1 /*
2  * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __CONFIG_PROFILE_MEDIUM_AROTLESS_H__
9 #define __CONFIG_PROFILE_MEDIUM_AROTLESS_H__
10 
11 /* Platform Partition Configs */
12 
13 /* Size of input buffer in platform service */
14 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
15 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE     64
16 #endif
17 
18 /* Size of output buffer in platform service */
19 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
20 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE    64
21 #endif
22 
23 /* The stack size of the Platform Secure Partition */
24 #ifndef PLATFORM_SP_STACK_SIZE
25 #define PLATFORM_SP_STACK_SIZE                 0x500
26 #endif
27 
28 /* Disable Non-volatile counter module */
29 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
30 #define PLATFORM_NV_COUNTER_MODULE_DISABLED    0
31 #endif
32 
33 /* Crypto Partition Configs */
34 
35 /*
36  * Heap size for the crypto backend
37  * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
38  */
39 #ifndef CRYPTO_ENGINE_BUF_SIZE
40 #define CRYPTO_ENGINE_BUF_SIZE                 0x2080
41 #endif
42 
43 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
44 #ifndef CRYPTO_CONC_OPER_NUM
45 #define CRYPTO_CONC_OPER_NUM                   8
46 #endif
47 
48 /* Enable PSA Crypto random number generator module */
49 #ifndef CRYPTO_RNG_MODULE_ENABLED
50 #define CRYPTO_RNG_MODULE_ENABLED              1
51 #endif
52 
53 /* Enable PSA Crypto Key module */
54 #ifndef CRYPTO_KEY_MODULE_ENABLED
55 #define CRYPTO_KEY_MODULE_ENABLED              1
56 #endif
57 
58 /* Enable PSA Crypto AEAD module */
59 #ifndef CRYPTO_AEAD_MODULE_ENABLED
60 #define CRYPTO_AEAD_MODULE_ENABLED             1
61 #endif
62 
63 /* Enable PSA Crypto MAC module */
64 #ifndef CRYPTO_MAC_MODULE_ENABLED
65 #define CRYPTO_MAC_MODULE_ENABLED              1
66 #endif
67 
68 /* Enable PSA Crypto Hash module */
69 #ifndef CRYPTO_HASH_MODULE_ENABLED
70 #define CRYPTO_HASH_MODULE_ENABLED             1
71 #endif
72 
73 /* Enable PSA Crypto Cipher module */
74 #ifndef CRYPTO_CIPHER_MODULE_ENABLED
75 #define CRYPTO_CIPHER_MODULE_ENABLED           0
76 #endif
77 
78 /* Enable PSA Crypto asymmetric key signature module */
79 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
80 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED        1
81 #endif
82 
83 /* Enable PSA Crypto asymmetric key encryption module */
84 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
85 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED     0
86 #endif
87 
88 /* Enable PSA Crypto key derivation module */
89 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
90 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED   1
91 #endif
92 
93 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
94 #ifndef CRYPTO_IOVEC_BUFFER_SIZE
95 #define CRYPTO_IOVEC_BUFFER_SIZE               5120
96 #endif
97 
98 /* Use stored NV seed to provide entropy */
99 #ifndef CRYPTO_NV_SEED
100 #define CRYPTO_NV_SEED                         1
101 #endif
102 
103 /*
104  * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
105  * to optimize memory footprint in resource-constrained devices.
