TFM_PARTITION_NS_AGENT_MAILBOX
157    bool
158    default y if TFM_MULTI_CORE_TOPOLOGY
159    default n
160
161config TFM_PARTITION_NS_AGENT_TZ
162    bool
163    default y if CONFIG_TFM_USE_TRUSTZONE
164    default n
165