#-------------------------------------------------------------------------------
# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------

menu "SPM"
config TFM_ISOLATION_LEVEL
    int "Isolation level"
    default 1
    range 1 3 if PLATFORM_HAS_ISOLATION_L3_SUPPORT
    range 1 2
    help
      SFN backend only supports level 1.
      IPC backend can support all 3 levels.
      Isolation level 3 requires platform support.

choice
    prompt "SPM Backend"

    config CONFIG_TFM_SPM_BACKEND_SFN
        bool "SFN Backend"
        # Multi-core platform based on inter-core communication cannot fully work with SFN
        # backend yet.
        # TO-DO: Check whether it depends on TFM_PARTITION_NS_AGENT_MAILBOX or TFM_MULTI_CORE_TOPOLOGY
        depends on !TFM_PARTITION_NS_AGENT_MAILBOX && TFM_ISOLATION_LEVEL = 1

    config CONFIG_TFM_SPM_BACKEND_IPC
        bool "IPC Backend"
        select CONFIG_TFM_PARTITION_META
endchoice

config CONFIG_TFM_SPM_BACKEND
    string
    default "IPC" if CONFIG_TFM_SPM_BACKEND_IPC
    default "SFN" if CONFIG_TFM_SPM_BACKEND_SFN
    default ""

choice
    prompt "FIH Profile"
    default TFM_FIH_PROFILE_OFF
    help
      Fault injection hardening profile

    config TFM_FIH_PROFILE_OFF
        bool "OFF"

    config TFM_FIH_PROFILE_LOW
        bool "Low"

    config TFM_FIH_PROFILE_MEDIUM
        bool "Medium"

    config TFM_FIH_PROFILE_HIGH
        bool "High"
endchoice

config TFM_FIH_PROFILE
    string
    default "OFF" if TFM_FIH_PROFILE_OFF
    default "LOW" if TFM_FIH_PROFILE_LOW
    default "MEDIUM" if TFM_FIH_PROFILE_MEDIUM
    default "HIGH" if TFM_FIH_PROFILE_HIGH

config PSA_FRAMEWORK_HAS_MM_IOVEC
    bool "MM-IOVEC"
    default n
    depends on TFM_ISOLATION_LEVEL = 1
    help
      Memory-mapped IOVECs feature, supported only for isolation level 1

################################# Misc #########################################

config TFM_EXCEPTION_INFO_DUMP
    bool "Exception information dump"
    default n
    help
      On fatal errors in the secure firmware, capture info about the
      exception. Print the info if the "SPM Log Level" is sufficient.

config CONFIG_TFM_HALT_ON_CORE_PANIC
    bool "Halt instead of rebooting"
    default n
    help
      On fatal errors in the secure firmware, halt instead of rebooting.
      This would be helpful for debugging.

config TFM_PXN_ENABLE
    bool "PXN"
    depends on ARCH_ARM_V81MM
    default n
    help
      Privileged eXecute-Never.
      Enables the PXN feature in common MPU driver and isolation setup.

config CONFIG_TFM_STACK_WATERMARKS
    bool "Stack Watermarks"
    depends on TFM_ISOLATION_LEVEL != 3
    help
      Whether to pre-fill partition stacks with a set value to help
      determine stack usage.
      Not supported for isolation level 3 yet.

config NUM_MAILBOX_QUEUE_SLOT
    int "Number of mailbox queue slots"
    depends on TFM_PARTITION_NS_AGENT_MAILBOX
    default 1

################################# SPM log level ################################

choice SPM_LOG_LEVEL
    prompt "SPM Log Level"
    default SPM_LOG_LEVEL_SILENCE

    config SPM_LOG_LEVEL_DEBUG
        bool "Debug"

    config SPM_LOG_LEVEL_INFO
        bool "Info"

    config SPM_LOG_LEVEL_ERROR
        bool "Error"

    config SPM_LOG_LEVEL_SILENCE
        bool "Silence"
endchoice

config TFM_SPM_LOG_LEVEL
    int
    default 3 if SPM_LOG_LEVEL_DEBUG
    default 2 if SPM_LOG_LEVEL_INFO
    default 1 if SPM_LOG_LEVEL_ERROR
    default 0 if SPM_LOG_LEVEL_SILENCE

endmenu

config TFM_SPM_LOG_RAW_ENABLED
    bool
    default y if TFM_SPM_LOG_LEVEL != 0 || TFM_SP_LOG_RAW_ENABLED
    default n

######################## Promptless (non-user) config options ##################
########### Do NOT change the following config options anywhere! ###############
config CONFIG_TFM_PARTITION_META
    def_bool n

config TFM_PARTITION_NS_AGENT_MAILBOX
    bool
    default y if TFM_MULTI_CORE_TOPOLOGY
    default n

config TFM_PARTITION_NS_AGENT_TZ
    bool
    default y if CONFIG_TFM_USE_TRUSTZONE
    default n
