1 /*
2  * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
3  * Copyright (c) 2023-2024 Cypress Semiconductor Corporation (an Infineon
4  * company) or an affiliate of Cypress Semiconductor Corporation. All rights
5  * reserved.
6  *
7  * SPDX-License-Identifier: BSD-3-Clause
8  *
9  */
10 
11 #ifndef __CONFIG_BASE_H__
12 #define __CONFIG_BASE_H__
13 
14 /* Platform Partition Configs */
15 
16 /* Size of input buffer in platform service */
17 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
18 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE     64
19 #endif
20 
21 /* Size of output buffer in platform service */
22 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
23 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE    64
24 #endif
25 
26 /* The stack size of the Platform Secure Partition */
27 #ifndef PLATFORM_SP_STACK_SIZE
28 #define PLATFORM_SP_STACK_SIZE                 0x500
29 #endif
30 
31 /* Disable Non-volatile counter module */
32 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
33 #define PLATFORM_NV_COUNTER_MODULE_DISABLED    0
34 #endif
35 
36 /* Crypto Partition Configs */
37 
38 /*
39  * Heap size for the crypto backend
40  * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
41  */
42 #ifndef CRYPTO_ENGINE_BUF_SIZE
43 #define CRYPTO_ENGINE_BUF_SIZE                 0x2080
44 #endif
45 
46 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
47 #ifndef CRYPTO_CONC_OPER_NUM
48 #define CRYPTO_CONC_OPER_NUM                   8
49 #endif
50 
51 /* Enable PSA Crypto random number generator module */
52 #ifndef CRYPTO_RNG_MODULE_ENABLED
53 #define CRYPTO_RNG_MODULE_ENABLED              1
54 #endif
55 
56 /* Enable PSA Crypto Key module */
57 #ifndef CRYPTO_KEY_MODULE_ENABLED
58 #define CRYPTO_KEY_MODULE_ENABLED              1
59 #endif
60 
61 /* Enable PSA Crypto AEAD module */
62 #ifndef CRYPTO_AEAD_MODULE_ENABLED
63 #define CRYPTO_AEAD_MODULE_ENABLED             1
64 #endif
65 
66 /* Enable PSA Crypto MAC module */
67 #ifndef CRYPTO_MAC_MODULE_ENABLED
68 #define CRYPTO_MAC_MODULE_ENABLED              1
69 #endif
70 
71 /* Enable PSA Crypto Hash module */
72 #ifndef CRYPTO_HASH_MODULE_ENABLED
73 #define CRYPTO_HASH_MODULE_ENABLED             1
74 #endif
75 
76 /* Enable PSA Crypto Cipher module */
77 #ifndef CRYPTO_CIPHER_MODULE_ENABLED
78 #define CRYPTO_CIPHER_MODULE_ENABLED           1
79 #endif
80 
81 /* Enable PSA Crypto asymmetric key signature module */
82 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
83 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED        1
84 #endif
85 
86 /* Enable PSA Crypto asymmetric key encryption module */
87 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
88 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED     1
89 #endif
90 
91 /* Enable PSA Crypto key derivation module */
92 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
93 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED   1
94 #endif
95 
96 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
97 #ifndef CRYPTO_IOVEC_BUFFER_SIZE
98 #define CRYPTO_IOVEC_BUFFER_SIZE               5120
99 #endif
100 
101 /* Use stored NV seed to provide entropy */
102 #ifndef CRYPTO_NV_SEED
103 #define CRYPTO_NV_SEED                         1
104 #endif
105 
106 /*
107  * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
108  * to optimize memory footprint in resource-constrained devices.
109  */
110 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
111 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED      0
112 #endif
113 
114 /* The stack size of the Crypto Secure Partition */
115 #ifndef CRYPTO_STACK_SIZE
116 #define CRYPTO_STACK_SIZE                      0x1B00
117 #endif
118 
119 /* FWU Partition Configs */
120 
121 /* Size of the FWU internal data transfer buffer */
122 #ifndef TFM_FWU_BUF_SIZE
123 #define TFM_FWU_BUF_SIZE                       PSA_FWU_MAX_WRITE_SIZE
124 #endif
125 
126 /* The stack size of the Firmware Update Secure Partition */
127 #ifndef FWU_STACK_SIZE
128 #define FWU_STACK_SIZE                         0x600
129 #endif
130 
131 /* Attest Partition Configs */
132 
133 /* Include optional claims in initial attestation token */
134 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
135 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS         1
136 #endif
137 
138 /* Include COSE key-id in initial attestation token */
139 #ifndef ATTEST_INCLUDE_COSE_KEY_ID
140 #define ATTEST_INCLUDE_COSE_KEY_ID             0
141 #endif
142 
143 /* The stack size of the Initial Attestation Secure Partition */
144 #ifndef ATTEST_STACK_SIZE
145 #define ATTEST_STACK_SIZE                      0x700
146 #endif
147 
148 /* Set the initial attestation token profile */
149 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
150     (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
151     (!ATTEST_TOKEN_PROFILE_ARM_CCA)
152 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1         1
153 #endif
154 
155 /* ITS Partition Configs */
156 
157 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
158 #ifndef ITS_CREATE_FLASH_LAYOUT
159 #define ITS_CREATE_FLASH_LAYOUT                1
160 #endif
161 
162 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
163 #ifndef ITS_RAM_FS
164 #define ITS_RAM_FS                             0
165 #endif
166 
167 /* Validate filesystem metadata every time it is read from flash */
168 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH
169 #define ITS_VALIDATE_METADATA_FROM_FLASH       1
170 #endif
171 
172 /* The maximum asset size to be stored in the Internal Trusted Storage */
173 #ifndef ITS_MAX_ASSET_SIZE
174 #define ITS_MAX_ASSET_SIZE                     512
175 #endif
176 
177 /*
178  * Size of the ITS internal data transfer buffer
179  * (Default to the max asset size so that all requests can be handled in one iteration.)
