Build: Give a higher priority to the platform configuration.
- Give a higher priority to the platform configuration.
- Delete #undef from platform configurations.
- Allow tuning of profile configurations by platforms or projects.
Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
Change-Id: I2e59f48bc9eece77279351b93794c6802a73a811
diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h
index 628d75a..cc7fc4c 100644
--- a/config/profile/config_profile_large.h
+++ b/config/profile/config_profile_large.h
@@ -11,16 +11,24 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
@@ -28,130 +36,203 @@
* Heap size for the crypto backend
* CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
*/
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x2380
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 8
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 512
-
+#endif
/*
* Size of the ITS internal data transfer buffer
* (Default to the max asset size so that all requests can be handled in one iteration.)
*/
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
/* Enable the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#define CONFIG_TFM_DOORBELL_API 1
+#endif
#endif /* __CONFIG_PROFILE_LARGE_H__ */
diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h
index 46a470f..97ac059 100644
--- a/config/profile/config_profile_medium.h
+++ b/config/profile/config_profile_medium.h
@@ -11,16 +11,24 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
@@ -28,127 +36,201 @@
* Heap size for the crypto backend
* CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
*/
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x2080
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 8
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 0
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 512
+#endif
/* Size of the ITS internal data transfer buffer */
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE 32
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
/* Enable the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#define CONFIG_TFM_DOORBELL_API 1
+#endif
#endif /* __CONFIG_PROFILE_MEDIUM_H__ */
diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h
index d5d49d4..2569793 100644
--- a/config/profile/config_profile_medium_arotless.h
+++ b/config/profile/config_profile_medium_arotless.h
@@ -11,16 +11,24 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
@@ -28,127 +36,201 @@
* Heap size for the crypto backend
* CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
*/
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x2080
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 8
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 0
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
-#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 512
+#endif
/* Size of the ITS internal data transfer buffer */
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE 32
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
/* Disable the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#define CONFIG_TFM_DOORBELL_API 0
+#endif
#endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h
index 57e5853..e37ffe2 100644
--- a/config/profile/config_profile_small.h
+++ b/config/profile/config_profile_small.h
@@ -11,138 +11,218 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
/* Heap size for the crypto backend */
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x400
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 4
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 0
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 0
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 1
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 512
+#endif
/* Size of the ITS internal data transfer buffer */
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE 32
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* Disable the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#define CONFIG_TFM_DOORBELL_API 0
+#endif
#endif /* __CONFIG_PROFILE_SMALL_H__ */
diff --git a/config/tests/config_test_psa_api.h b/config/tests/config_test_psa_api.h
index b4fd694..9127a33 100644
--- a/config/tests/config_test_psa_api.h
+++ b/config/tests/config_test_psa_api.h
@@ -11,16 +11,24 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
@@ -28,87 +36,136 @@
* Heap size for the crypto backend
* CRYPTO_ENGINE_BUF_SIZE needs to be much larger for PSA API tests.
*/
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 8
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#ifndef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#ifdef PSA_API_TEST_CRYPTO
/*
* When building for the PSA Crypto API tests, ensure the ITS max asset size is
@@ -118,53 +175,78 @@
#else
#define ITS_MAX_ASSET_SIZE 512
#endif
+#endif
/*
* Size of the ITS internal data transfer buffer
* (Default to the max asset size so that all requests can be handled in one iteration.)
