1 /*
2  * Copyright (c) 2022, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #ifndef __CONFIG_PROFILE_SMALL_H__
9 #define __CONFIG_PROFILE_SMALL_H__
10 
11 /* Platform Partition Configs */
12 
13 /* Size of input buffer in platform service */
14 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
15 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE     64
16 #endif
17 
18 /* Size of output buffer in platform service */
19 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
20 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE    64
21 #endif
22 
23 /* The stack size of the Platform Secure Partition */
24 #ifndef PLATFORM_SP_STACK_SIZE
25 #define PLATFORM_SP_STACK_SIZE                 0x500
26 #endif
27 
28 /* Disable Non-volatile counter module */
29 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
30 #define PLATFORM_NV_COUNTER_MODULE_DISABLED    0
31 #endif
32 
33 /* Crypto Partition Configs */
34 
35 /* Heap size for the crypto backend */
36 #ifndef CRYPTO_ENGINE_BUF_SIZE
37 #define CRYPTO_ENGINE_BUF_SIZE                 0x400
38 #endif
39 
40 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
41 #ifndef CRYPTO_CONC_OPER_NUM
42 #define CRYPTO_CONC_OPER_NUM                   4
43 #endif
44 
45 /* Enable PSA Crypto random number generator module */
46 #ifndef CRYPTO_RNG_MODULE_ENABLED
47 #define CRYPTO_RNG_MODULE_ENABLED              1
48 #endif
49 
50 /* Enable PSA Crypto Key module */
51 #ifndef CRYPTO_KEY_MODULE_ENABLED
52 #define CRYPTO_KEY_MODULE_ENABLED              1
53 #endif
54 
55 /* Enable PSA Crypto AEAD module */
56 #ifndef CRYPTO_AEAD_MODULE_ENABLED
57 #define CRYPTO_AEAD_MODULE_ENABLED             1
58 #endif
59 
60 /* Enable PSA Crypto MAC module */
61 #ifndef CRYPTO_MAC_MODULE_ENABLED
62 #define CRYPTO_MAC_MODULE_ENABLED              1
63 #endif
64 
65 /* Enable PSA Crypto Hash module */
66 #ifndef CRYPTO_HASH_MODULE_ENABLED
67 #define CRYPTO_HASH_MODULE_ENABLED             1
68 #endif
69 
70 /* Enable PSA Crypto Cipher module */
71 #ifndef CRYPTO_CIPHER_MODULE_ENABLED
72 #define CRYPTO_CIPHER_MODULE_ENABLED           0
73 #endif
74 
75 /* Enable PSA Crypto asymmetric key signature module */
76 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
77 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED        0
78 #endif
79 
80 /* Enable PSA Crypto asymmetric key encryption module */
81 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
82 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED     0
83 #endif
84 
85 /* Enable PSA Crypto key derivation module */
86 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
87 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED   1
88 #endif
89 
90 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
91 #ifndef CRYPTO_IOVEC_BUFFER_SIZE
92 #define CRYPTO_IOVEC_BUFFER_SIZE               5120
93 #endif
94 
95 /* Use stored NV seed to provide entropy */
96 #ifndef CRYPTO_NV_SEED
97 #define CRYPTO_NV_SEED                         1
98 #endif
99 
100 /*
101  * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
102  * to optimize memory footprint in resource-constrained devices.
