1 /*
2  * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
3  * Copyright (c) 2023-2024 Cypress Semiconductor Corporation (an Infineon
4  * company) or an affiliate of Cypress Semiconductor Corporation. All rights
5  * reserved.
6  *
7  * SPDX-License-Identifier: BSD-3-Clause
8  *
9  */
10 
11 #ifndef __CONFIG_BASE_H__
12 #define __CONFIG_BASE_H__
13 
14 /* Platform Partition Configs */
15 
16 /* Size of input buffer in platform service */
17 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
18 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE     64
19 #endif
20 
21 /* Size of output buffer in platform service */
22 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
23 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE    64
24 #endif
25 
26 /* The stack size of the Platform Secure Partition */
27 #ifndef PLATFORM_SP_STACK_SIZE
28 #define PLATFORM_SP_STACK_SIZE                 0x500
29 #endif
30 
31 /* Disable Non-volatile counter module */
32 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
33 #define PLATFORM_NV_COUNTER_MODULE_DISABLED    0
34 #endif
35 
36 /* Crypto Partition Configs */
37 
38 /*
39  * Heap size for the crypto backend. This is statically allocated
40  * inside the Crypto service and used as heap through the default
41  * Mbed TLS allocator
42  */
43 #ifndef CRYPTO_ENGINE_BUF_SIZE
44 #define CRYPTO_ENGINE_BUF_SIZE                 0x3000
45 #endif
46 
47 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
48 #ifndef CRYPTO_CONC_OPER_NUM
49 #define CRYPTO_CONC_OPER_NUM                   8
50 #endif
51 
52 /* Enable PSA Crypto random number generator module */
53 #ifndef CRYPTO_RNG_MODULE_ENABLED
54 #define CRYPTO_RNG_MODULE_ENABLED              1
55 #endif
56 
57 /* Enable PSA Crypto Key module */
58 #ifndef CRYPTO_KEY_MODULE_ENABLED
59 #define CRYPTO_KEY_MODULE_ENABLED              1
60 #endif
61 
62 /* Enable PSA Crypto AEAD module */
63 #ifndef CRYPTO_AEAD_MODULE_ENABLED
64 #define CRYPTO_AEAD_MODULE_ENABLED             1
65 #endif
66 
67 /* Enable PSA Crypto MAC module */
68 #ifndef CRYPTO_MAC_MODULE_ENABLED
69 #define CRYPTO_MAC_MODULE_ENABLED              1
70 #endif
71 
72 /* Enable PSA Crypto Hash module */
73 #ifndef CRYPTO_HASH_MODULE_ENABLED
74 #define CRYPTO_HASH_MODULE_ENABLED             1
75 #endif
76 
77 /* Enable PSA Crypto Cipher module */
78 #ifndef CRYPTO_CIPHER_MODULE_ENABLED
79 #define CRYPTO_CIPHER_MODULE_ENABLED           1
80 #endif
81 
82 /* Enable PSA Crypto asymmetric key signature module */
83 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
84 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED        1
85 #endif
86 
87 /* Enable PSA Crypto asymmetric key encryption module */
88 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
89 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED     1
90 #endif
91 
92 /* Enable PSA Crypto key derivation module */
93 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
94 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED   1
95 #endif
96 
97 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
98 #ifndef CRYPTO_IOVEC_BUFFER_SIZE
99 #define CRYPTO_IOVEC_BUFFER_SIZE               5120
100 #endif
101 
102 /* Use stored NV seed to provide entropy */
103 #ifndef CRYPTO_NV_SEED
104 #define CRYPTO_NV_SEED                         1
105 #endif
106 
107 /*
108  * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
109  * to optimize memory footprint in resource-constrained devices.
110  */
111 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
112 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED      0
113 #endif
114 
115 /*
116  * The service assumes that the client interface and internal
117  * interface towards the library that provides the PSA Crypto
118  * core component maintain the same ABI. This is not the default
119  * when using the Mbed TLS reference implementation
120  */
121 #ifndef CRYPTO_LIBRARY_ABI_COMPAT
122 #define CRYPTO_LIBRARY_ABI_COMPAT (0)
123 #endif
124 
125 /* The stack size of the Crypto Secure Partition */
126 #ifndef CRYPTO_STACK_SIZE
127 #define CRYPTO_STACK_SIZE                      0x1800
128 #endif
129 
130 /* FWU Partition Configs */
131 
132 /* Size of the FWU internal data transfer buffer */
133 #ifndef TFM_FWU_BUF_SIZE
134 #define TFM_FWU_BUF_SIZE                       PSA_FWU_MAX_WRITE_SIZE
135 #endif
136 
137 /* The stack size of the Firmware Update Secure Partition */
138 #ifndef FWU_STACK_SIZE
139 #define FWU_STACK_SIZE                         0x600
140 #endif
141 
142 /* Attest Partition Configs */
143 
144 /* Include optional claims in initial attestation token */
145 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
146 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS         1
147 #endif
148 
149 /* Include COSE key-id in initial attestation token */
150 #ifndef ATTEST_INCLUDE_COSE_KEY_ID
151 #define ATTEST_INCLUDE_COSE_KEY_ID             0
152 #endif
153 
154 /* The stack size of the Initial Attestation Secure Partition */
155 #ifndef ATTEST_STACK_SIZE
156 #define ATTEST_STACK_SIZE                      0x700
157 #endif
158 
159 /* Set the initial attestation token profile */
160 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
161     (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
162     (!ATTEST_TOKEN_PROFILE_ARM_CCA)
163 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1         1
164 #endif
165 
166 /* ITS Partition Configs */
167 
168 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
169 #ifndef ITS_CREATE_FLASH_LAYOUT
170 #define ITS_CREATE_FLASH_LAYOUT                1
171 #endif
172 
173 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
174 #ifndef ITS_RAM_FS
175 #define ITS_RAM_FS                             0
176 #endif
177 
178 /* Validate filesystem metadata every time it is read from flash */
179 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH
180 #define ITS_VALIDATE_METADATA_FROM_FLASH       1
181 #endif
182 
183 /* The maximum asset size to be stored in the Internal Trusted Storage */
184 #ifndef ITS_MAX_ASSET_SIZE
185 #define ITS_MAX_ASSET_SIZE                     512
186 #endif
187 
188 /*
189  * Size of the ITS internal data transfer buffer
190  * (Default to the max asset size so that all requests can be handled in one iteration.)
