aboutsummaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorIoannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>2021-06-15 12:37:02 +0200
committerDavid Hu <david.hu@arm.com>2021-06-17 07:54:33 +0200
commit829aa7581c148dde76fd1649e23dae926e1d9996 (patch)
treefda9dc3a99e3bd52943e5103522acd3c5e8c3a24 /config
parent5b64bb76e1dcfa0dd5bc501751a73d6ae17de2b5 (diff)
downloadtrusted-firmware-m-829aa7581c148dde76fd1649e23dae926e1d9996.tar.gz
partitions: crypto: introduce option to disable RNG independent of key derivation
We introduce a compile-time option to control whether to disable the API for tfm_crypto_generate_random, independent of the key derivation. In addition to that, the above API function is moved into its own source file. The change allows us to disable or enable the random number generation API function independent of whether we disable or enable the key derivation. This introduces some additional flexibility to the user, who can now enable the random number generation API while they can disable the key derivation API family. The change does not introduce behavioral changes. Change-Id: I7306caa38476ff1a67c918ddb9e5780e25cebd27 Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Diffstat (limited to 'config')
-rw-r--r--config/config_default.cmake1
1 files changed, 1 insertions, 0 deletions
diff --git a/config/config_default.cmake b/config/config_default.cmake
index b9f2215844..311b03002c 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -118,6 +118,7 @@ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Cryp
# CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
set(CRYPTO_ENGINE_BUF_SIZE 0x2080 CACHE STRING "Heap size for the crypto backend")
set(CRYPTO_CONC_OPER_NUM 8 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto")
+set(CRYPTO_RNG_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto random number generator module")
set(CRYPTO_KEY_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Key module")
set(CRYPTO_AEAD_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto AEAD module")
set(CRYPTO_MAC_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto MAC module")