Hi Anton,

 

Thanks for the quick response.

 

I believe this task can be split into several parts:

  1. Ensure that all files that currently use absolute paths are installed to api_ns folder. Here I talk about files that are actually needed to NSPE.
  2. In NS side – remove definitions of files that are not needed for NSPE (e.g some of crypto configs use absolute paths and are not needed for NSPE). This can be done as either remove them during NSPE build, or just isolate them by adding them to SPE specific targets that are not exported to NSPE via install TARGET.
    This way we can ensure that we have clear scope and know that there are no accidental includes of unwanted files in NSPE
  3. Actually move to using relative paths

 

Note that this is just mu view of the issue – your plan may differ. But I still wanted to provide it here to note that as a minimal solution, at least for now, we should be fine with only having step 1. Because having all the needed files in api_ns is a must have – then we can take care of actually using them in our own build system.

 

Hope this helps.

 

Bohdan Hunko

 

Cypress Semiconductor Ukraine LLC

Senior Engineer

CSS ICW SW INT BFS SFW

Mobile: +380995019714
Bohdan.Hunko@infineon.com

 

From: Anton Komlev <Anton.Komlev@arm.com>
Sent: Friday, 12 December 2025 12:33
To: Hunko Bohdan (CSS ICW SW INT BFS SFW) <Bohdan.Hunko@infineon.com>; tf-m@lists.trustedfirmware.org
Cc: Kozemchuk Ivan (CSS ICW SW INT BFS SFW) <Ivan.Kozemchuk@infineon.com>
Subject: RE: Issue with absolute paths in exported targets

 

CautionThis e-mail originated outside Infineon Technologies. Please be cautious when sharing information or opening attachments especially from unknown senders. Refer to our intranet guide to help you identify Phishing email.

 

Hi Bohdan,

 

You’re right, TF-M currently uses a mix of relative and absolute paths. There is a plan to switch everything to relative paths where possible, but priority was low since the current solution has been working. With your report, we will revisit that plan. Tentatively, I’d think around Q1’26, though we still need to look into the scope and side effects.

Your contribution would be very welcome as well. If you’re planning to work on this, please let me know to avoid duplication.

 

Best regards,
Anton

 

From: Bohdan.Hunko--- via TF-M <tf-m@lists.trustedfirmware.org>
Sent: Wednesday, December 10, 2025 2:52 PM
To: tf-m@lists.trustedfirmware.org
Cc: Ivan.Kozemchuk@infineon.com
Subject: [TF-M] Issue with absolute paths in exported targets

 

Hi all,

 

I have noticed an issue with absolute paths in exported targets:

Background:

  1. During Secure build some header file paths are added to include directories of tfm_config (and some other targets) – for example TARGET_CONFIG_HEADER_FILE, PROJECT_CONFIG_HEADER_FILE
  2. Then tfm_config is exported to install directory and is used in Non-Secure build

 

There are several issues here:

  1. In Non-Secure build exported tfm_config uses absolute paths that ware defined during secure build. This is an issue as NS-interface (api_ns folder) may be built on another machine.
  2. Also looking into api_ns folder – I don’t see those files being exported (for example TARGET_CONFIG_HEADER_FILE, PROJECT_CONFIG_HEADER_FILE are not exported to api_ns)
    1. Looking into a code I was able to identify at least these defines that are effected (but list may be longer):

                                          i.    TARGET_CONFIG_HEADER_FILE

                                        ii.    PROJECT_CONFIG_HEADER_FILE

                                       iii.    MBEDTLS_PSA_CRYPTO_CONFIG_FILE

                                       iv.    MBEDTLS_CONFIG_FILE

 

Is there a plan to somehow solve this issue? If so, then what is the schedule on it?

 

Bohdan Hunko

 

Cypress Semiconductor Ukraine LLC

Senior Engineer

CSS ICW SW INT BFS SFW

Mobile: +380995019714
Bohdan.Hunko@infineon.com