1 /* 2 * Copyright (c) 2022, Arm Limited. All rights reserved. 3 * Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon 4 * company) or an affiliate of Cypress Semiconductor Corporation. All rights 5 * reserved. 6 * 7 * SPDX-License-Identifier: BSD-3-Clause 8 * 9 */ 10 11 #ifndef __CONFIG_BASE_H__ 12 #define __CONFIG_BASE_H__ 13 14 /* Platform Partition Configs */ 15 16 /* Size of input buffer in platform service */ 17 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE 18 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 19 #endif 20 21 /* Size of output buffer in platform service */ 22 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 23 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 24 #endif 25 26 /* The stack size of the Platform Secure Partition */ 27 #ifndef PLATFORM_SP_STACK_SIZE 28 #define PLATFORM_SP_STACK_SIZE 0x500 29 #endif 30 31 /* Disable Non-volatile counter module */ 32 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED 33 #define PLATFORM_NV_COUNTER_MODULE_DISABLED 0 34 #endif 35 36 /* Crypto Partition Configs */ 37 38 /* 39 * Heap size for the crypto backend 40 * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module. 41 */ 42 #ifndef CRYPTO_ENGINE_BUF_SIZE 43 #define CRYPTO_ENGINE_BUF_SIZE 0x2080 44 #endif 45 46 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */ 47 #ifndef CRYPTO_CONC_OPER_NUM 48 #define CRYPTO_CONC_OPER_NUM 8 49 #endif 50 51 /* Enable PSA Crypto random number generator module */ 52 #ifndef CRYPTO_RNG_MODULE_ENABLED 53 #define CRYPTO_RNG_MODULE_ENABLED 1 54 #endif 55 56 /* Enable PSA Crypto Key module */ 57 #ifndef CRYPTO_KEY_MODULE_ENABLED 58 #define CRYPTO_KEY_MODULE_ENABLED 1 59 #endif 60 61 /* Enable PSA Crypto AEAD module */ 62 #ifndef CRYPTO_AEAD_MODULE_ENABLED 63 #define CRYPTO_AEAD_MODULE_ENABLED 1 64 #endif 65 66 /* Enable PSA Crypto MAC module */ 67 #ifndef CRYPTO_MAC_MODULE_ENABLED 68 #define CRYPTO_MAC_MODULE_ENABLED 1 69 #endif 70 71 /* Enable PSA Crypto Hash module */ 72 #ifndef CRYPTO_HASH_MODULE_ENABLED 73 #define CRYPTO_HASH_MODULE_ENABLED 1 74 #endif 75 76 /* Enable PSA Crypto Cipher module */ 77 #ifndef CRYPTO_CIPHER_MODULE_ENABLED 78 #define CRYPTO_CIPHER_MODULE_ENABLED 1 79 #endif 80 81 /* Enable PSA Crypto asymmetric key signature module */ 82 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED 83 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1 84 #endif 85 86 /* Enable PSA Crypto asymmetric key encryption module */ 87 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 88 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1 89 #endif 90 91 /* Enable PSA Crypto key derivation module */ 92 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED 93 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1 94 #endif 95 96 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */ 97 #ifndef CRYPTO_IOVEC_BUFFER_SIZE 98 #define CRYPTO_IOVEC_BUFFER_SIZE 5120 99 #endif 100 101 /* Use stored NV seed to provide entropy */ 102 #ifndef CRYPTO_NV_SEED 103 #define CRYPTO_NV_SEED 1 104 #endif 105 106 /* 107 * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers, 108 * to optimize memory footprint in resource-constrained devices. 109 */ 110 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED 111 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 112 #endif 113 114 /* The stack size of the Crypto Secure Partition */ 115 #ifndef CRYPTO_STACK_SIZE 116 #define CRYPTO_STACK_SIZE 0x1B00 117 #endif 118 119 /* FWU Partition Configs */ 120 121 /* Size of the FWU internal data transfer buffer */ 122 #ifndef TFM_FWU_BUF_SIZE 123 #define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE 124 #endif 125 126 /* The stack size of the Firmware Update Secure Partition */ 127 #ifndef FWU_STACK_SIZE 128 #define FWU_STACK_SIZE 0x600 129 #endif 130 131 /* Attest Partition Configs */ 132 133 /* Include optional claims in initial attestation token */ 134 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS 135 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1 136 #endif 137 138 /* Include COSE key-id in initial attestation token */ 139 #ifndef ATTEST_INCLUDE_COSE_KEY_ID 140 #define ATTEST_INCLUDE_COSE_KEY_ID 