1 /* 2 * Copyright (c) 2022-2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 * 6 */ 7 8 #ifndef __CONFIG_PROFILE_LARGE_H__ 9 #define __CONFIG_PROFILE_LARGE_H__ 10 11 /* Platform Partition Configs */ 12 13 /* Size of input buffer in platform service */ 14 #ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE 15 #define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64 16 #endif 17 18 /* Size of output buffer in platform service */ 19 #ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 20 #define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64 21 #endif 22 23 /* The stack size of the Platform Secure Partition */ 24 #ifndef PLATFORM_SP_STACK_SIZE 25 #define PLATFORM_SP_STACK_SIZE 0x500 26 #endif 27 28 /* Disable Non-volatile counter module */ 29 #ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED 30 #define PLATFORM_NV_COUNTER_MODULE_DISABLED 0 31 #endif 32 33 /* Crypto Partition Configs */ 34 35 /* 36 * The service assumes that the client interface and internal 37 * interface towards the library that provides the PSA Crypto 38 * core component maintain the same ABI. This is not the default 39 * when using the Mbed TLS reference implementation 40 */ 41 #ifndef CRYPTO_LIBRARY_ABI_COMPAT 42 #define CRYPTO_LIBRARY_ABI_COMPAT (0) 43 #endif 44 45 /* 46 * Heap size for the crypto backend. This is statically allocated 47 * inside the Crypto service and used as heap through the default 48 * Mbed TLS allocator 49 */ 50 #ifndef CRYPTO_ENGINE_BUF_SIZE 51 #define CRYPTO_ENGINE_BUF_SIZE 0x3000 52 #endif 53 54 /* The max number of concurrent operations that can be active (allocated) at any time in Crypto */ 55 #ifndef CRYPTO_CONC_OPER_NUM 56 #define CRYPTO_CONC_OPER_NUM 8 57 #endif 58 59 /* Enable PSA Crypto random number generator module */ 60 #ifndef CRYPTO_RNG_MODULE_ENABLED 61 #define CRYPTO_RNG_MODULE_ENABLED 1 62 #endif 63 64 /* Enable PSA Crypto Key module */ 65 #ifndef CRYPTO_KEY_MODULE_ENABLED 66 #define CRYPTO_KEY_MODULE_ENABLED 1 67 #endif 68 69 /* Enable PSA Crypto AEAD module */ 70 #ifndef CRYPTO_AEAD_MODULE_ENABLED 71 #define CRYPTO_AEAD_MODULE_ENABLED 1 72 #endif 73 74 /* Enable PSA Crypto MAC module */ 75 #ifndef CRYPTO_MAC_MODULE_ENABLED 76 #define CRYPTO_MAC_MODULE_ENABLED 1 77 #endif 78 79 /* Enable PSA Crypto Hash module */ 80 #ifndef CRYPTO_HASH_MODULE_ENABLED 81 #define CRYPTO_HASH_MODULE_ENABLED 1 82 #endif 83 84 /* Enable PSA Crypto Cipher module */ 85 #ifndef CRYPTO_CIPHER_MODULE_ENABLED 86 #define CRYPTO_CIPHER_MODULE_ENABLED 1 87 #endif 88 89 /* Enable PSA Crypto asymmetric key signature module */ 90 #ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED 91 #define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1 92 #endif 93 94 /* Enable PSA Crypto asymmetric key encryption module */ 95 #ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 96 #define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1 97 #endif 98 99 /* Enable PSA Crypto key derivation module */ 100 #ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED 101 #define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1 102 #endif 103 104 /* Default size of the internal scratch buffer used for PSA FF IOVec allocations */ 105 #ifndef CRYPTO_IOVEC_BUFFER_SIZE 106 #define CRYPTO_IOVEC_BUFFER_SIZE 5120 107 #endif 108 109 /* Use stored NV seed to provide entropy */ 110 #ifndef CRYPTO_NV_SEED 111 #define CRYPTO_NV_SEED 1 112 #endif 113 114 /* Use external RNG to provide entropy */ 115 #ifndef CRYPTO_EXT_RNG 116 #define CRYPTO_EXT_RNG 0 117 #endif 118 119 /* 120 * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers, 121 * to optimize memory footprint in resource-constrained devices. 