menu "Tfm" config TFM bool "Enable TFM" default n menu "Modify TFM Info" depends on TFM config TFM_PROFILE string "Define Tfm Profile" default "profile_medium" help psa level:0(profile_small) 1(profile_medium) 2(profile_large) config TFM_BUILD_TYPE string "Define Tfm Build Type" default "minsizerel" help build type: debug, release or minsizerel config TFM_FPGA string "Enable FPGA: ON/OFF" default "OFF" config TFM_FWU bool "Enable Firmware Update" default n help Enable FWU: ON/OFF config TFM_SYSTEM_CLOCK bool "Enable TFM system clock ctrl" default n help Enable TFM_SYSTEM_CLOCK: ON/OFF config TFM_CRYPTO bool "Enable TFM CRYPTO" default n help Enable CRYPTO: ON/OFF config TFM_PS bool "Enable TFM PS" default n help Enable PS: ON/OFF config TFM_TEST_S string "Define Tfm Test S" default "OFF" help Enable to TFM secure bin test: ON/OFF config TFM_TEST_NS string "Define Tfm Test NS" default "OFF" help Enable to TFM non-secure bin test: ON/OFF config TFM_BL2_LOG_LEVEL string "Define Tfm Bl2 Log Level" default "DEBUG" help Set BL2 log level: OFF/ERROR/WARNING/INFO/DEBUG config TFM_BL2 string "Define Tfm Bl2" default "OFF" help Enable BL2: ON/OFF config TFM_BL2_DOWNLOAD bool "Enable BL2 download" default y help Enable BL2 Download config TFM_SECURE_DEBUG bool "Enable Secure Debug" default n help Enable Secure Debug config OTP_NV_COUNTERS_RAM_EMULATION string "Define Otp Nv Counters Ram Emulation" default "OFF" help Enable OTP/NV counter RAM emulation: ON/OFF config PLATFORM_DEFAULT_OTP_WRITEABLE string "Define Platform Default Otp Writeable" default "ON" help Enable platform default OTP writable: ON/OFF config TFM_SYS_LL_NSC bool "Enable system_ll nsc" default n config TFM_AON_PMU_LL_NSC bool "Enable aon_pmu_ll nsc" default n config BL2_UPGRADE_STRATEGY string "Define mcuboot upgrade strategy" default "SWAP_USING_SCRATCH" help The MCUBOOT upgrade strategy can be: OVERWRITE_ONLY, SWAP_USING_SCRATCH, SWAP_USING_MOVE. config TFM_BK7236_V5 bool "Use BK7236 v5" default y config TFM_REG_ACCESS_NSC bool "Enable security registers access" default n help Enable read/write security registers from non-security world. Should be disabled in release version! config TFM_MPC_NSC bool "Enable MPC NSC api" default n help Enable configure MPC from non-security, for chip verification only. Should be disabled in release version! config TFM_FLASH_NSC bool "Enable flash NSC api" default n help Enable flash API for non-security, for chip verification only. Should be disabled in release version! config TFM_DUBHE_KEY_LADDER_NSC bool "Enable dubhe key ladder NSC api" default n help Enable dubhe key ladder API for non-security config TFM_OTP_NSC bool "Enable otp NSC api" default n help Enable otp API for non-security config TFM_INT_TARGET_NSC bool "Enable interrupt target NSC api" default n help Enable interrupt target API for non-security, for chip verification only. Should be disabled in release version! config PM_NSC bool "Enable pm NSC api" default n help Enable PM API for non-security config TFM_AES_GCM_NSC bool "Enable do security aes gcm " default n help Enable do security aes gcm encrypt and decrypt. Should be disabled in release version! config TFM_MPU bool "Enable TFM official MPU" default n help Enable TFM official MPU config TFM_PANIC_DEAD_LOOP bool "TFM panic trigger dead loop" default n help Enable TFM dead loop panic config XIP_NO_VERSION bool "xip without security counter and version" default n config BL2_SKIP_VALIDATE bool "Bl2 skip validate" default n config BL2_VALIDATE_ENABLED_BY_EFUSE bool "BL2 validate is enabled by eFuse" default y config BL2_WDT bool "Enable BL2 watchdog" default n config TFM_HEAP_SIZE hex "TFM heap size" default 0x1040 config BL2_WDT_PERIOD hex "BL2 wdt timeout period" default 0x1F40 config TFM_CRYPTO_IOVEC_BUFFER_SIZE hex "TFM_CRYPTO_IOVEC_BUFFER_SIZE" default 0x2400 config INITIAL_ATTESTATION bool "Enable compile tfm initial attestation file" default n help Enable compile tfm initial attestation file endmenu endmenu config SECURITY_FIRMWARE bool "enable security firmware / no-security firmware" default n help enable security firmware / no-security firmware