0 141 #endif 142 143 /* The stack size of the Initial Attestation Secure Partition */ 144 #ifndef ATTEST_STACK_SIZE 145 #define ATTEST_STACK_SIZE 0x700 146 #endif 147 148 /* Set the initial attestation token profile */ 149 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \ 150 (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \ 151 (!ATTEST_TOKEN_PROFILE_ARM_CCA) 152 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1 153 #endif 154 155 /* ITS Partition Configs */ 156 157 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */ 158 #ifndef ITS_CREATE_FLASH_LAYOUT 159 #define ITS_CREATE_FLASH_LAYOUT 1 160 #endif 161 162 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */ 163 #ifndef ITS_RAM_FS 164 #define ITS_RAM_FS 0 165 #endif 166 167 /* Validate filesystem metadata every time it is read from flash */ 168 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH 169 #define ITS_VALIDATE_METADATA_FROM_FLASH 1 170 #endif 171 172 /* The maximum asset size to be stored in the Internal Trusted Storage */ 173 #ifndef ITS_MAX_ASSET_SIZE 174 #define ITS_MAX_ASSET_SIZE 512 175 #endif 176 177 /* 178 * Size of the ITS internal data transfer buffer 179 * (Default to the max asset size so that all requests can be handled in one iteration.) 180 */ 181 #ifndef ITS_BUF_SIZE 182 #define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE 183 #endif 184 185 /* The maximum number of assets to be stored in the Internal Trusted Storage */ 186 #ifndef ITS_NUM_ASSETS 187 #define ITS_NUM_ASSETS 10 188 #endif 189 190 /* The stack size of the Internal Trusted Storage Secure Partition */ 191 #ifndef ITS_STACK_SIZE 192 #define ITS_STACK_SIZE 0x720 193 #endif 194 195 /* The size of the authentication tag used when authentication/encryption of ITS files is enabled */ 196 #ifndef TFM_ITS_AUTH_TAG_LENGTH 197 #define TFM_ITS_AUTH_TAG_LENGTH 16 198 #endif 199 200 /* The size of the nonce used when ITS file encryption is enabled */ 201 #ifndef TFM_ITS_ENC_NONCE_LENGTH 202 #define TFM_ITS_ENC_NONCE_LENGTH 12 203 #endif 204 205 /* PS Partition Configs */ 206 207 /* Create flash FS if it doesn't exist for Protected Storage partition */ 208 #ifndef PS_CREATE_FLASH_LAYOUT 209 #define PS_CREATE_FLASH_LAYOUT 1 210 #endif 211 212 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */ 213 #ifndef PS_RAM_FS 214 #define PS_RAM_FS 0 215 #endif 216 217 /* Enable rollback protection for Protected Storage partition */ 218 #ifndef PS_ROLLBACK_PROTECTION 219 #define PS_ROLLBACK_PROTECTION 1 220 #endif 221 222 /* Validate filesystem metadata every time it is read from flash */ 223 #ifndef PS_VALIDATE_METADATA_FROM_FLASH 224 #define PS_VALIDATE_METADATA_FROM_FLASH 1 225 #endif 226 227 /* The maximum asset size to be stored in the Protected Storage */ 228 #ifndef PS_MAX_ASSET_SIZE 229 #define PS_MAX_ASSET_SIZE 2048 230 #endif 231 232 /* The maximum number of assets to be stored in the Protected Storage */ 233 #ifndef PS_NUM_ASSETS 234 #define PS_NUM_ASSETS 10 235 #endif 236 237 /* The stack size of the Protected Storage Secure Partition */ 238 #ifndef PS_STACK_SIZE 239 #define PS_STACK_SIZE 0x700 240 #endif 241 242 /* The stack size of the NS Agent Mailbox Secure Partition */ 243 #ifndef NS_AGENT_MAILBOX_STACK_SIZE 244 #define NS_AGENT_MAILBOX_STACK_SIZE 0x800 245 #endif 246 247 /* SPM Partition Configs */ 248 249 #ifdef CONFIG_TFM_CONNECTION_POOL_ENABLE 250 /* The maximal number of secure services that are connected or requested at the same time */ 251 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM 252 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8 253 #endif 254 #endif 255 256 /* Disable the doorbell APIs */ 257 #ifndef CONFIG_TFM_DOORBELL_API 258 #define CONFIG_TFM_DOORBELL_API 0 259 #endif 260 261 /* Do not run the scheduler after handling a secure interrupt if the NSPE was pre-empted */ 262 #ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 263 #define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0 264 #endif 265 266 /* Enable OTP/NV_COUNTERS emulation in RAM */ 267 #ifndef OTP_NV_COUNTERS_RAM_EMULATION 268 #define OTP_NV_COUNTERS_RAM_EMULATION 0 269 #endif 270 271 #endif /* __CONFIG_BASE_H__ */ 272