1.. zephyr:code-sample-category:: tfm_integration 2 :name: TF-M Integration 3 :show-listing: 4 5 These TF-M integration examples can be used with a supported Armv8-M board, and demonstrate how 6 the TF-M APIs can be used with Zephyr. 7 8Overview 9******** 10 11Trusted Firmware Platform Security Architecture (PSA) APIs are used for the 12secure processing environment (S), with Zephyr running in the non-secure 13processing environment (NS). 14 15As part of the standard build process, the secure bootloader (BL2) is normally 16built, in addition to the TF-M S and Zephyr NS binary images. The S and NS 17images are then merged and signed using the private signing keys, whose public 18key values are stored in the secure bootloader. This allows the application 19images to be verified and either accepted or rejected during the image 20verification process at startup, based on a pair of private keys that you 21control. 22 23What is Trusted Firmware-M (TF-M)? 24********************************** 25 26Trusted Firmware-M (TF-M) is the reference implementation of `Platform Security 27Architecture (PSA) <https://pages.arm.com/psa-resources.html>`_. 28 29TF-M provides a highly configurable set of software components to create a 30Trusted Execution Environment. This is achieved by a set of secure run time 31services such as Secure Storage, Cryptography, Audit Logs and Attestation. 32Additionally, secure boot in TF-M ensures integrity of run time software and 33supports firmware upgrade. 34 35The current TF-M implementation specifically targets TrustZone for ARMv8-M. 36 37Trusted Firmware-M source code is available at 38`git.trustedfirmware.org <https://git.trustedfirmware.org>`_, although a fork 39of this source code is maintained by the Zephyr Project as a module for 40convenience sake at 41`<https://github.com/zephyrproject-rtos/trusted-firmware-m>`_. 42 43For further information consult the official `TF-M documentation`_ 44 45.. _TF-M documentation: 46 https://tf-m-user-guide.trustedfirmware.org/ 47