191  */
192 #ifndef ITS_BUF_SIZE
193 #define ITS_BUF_SIZE                           ITS_MAX_ASSET_SIZE
194 #endif
195 
196 /* The maximum number of assets to be stored in the Internal Trusted Storage */
197 #ifndef ITS_NUM_ASSETS
198 #define ITS_NUM_ASSETS                         10
199 #endif
200 
201 /* The stack size of the Internal Trusted Storage Secure Partition */
202 #ifndef ITS_STACK_SIZE
203 #define ITS_STACK_SIZE                         0x720
204 #endif
205 
206 /* The size of the authentication tag used when authentication/encryption of ITS files is enabled */
207 #ifndef TFM_ITS_AUTH_TAG_LENGTH
208 #define TFM_ITS_AUTH_TAG_LENGTH                16
209 #endif
210 
211 /* The size of the key used when authentication/encryption of ITS files is enabled */
212 #ifndef TFM_ITS_KEY_LENGTH
213 #define TFM_ITS_KEY_LENGTH                16
214 #endif
215 
216 /* The size of the nonce used when ITS file encryption is enabled */
217 #ifndef TFM_ITS_ENC_NONCE_LENGTH
218 #define TFM_ITS_ENC_NONCE_LENGTH               12
219 #endif
220 
221 /* PS Partition Configs */
222 
223 /* Create flash FS if it doesn't exist for Protected Storage partition */
224 #ifndef PS_CREATE_FLASH_LAYOUT
225 #define PS_CREATE_FLASH_LAYOUT                 1
226 #endif
227 
228 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
229 #ifndef PS_RAM_FS
230 #define PS_RAM_FS                              0
231 #endif
232 
233 /* Enable rollback protection for Protected Storage partition */
234 #ifndef PS_ROLLBACK_PROTECTION
235 #define PS_ROLLBACK_PROTECTION                 1
236 #endif
237 
238 /* Validate filesystem metadata every time it is read from flash */
239 #ifndef PS_VALIDATE_METADATA_FROM_FLASH
240 #define PS_VALIDATE_METADATA_FROM_FLASH        1
241 #endif
242 
243 /* The maximum asset size to be stored in the Protected Storage */
244 #ifndef PS_MAX_ASSET_SIZE
245 #define PS_MAX_ASSET_SIZE                      2048
246 #endif
247 
248 /* The maximum number of assets to be stored in the Protected Storage */
249 #ifndef PS_NUM_ASSETS
250 #define PS_NUM_ASSETS                          10
251 #endif
252 
253 /* The stack size of the Protected Storage Secure Partition */
254 #ifndef PS_STACK_SIZE
255 #define PS_STACK_SIZE                          0x700
256 #endif
257 
258 /* NS Agent Mailbox Partition Configs */
259 
260 /* The stack size of the NS Agent Mailbox Secure Partition */
261 #ifndef NS_AGENT_MAILBOX_STACK_SIZE
262 #define NS_AGENT_MAILBOX_STACK_SIZE            0x800
263 #endif
264 
265 /* SPM Configs */
266 
267 #ifdef CONFIG_TFM_CONNECTION_POOL_ENABLE
268 /* The maximal number of secure services that are connected or requested at the same time */
269 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
270 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM          8
271 #endif
272 #endif
273 
274 /* Disable the doorbell APIs */
275 #ifndef CONFIG_TFM_DOORBELL_API
276 #define CONFIG_TFM_DOORBELL_API                 0
277 #endif
278 
279 /* Do not run the scheduler after handling a secure interrupt if the NSPE was pre-empted */
280 #ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
281 #define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0
282 #endif
283 
284 /* Mask Non-Secure interrupts when executing in secure state. */
285 #ifndef CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT
286 #define CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT 0
287 #endif
288 
289 /* Enable OTP/NV_COUNTERS emulation in RAM */
290 #ifndef OTP_NV_COUNTERS_RAM_EMULATION
291 #define OTP_NV_COUNTERS_RAM_EMULATION           0
292 #endif
293 
294 #endif /* __CONFIG_BASE_H__ */
295