122 */ 123 #ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED 124 #define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0 125 #endif 126 127 /* The stack size of the Crypto Secure Partition */ 128 #ifndef CRYPTO_STACK_SIZE 129 #define CRYPTO_STACK_SIZE 0x1800 130 #endif 131 132 /* FWU Partition Configs */ 133 134 /* Size of the FWU internal data transfer buffer */ 135 #ifndef TFM_FWU_BUF_SIZE 136 #define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE 137 #endif 138 139 /* The stack size of the Firmware Update Secure Partition */ 140 #ifndef FWU_STACK_SIZE 141 #define FWU_STACK_SIZE 0x600 142 #endif 143 144 /* Attest Partition Configs */ 145 146 /* Include optional claims in initial attestation token */ 147 #ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS 148 #define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1 149 #endif 150 151 /* Include COSE key-id in initial attestation token */ 152 #ifndef ATTEST_INCLUDE_COSE_KEY_ID 153 #define ATTEST_INCLUDE_COSE_KEY_ID 0 154 #endif 155 156 /* The stack size of the Initial Attestation Secure Partition */ 157 #ifndef ATTEST_STACK_SIZE 158 #define ATTEST_STACK_SIZE 0x700 159 #endif 160 161 /* Set the initial attestation token profile */ 162 #if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \ 163 (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \ 164 (!ATTEST_TOKEN_PROFILE_ARM_CCA) 165 #define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1 166 #endif 167 168 /* ITS Partition Configs */ 169 170 /* Create flash FS if it doesn't exist for Internal Trusted Storage partition */ 171 #ifndef ITS_CREATE_FLASH_LAYOUT 172 #define ITS_CREATE_FLASH_LAYOUT 1 173 #endif 174 175 /* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */ 176 #ifndef ITS_RAM_FS 177 #define ITS_RAM_FS 0 178 #endif 179 180 /* Validate filesystem metadata every time it is read from flash */ 181 #ifndef ITS_VALIDATE_METADATA_FROM_FLASH 182 #define ITS_VALIDATE_METADATA_FROM_FLASH 1 183 #endif 184 185 /* The maximum asset size to be stored in the Internal Trusted Storage */ 186 #ifndef ITS_MAX_ASSET_SIZE 187 #define ITS_MAX_ASSET_SIZE 512 188 #endif 189 /* 190 * Size of the ITS internal data transfer buffer 191 * (Default to the max asset size so that all requests can be handled in one iteration.) 192 */ 193 #ifndef ITS_BUF_SIZE 194 #define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE 195 #endif 196 197 /* The maximum number of assets to be stored in the Internal Trusted Storage */ 198 #ifndef ITS_NUM_ASSETS 199 #define ITS_NUM_ASSETS 10 200 #endif 201 202 /* The stack size of the Internal Trusted Storage Secure Partition */ 203 #ifndef ITS_STACK_SIZE 204 #ifndef ITS_ENCRYPTION 205 #define ITS_STACK_SIZE 0x720 206 #else 207 #define ITS_STACK_SIZE 0xC00 208 #endif 209 #endif 210 211 /* PS Partition Configs */ 212 213 /* Create flash FS if it doesn't exist for Protected Storage partition */ 214 #ifndef PS_CREATE_FLASH_LAYOUT 215 #define PS_CREATE_FLASH_LAYOUT 1 216 #endif 217 218 /* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */ 219 #ifndef PS_RAM_FS 220 #define PS_RAM_FS 0 221 #endif 222 223 /* Enable rollback protection for Protected Storage partition */ 224 #ifndef PS_ROLLBACK_PROTECTION 225 #define PS_ROLLBACK_PROTECTION 1 226 #endif 227 228 /* Validate filesystem metadata every time it is read from flash */ 229 #ifndef PS_VALIDATE_METADATA_FROM_FLASH 230 #define PS_VALIDATE_METADATA_FROM_FLASH 1 231 #endif 232 233 /* The maximum asset size to be stored in the Protected Storage */ 234 #ifndef PS_MAX_ASSET_SIZE 235 #define PS_MAX_ASSET_SIZE 2048 236 #endif 237 238 /* The maximum number of assets to be stored in the Protected Storage */ 239 #ifndef PS_NUM_ASSETS 240 #define PS_NUM_ASSETS 10 241 #endif 242 243 /* The stack size of the Protected Storage Secure Partition */ 244 #ifndef PS_STACK_SIZE 245 #define PS_STACK_SIZE 0x700 246 #endif 247 248 /* The stack size of the NS Agent Mailbox Secure Partition */ 249 #ifndef NS_AGENT_MAILBOX_STACK_SIZE 250 #define NS_AGENT_MAILBOX_STACK_SIZE 0x800 251 #endif 252 253 /* SPM Partition Configs */ 254 255 /* The maximal number of secure services that are connected or requested at the same time */ 256 #ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM 257 #define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8 258 #endif 259 260 /* Enable the doorbell APIs */ 261 #ifndef CONFIG_TFM_DOORBELL_API 262 #define CONFIG_TFM_DOORBELL_API 1 263 #endif 264 265 #endif /* __CONFIG_PROFILE_LARGE_H__ */ 266
