TF-M Requirements

The following are some of the boards that can be used with TF-M:

Board

NSPE board name

ARM MPS2+ AN521

mps2_an521_ns (qemu supported)

ARM MPS3 AN547

mps3_an547_ns (qemu supported)

Ezurio BL5340 DVK

bl5340_dvk/nrf5340/cpuapp/ns

NXP LPCXPRESSO55S69

lpcxpresso55s69_ns

nRF9160 DK

nrf9160dk/nrf9160/ns

nRF5340 DK

nrf5340dk/nrf5340/cpuapp/ns

ST B_U585I_IOT02A Discovery kit

b_u585i_iot02a/stm32u585xx/ns

ST Nucleo L552ZE Q

nucleo_l552ze_q/stm32l552xx/ns

ST STM32L562E-DK Discovery

stm32l562e_dk/stm32l562xx/ns

ARM V2M Musca B1

v2m_musca_b1_ns

ARM V2M Musca-S1

v2m_musca_s1_ns

You can run west boards -n _ns$ to search for non-secure variants of different board targets. To make sure TF-M is supported for a board in its output, check that CONFIG_TRUSTED_EXECUTION_NONSECURE is set to y in that board’s default configuration.

Software Requirements

The following Python modules are required when building TF-M binaries:

  • cryptography

  • pyasn1

  • pyyaml

  • cbor>=1.0.0

  • imgtool>=1.9.0

  • jinja2

  • click

You can install them via:

$ pip3 install --user cryptography pyasn1 pyyaml cbor>=1.0.0 imgtool>=1.9.0 jinja2 click

They are used by TF-M’s signing utility to prepare firmware images for validation by the bootloader.

Part of the process of generating binaries for QEMU and merging signed secure and non-secure binaries on certain platforms also requires the use of the srec_cat utility.

This can be installed on Linux via:

$ sudo apt-get install srecord

And on OS X via:

$ brew install srecord

For Windows-based systems, please make sure you have a copy of the utility available on your system path. See, for example: SRecord for Windows