106  */
107 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
108 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED      0
109 #endif
110 
111 /* The stack size of the Crypto Secure Partition */
112 #ifndef CRYPTO_STACK_SIZE
113 #define CRYPTO_STACK_SIZE                      0x1B00
114 #endif
115 
116 /* FWU Partition Configs */
117 
118 /* Size of the FWU internal data transfer buffer */
119 #ifndef TFM_FWU_BUF_SIZE
120 #define TFM_FWU_BUF_SIZE                       PSA_FWU_MAX_WRITE_SIZE
121 #endif
122 
123 /* The stack size of the Firmware Update Secure Partition */
124 #ifndef FWU_STACK_SIZE
125 #define FWU_STACK_SIZE                         0x600
126 #endif
127 
128 /* Attest Partition Configs */
129 
130 /* Include optional claims in initial attestation token */
131 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
132 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS         0
133 #endif
134 
135 /* Include COSE key-id in initial attestation token */
136 #ifndef ATTEST_INCLUDE_COSE_KEY_ID
137 #define ATTEST_INCLUDE_COSE_KEY_ID             0
138 #endif
139 
140 /* The stack size of the Initial Attestation Secure Partition */
141 #ifndef ATTEST_STACK_SIZE
142 #define ATTEST_STACK_SIZE                      0x700
143 #endif
144 
145 /* Set the initial attestation token profile */
146 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
147     (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
148     (!ATTEST_TOKEN_PROFILE_ARM_CCA)
149 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1         1
150 #endif
151 
152 /* ITS Partition Configs */
153 
154 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
155 #ifndef ITS_CREATE_FLASH_LAYOUT
156 #define ITS_CREATE_FLASH_LAYOUT                1
157 #endif
158 
159 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
160 #ifndef ITS_RAM_FS
161 #define ITS_RAM_FS                             0
162 #endif
163 
164 /* Validate filesystem metadata every time it is read from flash */
165 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH
166 #define ITS_VALIDATE_METADATA_FROM_FLASH       1
167 #endif
168 
169 /* The maximum asset size to be stored in the Internal Trusted Storage */
170 #ifndef ITS_MAX_ASSET_SIZE
171 #define ITS_MAX_ASSET_SIZE                     512
172 #endif
173 
174 /* Size of the ITS internal data transfer buffer */
175 #ifndef ITS_BUF_SIZE
176 #define ITS_BUF_SIZE                           32
177 #endif
178 
179 /* The maximum number of assets to be stored in the Internal Trusted Storage */
180 #ifndef ITS_NUM_ASSETS
181 #define ITS_NUM_ASSETS                         10
182 #endif
183 
184 /* The stack size of the Internal Trusted Storage Secure Partition */
185 #ifndef ITS_STACK_SIZE
186 #define ITS_STACK_SIZE                         0x720
187 #endif
188 
189 /* PS Partition Configs */
190 
191 /* Create flash FS if it doesn't exist for Protected Storage partition */
192 #ifndef PS_CREATE_FLASH_LAYOUT
193 #define PS_CREATE_FLASH_LAYOUT                 1
194 #endif
195 
196 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
197 #ifndef PS_RAM_FS
198 #define PS_RAM_FS                              0
199 #endif
200 
201 /* Enable rollback protection for Protected Storage partition */
202 #ifndef PS_ROLLBACK_PROTECTION
203 #define PS_ROLLBACK_PROTECTION                 1
204 #endif
205 
206 /* Validate filesystem metadata every time it is read from flash */
207 #ifndef PS_VALIDATE_METADATA_FROM_FLASH
208 #define PS_VALIDATE_METADATA_FROM_FLASH        1
209 #endif
210 
211 /* The maximum asset size to be stored in the Protected Storage */
212 #ifndef PS_MAX_ASSET_SIZE
213 #define PS_MAX_ASSET_SIZE                      2048
214 #endif
215 
216 /* The maximum number of assets to be stored in the Protected Storage */
217 #ifndef PS_NUM_ASSETS
218 #define PS_NUM_ASSETS                          10
219 #endif
220 
221 /* The stack size of the Protected Storage Secure Partition */
222 #ifndef PS_STACK_SIZE
223 #define PS_STACK_SIZE                          0x700
224 #endif
225 
226 /* The stack size of the NS Agent Mailbox Secure Partition */
227 #ifndef NS_AGENT_MAILBOX_STACK_SIZE
228 #define NS_AGENT_MAILBOX_STACK_SIZE            0x800
229 #endif
230 
231 /* SPM Partition Configs */
232 
233 #ifdef CONFIG_TFM_CONNECTION_POOL_ENABLE
234 /* The maximal number of secure services that are connected or requested at the same time */
235 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
236 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM         8
237 #endif
238 #endif
239 
240 /* Disable the doorbell APIs */
241 #ifndef CONFIG_TFM_DOORBELL_API
242 #define CONFIG_TFM_DOORBELL_API                0
243 #endif
244 
245 #endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
246