*/
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
/* Set the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#ifdef PSA_API_TEST_IPC
/* IPC test suite uses IPC backend */
#define CONFIG_TFM_DOORBELL_API 1
#else
#define CONFIG_TFM_DOORBELL_API 0
#endif
+#endif
#endif /* __CONFIG_TEST_PSA_API_H__ */
diff --git a/docs/configuration/header_file_system.rst b/docs/configuration/header_file_system.rst
index 06c9982..88ccdb6 100644
--- a/docs/configuration/header_file_system.rst
+++ b/docs/configuration/header_file_system.rst
@@ -39,14 +39,14 @@
.. code-block:: c
- #ifdef PROJECT_CONFIG_HEADER_FILE
- #include PROJECT_CONFIG_HEADER_FILE
- #endif
-
#ifdef TARGET_CONFIG_HEADER_FILE
#include TARGET_CONFIG_HEADER_FILE
#endif
+ #ifdef PROJECT_CONFIG_HEADER_FILE
+ #include PROJECT_CONFIG_HEADER_FILE
+ #endif
+
#include "config_base.h"
Each component can implement a ``config_<comp_name>_check.h`` to validate component specific config
diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
index e968366..2c7341a 100644
--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
@@ -9,19 +9,15 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
/* Size of output buffer in platform service. */
-#undef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 256
/* The maximum number of assets to be stored in the Internal Trusted Storage. */
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 20
/* The maximum number of assets to be stored in the Protected Storage area. */
-#undef PS_NUM_ASSETS
#define PS_NUM_ASSETS 20
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/arm/mps3/corstone310/an555/config_tfm_target.h b/platform/ext/target/arm/mps3/corstone310/an555/config_tfm_target.h
index 609b5d3..f95f97d 100644
--- a/platform/ext/target/arm/mps3/corstone310/an555/config_tfm_target.h
+++ b/platform/ext/target/arm/mps3/corstone310/an555/config_tfm_target.h
@@ -9,11 +9,9 @@
#define __CONFIG_TFM_TARGET_H__
/* Size of secure partition */
-#undef FLASH_S_PARTITION_SIZE
#define FLASH_S_PARTITION_SIZE 0x80000
/* Size of non-secure partition */
-#undef FLASH_NS_PARTITION_SIZE
#define FLASH_NS_PARTITION_SIZE 0x300000
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/arm/mps3/corstone310/fvp/config_tfm_target.h b/platform/ext/target/arm/mps3/corstone310/fvp/config_tfm_target.h
index 609b5d3..f95f97d 100644
--- a/platform/ext/target/arm/mps3/corstone310/fvp/config_tfm_target.h
+++ b/platform/ext/target/arm/mps3/corstone310/fvp/config_tfm_target.h
@@ -9,11 +9,9 @@
#define __CONFIG_TFM_TARGET_H__
/* Size of secure partition */
-#undef FLASH_S_PARTITION_SIZE
#define FLASH_S_PARTITION_SIZE 0x80000
/* Size of non-secure partition */
-#undef FLASH_NS_PARTITION_SIZE
#define FLASH_NS_PARTITION_SIZE 0x300000
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/arm/musca_b1/config_tfm_target.h b/platform/ext/target/arm/musca_b1/config_tfm_target.h
index f90984a..599db96 100644
--- a/platform/ext/target/arm/musca_b1/config_tfm_target.h
+++ b/platform/ext/target/arm/musca_b1/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/arm/musca_s1/config_tfm_target.h b/platform/ext/target/arm/musca_s1/config_tfm_target.h
index cf5d2c2..778a36b 100644
--- a/platform/ext/target/arm/musca_s1/config_tfm_target.h
+++ b/platform/ext/target/arm/musca_s1/config_tfm_target.h
@@ -9,11 +9,9 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
#ifdef PSA_API_TEST_CRYPTO
-#undef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x2200
#endif
diff --git a/platform/ext/target/arm/rss/tc/config_tfm_target.h b/platform/ext/target/arm/rss/tc/config_tfm_target.h
index 5e79f0f..fd4f9e8 100644
--- a/platform/ext/target/arm/rss/tc/config_tfm_target.h
+++ b/platform/ext/target/arm/rss/tc/config_tfm_target.h
@@ -9,13 +9,12 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
/* Set the initial attestation token profile */
#undef ATTEST_TOKEN_PROFILE_PSA_IOT_1
#undef ATTEST_TOKEN_PROFILE_PSA_2_0_0
-#undef ATTEST_TOKEN_PROFILE_ARM_CCA
+
#define ATTEST_TOKEN_PROFILE_ARM_CCA 1
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/lairdconnectivity/common/bl5340/config_tfm_target.h b/platform/ext/target/lairdconnectivity/common/bl5340/config_tfm_target.h
index 1d13986..3b41db5 100644
--- a/platform/ext/target/lairdconnectivity/common/bl5340/config_tfm_target.h
+++ b/platform/ext/target/lairdconnectivity/common/bl5340/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Size of output buffer in platform service. */
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 5
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/config_tfm_target.h b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/config_tfm_target.h
index c83adb0..74559bf 100644
--- a/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/config_tfm_target.h
+++ b/platform/ext/target/nordic_nrf/nrf5340dk_nrf5340_cpuapp/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Include optional claims in initial attestation token */
-#undef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/config_tfm_target.h b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/config_tfm_target.h
index c83adb0..74559bf 100644
