diff options
author | Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> | 2021-06-15 12:37:02 +0200 |
---|---|---|
committer | David Hu <david.hu@arm.com> | 2021-06-17 07:54:33 +0200 |
commit | 829aa7581c148dde76fd1649e23dae926e1d9996 (patch) | |
tree | fda9dc3a99e3bd52943e5103522acd3c5e8c3a24 /config | |
parent | 5b64bb76e1dcfa0dd5bc501751a73d6ae17de2b5 (diff) | |
download | trusted-firmware-m-829aa7581c148dde76fd1649e23dae926e1d9996.tar.gz |
partitions: crypto: introduce option to disable RNG independent of key derivation
We introduce a compile-time option to control whether to disable
the API for tfm_crypto_generate_random, independent of the key
derivation. In addition to that, the above API function is moved
into its own source file.
The change allows us to disable or enable the random number
generation API function independent of whether we disable or
enable the key derivation. This introduces some additional
flexibility to the user, who can now enable the random number
generation API while they can disable the key derivation API
family.
The change does not introduce behavioral changes.
Change-Id: I7306caa38476ff1a67c918ddb9e5780e25cebd27
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Diffstat (limited to 'config')
-rw-r--r-- | config/config_default.cmake | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/config/config_default.cmake b/config/config_default.cmake index b9f2215844..311b03002c 100644 --- a/config/config_default.cmake +++ b/config/config_default.cmake @@ -118,6 +118,7 @@ set(TFM_PARTITION_CRYPTO ON CACHE BOOL "Enable Cryp # CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module. set(CRYPTO_ENGINE_BUF_SIZE 0x2080 CACHE STRING "Heap size for the crypto backend") set(CRYPTO_CONC_OPER_NUM 8 CACHE STRING "The max number of concurrent operations that can be active (allocated) at any time in Crypto") +set(CRYPTO_RNG_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto random number generator module") set(CRYPTO_KEY_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto Key module") set(CRYPTO_AEAD_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto AEAD module") set(CRYPTO_MAC_MODULE_DISABLED FALSE CACHE BOOL "Disable PSA Crypto MAC module") |