Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE) for Armv8-M, Armv8.1-M architectures. It is the platform security architecture reference implementation aligning with PSA Certified guidelines.

You will build the supplied reference examples, and run them on the Corstone-300 Fixed Virtual Platform (FVP).

These instructions assume an Ubuntu Linux host machine, or use of Arm Virtual Hardware .

Corstone-300 FVP

The Corstone-300 FVP is available from the Arm Ecosystem FVP page. Setup instructions are available in the install guide .

Alternatively, you can access the FVP with Arm Virtual Hardware . Setup instructions are available in the Arm Virtual Hardware install guide .

Install appropriate compiler

The examples can be built with Arm Compiler for Embedded or Arm GNU Toolchain . Both toolchains are installed within Arm Virtual Hardware.

To install locally see:


Install python 3 prerequisites for TF-M:


            sudo apt update
sudo apt install -y python3.8-venv python3-pip
sudo ln -s /usr/local/bin/pip3 /usr/bin/pip3.8
python3.8 -m pip install imgtool cffi intelhex cbor2 cbor pytest click jinja2 PyYAML

Clone the TF-M repository


            git clone
cd trusted-firmware-m

TF-M uses cmake as the build system. Install if necessary, then create and navigate into a build directory.


            sudo apt install -y cmake
mkdir cmake_build
cd cmake_build

Set the relevant cmake variables to build the TF-M suite of tests. The TFM_TOOLCHAIN_FILE parameter is used to select a toolchain. For example, to build with Arm Compiler:


            cmake .. -DTFM_PLATFORM=arm/mps3/an552 -DTEST_NS=ON -DTEST_S=ON -DTFM_TOOLCHAIN_FILE=../toolchain_ARMCLANG.cmake

Or, with GCC:


            cmake .. -DTFM_PLATFORM=arm/mps3/an552 -DTEST_NS=ON -DTEST_S=ON -DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake

All the parameters are defined in the Trusted Firmware-M documentation .

Build using make


            make install

On a successful build, the TF-M test executables are created in the bin directory. This includes binary files for the MCUBoot bootloader, TF-M secure firmware and TF-M non-secure app. Signed variants of both the TF-M secure and non-secure images are created along with a combined signed image of both the secure and non-secure image.

Run the TF-M tests on the Corstone-300 FVP

To run the tests on the FVP use:



            FVP_Corstone_SSE-300_Ethos-U55 -a cpu0*="bin/bl2.axf" --data "bin/tfm_s_ns_signed.bin"@0x01000000

Within Arm Virtual Hardware


            VHT_Corstone_SSE-300_Ethos-U55 -a cpu0*="bin/bl2.axf" --data "bin/tfm_s_ns_signed.bin"@0x01000000


  • bl2.axf is the MCUBoot bootloader image.
  • tfm_s_ns_signed.bin is the combined signed image for the TF-M secure and non-secure image
    • @<addr> indicates where in the Corstone-300 FVP memory the image is loaded.

The memory map for the FVP is documented in the FVP Reference Guide .

The test results will be output in a telnet window.


        *** Non-secure test suites summary ***
Test suite 'SFN Backend NS test (TFM_NS_SFN_TEST_1XXX)' has PASSED
Test suite 'PSA protected storage NS interface tests (TFM_NS_PS_TEST_1XXX)' has PASSED