--- a/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/config_tfm_target.h
+++ b/platform/ext/target/nordic_nrf/nrf9160dk_nrf9160/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Include optional claims in initial attestation token */
-#undef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/config_tfm_target.h b/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/config_tfm_target.h
index fa8659f..9a9c184 100644
--- a/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/config_tfm_target.h
+++ b/platform/ext/target/nordic_nrf/nrf9161dk_nrf9161/config_tfm_target.h
@@ -8,7 +8,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Include optional claims in initial attestation token */
-#undef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nuvoton/m2351/config_tfm_target.h b/platform/ext/target/nuvoton/m2351/config_tfm_target.h
index db55a0e..72b0cbf 100644
--- a/platform/ext/target/nuvoton/m2351/config_tfm_target.h
+++ b/platform/ext/target/nuvoton/m2351/config_tfm_target.h
@@ -9,15 +9,12 @@
#define __CONFIG_TFM_TARGET_H__
/* Size of output buffer in platform service. */
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 12
/* The maximum asset size to be stored in the Protected Storage area. */
-#undef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 512
/* The maximum number of assets to be stored in the Protected Storage area. */
-#undef PS_NUM_ASSETS
#define PS_NUM_ASSETS 12
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nuvoton/m2354/config_tfm_target.h b/platform/ext/target/nuvoton/m2354/config_tfm_target.h
index db55a0e..72b0cbf 100644
--- a/platform/ext/target/nuvoton/m2354/config_tfm_target.h
+++ b/platform/ext/target/nuvoton/m2354/config_tfm_target.h
@@ -9,15 +9,12 @@
#define __CONFIG_TFM_TARGET_H__
/* Size of output buffer in platform service. */
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 12
/* The maximum asset size to be stored in the Protected Storage area. */
-#undef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 512
/* The maximum number of assets to be stored in the Protected Storage area. */
-#undef PS_NUM_ASSETS
#define PS_NUM_ASSETS 12
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/nxp/lpcxpresso55s69/config_tfm_target.h b/platform/ext/target/nxp/lpcxpresso55s69/config_tfm_target.h
index 967efff..79f0ef4 100644
--- a/platform/ext/target/nxp/lpcxpresso55s69/config_tfm_target.h
+++ b/platform/ext/target/nxp/lpcxpresso55s69/config_tfm_target.h
@@ -11,30 +11,24 @@
/* Using of stored NV seed to provide entropy is disabled, when CRYPTO_HW_ACCELERATOR is defined. */
#ifdef CRYPTO_HW_ACCELERATOR
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
#endif
/* The maximum asset size to be stored in the Protected Storage area. */
-#undef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 512
/* The maximum number of assets to be stored in the Protected Storage area. */
-#undef PS_NUM_ASSETS
#define PS_NUM_ASSETS 5
/* The maximum number of assets to be stored in the Internal Trusted Storage */
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 5
#ifdef PLATFORM_NO_FLASH
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
-#undef ITS_RAM_FS
#define ITS_RAM_FS 1
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
-#undef PS_RAM_FS
#define PS_RAM_FS 1
#endif /* PLATFORM_NO_FLASH */
diff --git a/platform/ext/target/stm/b_u585i_iot02a/config_tfm_target.h b/platform/ext/target/stm/b_u585i_iot02a/config_tfm_target.h
index 8857938..6656537 100644
--- a/platform/ext/target/stm/b_u585i_iot02a/config_tfm_target.h
+++ b/platform/ext/target/stm/b_u585i_iot02a/config_tfm_target.h
@@ -9,10 +9,8 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
-#undef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 32
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/stm/nucleo_l552ze_q/config_tfm_target.h b/platform/ext/target/stm/nucleo_l552ze_q/config_tfm_target.h
index f90984a..599db96 100644
--- a/platform/ext/target/stm/nucleo_l552ze_q/config_tfm_target.h
+++ b/platform/ext/target/stm/nucleo_l552ze_q/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/platform/ext/target/stm/stm32l562e_dk/config_tfm_target.h b/platform/ext/target/stm/stm32l562e_dk/config_tfm_target.h
index f90984a..599db96 100644
--- a/platform/ext/target/stm/stm32l562e_dk/config_tfm_target.h
+++ b/platform/ext/target/stm/stm32l562e_dk/config_tfm_target.h
@@ -9,7 +9,6 @@
#define __CONFIG_TFM_TARGET_H__
/* Use stored NV seed to provide entropy */
-#undef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 0
#endif /* __CONFIG_TFM_TARGET_H__ */
diff --git a/secure_fw/include/config_tfm.h b/secure_fw/include/config_tfm.h
index d59be98..392069b 100644
--- a/secure_fw/include/config_tfm.h
+++ b/secure_fw/include/config_tfm.h
@@ -12,10 +12,6 @@
extern "C" {
#endif
-#ifdef PROJECT_CONFIG_HEADER_FILE
-#include PROJECT_CONFIG_HEADER_FILE
-#endif
-
/*
* Platform defined header file for TF-M configs.
* Path: ${TARGET_PLATFORM_PATH}/config_tfm_target.h
@@ -24,6 +20,10 @@
#include TARGET_CONFIG_HEADER_FILE
#endif
+#ifdef PROJECT_CONFIG_HEADER_FILE
+#include PROJECT_CONFIG_HEADER_FILE
+#endif
+
#include "config_base.h"
#ifdef __cplusplus