180  */
181 #ifndef ITS_BUF_SIZE
182 #define ITS_BUF_SIZE                           ITS_MAX_ASSET_SIZE
183 #endif
184 
185 /* The maximum number of assets to be stored in the Internal Trusted Storage */
186 #ifndef ITS_NUM_ASSETS
187 #define ITS_NUM_ASSETS                         10
188 #endif
189 
190 /* The stack size of the Internal Trusted Storage Secure Partition */
191 #ifndef ITS_STACK_SIZE
192 #define ITS_STACK_SIZE                         0x720
193 #endif
194 
195 /* The size of the authentication tag used when authentication/encryption of ITS files is enabled */
196 #ifndef TFM_ITS_AUTH_TAG_LENGTH
197 #define TFM_ITS_AUTH_TAG_LENGTH                16
198 #endif
199 
200 /* The size of the nonce used when ITS file encryption is enabled */
201 #ifndef TFM_ITS_ENC_NONCE_LENGTH
202 #define TFM_ITS_ENC_NONCE_LENGTH               12
203 #endif
204 
205 /* PS Partition Configs */
206 
207 /* Create flash FS if it doesn't exist for Protected Storage partition */
208 #ifndef PS_CREATE_FLASH_LAYOUT
209 #define PS_CREATE_FLASH_LAYOUT                 1
210 #endif
211 
212 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
213 #ifndef PS_RAM_FS
214 #define PS_RAM_FS                              0
215 #endif
216 
217 /* Enable rollback protection for Protected Storage partition */
218 #ifndef PS_ROLLBACK_PROTECTION
219 #define PS_ROLLBACK_PROTECTION                 1
220 #endif
221 
222 /* Validate filesystem metadata every time it is read from flash */
223 #ifndef PS_VALIDATE_METADATA_FROM_FLASH
224 #define PS_VALIDATE_METADATA_FROM_FLASH        1
225 #endif
226 
227 /* The maximum asset size to be stored in the Protected Storage */
228 #ifndef PS_MAX_ASSET_SIZE
229 #define PS_MAX_ASSET_SIZE                      2048
230 #endif
231 
232 /* The maximum number of assets to be stored in the Protected Storage */
233 #ifndef PS_NUM_ASSETS
234 #define PS_NUM_ASSETS                          10
235 #endif
236 
237 /* The stack size of the Protected Storage Secure Partition */
238 #ifndef PS_STACK_SIZE
239 #define PS_STACK_SIZE                          0x700
240 #endif
241 
242 /* NS Agent Mailbox Partition Configs */
243 
244 /* The stack size of the NS Agent Mailbox Secure Partition */
245 #ifndef NS_AGENT_MAILBOX_STACK_SIZE
246 #define NS_AGENT_MAILBOX_STACK_SIZE            0x800
247 #endif
248 
249 /* SPM Configs */
250 
251 #ifdef CONFIG_TFM_CONNECTION_POOL_ENABLE
252 /* The maximal number of secure services that are connected or requested at the same time */
253 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
254 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM          8
255 #endif
256 #endif
257 
258 /* Disable the doorbell APIs */
259 #ifndef CONFIG_TFM_DOORBELL_API
260 #define CONFIG_TFM_DOORBELL_API                 0
261 #endif
262 
263 /* Do not run the scheduler after handling a secure interrupt if the NSPE was pre-empted */
264 #ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
265 #define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0
266 #endif
267 
268 /* Mask Non-Secure interrupts when executing in secure state. */
269 #ifndef CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT
270 #define CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT 0
271 #endif
272 
273 /* Enable OTP/NV_COUNTERS emulation in RAM */
274 #ifndef OTP_NV_COUNTERS_RAM_EMULATION
275 #define OTP_NV_COUNTERS_RAM_EMULATION           0
276 #endif
277 
278 #endif /* __CONFIG_BASE_H__ */
279