Hi Hao,

Apologies for late reply.
I gave a quick test on your build command and it does seem to be case as you described.
However, when playing further, it seems that other dependencies linked to CRYPTO_ASYM_SIGN_MODULE_ENABLED need to be resolved, like the choice of signing algorithm.
You might need to resolve those dependencies and then make the options visible to the build system chain because it looks like we are not supporting such feature at the moment.

For the other questions, I'll let those with more knowledge on Zephyr to answer.

Many thanks
Best regards,
Nicola

From: Zhang, Hao via TF-M <tf-m@lists.trustedfirmware.org>
Sent: 06 February 2025 03:32
To: Anton Komlev via TF-M <tf-m@lists.trustedfirmware.org>
Subject: [TF-M] How to Enable Asymmetric Signing with Small Profile
 

Hi All,

 

I have several questions. Thanks in advance for helping out.

 

  1. I am trying to build a TF-M application for my platform with small profile with asymmetric signing module enabled. I tried using following command

cmake -S . -B build -G Ninja -DTFM_PLATFORM=MY/PLATFORM -DTFM_PROFILE="profile_small" -DCRYPTO_ASYM_SIGN_MODULE_ENABLED=y.

However, the asymmetric signing module is not included. More specifically, in trusted-firmware-m/secure_fw/partitions/crypto/crypto_asymmetric.c, the #if CRYPTO_ASYM_SIGN_MODULE_ENABLED is not true.

 

From what I understand, the -DCRYPTO_ASYM_SIGN_MODULE_ENABLED=y only define the macro, but not set it to 1, therefore, the #if CRYPTO_ASYM_SIGN_MODULE_ENABLED is not true. I am wondering if there is any way I can enable -DCRYPTO_ASYM_SIGN_MODULE_ENABLED module while still staying in small profile. I am aware that the default CRYPTO_ENGINE_BUF_SIZE might not be enough and I am willing to override it with a command line flag. Preferably, I would not want to enable asymmetric module in config.cmake as I only want to enable it for one specific application.

 

  1. If to build with Zephyr and have TF-M as a module, is there anyway to enable asymmetric signing module given a small profile  (I actually care more about this question than first question)

 

  1. Just out of curiosity, how do you use menuconfig in TF-M. I did try -DMENUCONFIG=ON, but the compiler complains

 

CMake Error at config/kconfig.cmake:31 (file):

  file STRINGS file

  "trusted-firmware-m/config/../platform/ext/target/MY/PLATFORM/preload.cmake"

  cannot be read.

Call Stack (most recent call first):

  config/kconfig.cmake:174 (convert_normal_cmake_config_to_kconfig)

  CMakeLists.txt:26 (include)

 

I thought preload.cmake is no longer required.

 

Thank you very much!

 

Best regards,

 

Hao