103  */
104 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
105 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED      1
106 #endif
107 
108 /* The stack size of the Crypto Secure Partition */
109 #ifndef CRYPTO_STACK_SIZE
110 #define CRYPTO_STACK_SIZE                      0x1B00
111 #endif
112 
113 /* FWU Partition Configs */
114 
115 /* Size of the FWU internal data transfer buffer */
116 #ifndef TFM_FWU_BUF_SIZE
117 #define TFM_FWU_BUF_SIZE                       PSA_FWU_MAX_WRITE_SIZE
118 #endif
119 
120 /* The stack size of the Firmware Update Secure Partition */
121 #ifndef FWU_STACK_SIZE
122 #define FWU_STACK_SIZE                         0x600
123 #endif
124 
125 /* Attest Partition Configs */
126 
127 /* Include optional claims in initial attestation token */
128 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
129 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS         0
130 #endif
131 
132 /* Include COSE key-id in initial attestation token */
133 #ifndef ATTEST_INCLUDE_COSE_KEY_ID
134 #define ATTEST_INCLUDE_COSE_KEY_ID             0
135 #endif
136 
137 /* The stack size of the Initial Attestation Secure Partition */
138 #ifndef ATTEST_STACK_SIZE
139 #define ATTEST_STACK_SIZE                      0x700
140 #endif
141 
142 /* Set the initial attestation token profile */
143 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
144     (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
145     (!ATTEST_TOKEN_PROFILE_ARM_CCA)
146 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1         1
147 #endif
148 
149 /* ITS Partition Configs */
150 
151 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
152 #ifndef ITS_CREATE_FLASH_LAYOUT
153 #define ITS_CREATE_FLASH_LAYOUT                1
154 #endif
155 
156 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
157 #ifndef ITS_RAM_FS
158 #define ITS_RAM_FS                             0
159 #endif
160 
161 /* Validate filesystem metadata every time it is read from flash */
162 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH
163 #define ITS_VALIDATE_METADATA_FROM_FLASH       1
164 #endif
165 
166 /* The maximum asset size to be stored in the Internal Trusted Storage */
167 #ifndef ITS_MAX_ASSET_SIZE
168 #define ITS_MAX_ASSET_SIZE                     512
169 #endif
170 
171 /* Size of the ITS internal data transfer buffer */
172 #ifndef ITS_BUF_SIZE
173 #define ITS_BUF_SIZE                           32
174 #endif
175 
176 /* The maximum number of assets to be stored in the Internal Trusted Storage */
177 #ifndef ITS_NUM_ASSETS
178 #define ITS_NUM_ASSETS                         10
179 #endif
180 
181 /* The stack size of the Internal Trusted Storage Secure Partition */
182 #ifndef ITS_STACK_SIZE
183 #define ITS_STACK_SIZE                         0x720
184 #endif
185 
186 /* PS Partition Configs */
187 
188 /* Create flash FS if it doesn't exist for Protected Storage partition */
189 #ifndef PS_CREATE_FLASH_LAYOUT
190 #define PS_CREATE_FLASH_LAYOUT                 1
191 #endif
192 
193 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
194 #ifndef PS_RAM_FS
195 #define PS_RAM_FS                              0
196 #endif
197 
198 /* Enable rollback protection for Protected Storage partition */
199 #ifndef PS_ROLLBACK_PROTECTION
200 #define PS_ROLLBACK_PROTECTION                 1
201 #endif
202 
203 /* Validate filesystem metadata every time it is read from flash */
204 #ifndef PS_VALIDATE_METADATA_FROM_FLASH
205 #define PS_VALIDATE_METADATA_FROM_FLASH        1
206 #endif
207 
208 /* The maximum asset size to be stored in the Protected Storage */
209 #ifndef PS_MAX_ASSET_SIZE
210 #define PS_MAX_ASSET_SIZE                      2048
211 #endif
212 
213 /* The maximum number of assets to be stored in the Protected Storage */
214 #ifndef PS_NUM_ASSETS
215 #define PS_NUM_ASSETS                          10
216 #endif
217 
218 /* The stack size of the Protected Storage Secure Partition */
219 #ifndef PS_STACK_SIZE
220 #define PS_STACK_SIZE                          0x700
221 #endif
222 
223 /* The stack size of the NS Agent Mailbox Secure Partition */
224 #ifndef NS_AGENT_MAILBOX_STACK_SIZE
225 #define NS_AGENT_MAILBOX_STACK_SIZE            0x800
226 #endif
227 
228 /* SPM Partition Configs */
229 
230 /* Disable the doorbell APIs */
231 #ifndef CONFIG_TFM_DOORBELL_API
232 #define CONFIG_TFM_DOORBELL_API                0
233 #endif
234 
235 #endif /* __CONFIG_PROFILE_SMALL_H__ */
236