TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / b9309b69b76b04fcdfe331fbd96d1fc5e040f85a / . / config / config_base.h
blob: 30b8f5e4dbbfaad45bfa2610241bdbbaae03a188 [file] [log] [blame]
Xinyu Zhanga2fab0e2022-10-24 15:37:46 +0800[diff] [blame]1/*
David Vincze37faec62025-01-20 18:07:12 +0000[diff] [blame]2 * Copyright (c) 2022-2025, Arm Limited. All rights reserved.
Chris Brand72ee4c62024-01-08 16:56:55 -0800[diff] [blame]3 * Copyright (c) 2023-2024 Cypress Semiconductor Corporation (an Infineon
Chris Brand80326b72023-03-15 13:07:49 -0700[diff] [blame]4 * company) or an affiliate of Cypress Semiconductor Corporation. All rights
5 * reserved.
Xinyu Zhanga2fab0e2022-10-24 15:37:46 +0800[diff] [blame]6 *
7 * SPDX-License-Identifier: BSD-3-Clause
8 *
9 */
10
11#ifndef __CONFIG_BASE_H__
12#define __CONFIG_BASE_H__
13
Nicola Mazzucatob369b332025-01-02 09:11:57 +0000[diff] [blame]14#include "tfm_hybrid_platform.h"
15
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]16/* Platform Partition Configs */
17
18/* Size of input buffer in platform service */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]19#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]20#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]21#endif
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]22
23/* Size of output buffer in platform service */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]24#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]25#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]26#endif
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]27
28/* The stack size of the Platform Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]29#ifndef PLATFORM_SP_STACK_SIZE
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]30#define PLATFORM_SP_STACK_SIZE 0x500
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]31#endif
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]32
33/* Disable Non-volatile counter module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]34#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]35#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]36#endif
Xinyu Zhang77668dd2022-10-24 16:17:37 +0800[diff] [blame]37
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]38/* Crypto Partition Configs */
39
40/*
Antonio de Angelisc271e4a2024-11-15 14:35:40 +0000[diff] [blame]41 * Heap size for the crypto backend. This is statically allocated
42 * inside the Crypto service and used as heap through the default
43 * Mbed TLS allocator
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]44 */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]45#ifndef CRYPTO_ENGINE_BUF_SIZE
Antonio de Angelisc271e4a2024-11-15 14:35:40 +0000[diff] [blame]46#define CRYPTO_ENGINE_BUF_SIZE 0x3000
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]47#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]48
49/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]50#ifndef CRYPTO_CONC_OPER_NUM
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]51#define CRYPTO_CONC_OPER_NUM 8
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]52#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]53
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]54/* Enable PSA Crypto random number generator module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]55#ifndef CRYPTO_RNG_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]56#define CRYPTO_RNG_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]57#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]58
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]59/* Enable PSA Crypto Key module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]60#ifndef CRYPTO_KEY_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]61#define CRYPTO_KEY_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]62#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]63
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]64/* Enable PSA Crypto AEAD module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]65#ifndef CRYPTO_AEAD_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]66#define CRYPTO_AEAD_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]67#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]68
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]69/* Enable PSA Crypto MAC module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]70#ifndef CRYPTO_MAC_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]71#define CRYPTO_MAC_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]72#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]73
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]74/* Enable PSA Crypto Hash module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]75#ifndef CRYPTO_HASH_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]76#define CRYPTO_HASH_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]77#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]78
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]79/* Enable PSA Crypto Cipher module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]80#ifndef CRYPTO_CIPHER_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]81#define CRYPTO_CIPHER_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]82#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]83
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]84/* Enable PSA Crypto asymmetric key signature module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]85#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]86#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]87#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]88
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]89/* Enable PSA Crypto asymmetric key encryption module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]90#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]91#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]92#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]93
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]94/* Enable PSA Crypto key derivation module */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]95#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
Jianliang Shen78ca8d42022-11-16 17:33:18 +0800[diff] [blame]96#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]97#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]98
99/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]100#ifndef CRYPTO_IOVEC_BUFFER_SIZE
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]101#define CRYPTO_IOVEC_BUFFER_SIZE 5120
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]102#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]103
104/* Use stored NV seed to provide entropy */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]105#ifndef CRYPTO_NV_SEED
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]106#define CRYPTO_NV_SEED 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]107#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]108
109/*
110 * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
111 * to optimize memory footprint in resource-constrained devices.
112 */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]113#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]114#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]115#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]116
Antonio de Angelisbb6f7112024-10-16 19:15:25 +0100[diff] [blame]117/*
118 * The service assumes that the client interface and internal
119 * interface towards the library that provides the PSA Crypto
120 * core component maintain the same ABI. This is not the default
121 * when using the Mbed TLS reference implementation
122 */
123#ifndef CRYPTO_LIBRARY_ABI_COMPAT
124#define CRYPTO_LIBRARY_ABI_COMPAT (0)
125#endif
126
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]127/* The stack size of the Crypto Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]128#ifndef CRYPTO_STACK_SIZE
Antonio de Angelis9b822182024-11-16 22:19:30 +0000[diff] [blame]129#define CRYPTO_STACK_SIZE 0x1800
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]130#endif
Xinyu Zhangd755b822022-10-25 11:18:09 +0800[diff] [blame]131
Xinyu Zhangff653722022-10-27 14:17:36 +0800[diff] [blame]132/* FWU Partition Configs */
133
134/* Size of the FWU internal data transfer buffer */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]135#ifndef TFM_FWU_BUF_SIZE
Xinyu Zhangff653722022-10-27 14:17:36 +0800[diff] [blame]136#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]137#endif
Xinyu Zhangff653722022-10-27 14:17:36 +0800[diff] [blame]138
139/* The stack size of the Firmware Update Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]140#ifndef FWU_STACK_SIZE
Xinyu Zhangff653722022-10-27 14:17:36 +0800[diff] [blame]141#define FWU_STACK_SIZE 0x600
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]142#endif
Xinyu Zhangff653722022-10-27 14:17:36 +0800[diff] [blame]143
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]144/* Attest Partition Configs */
145
146/* Include optional claims in initial attestation token */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]147#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]148#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]149#endif
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]150
151/* Include COSE key-id in initial attestation token */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]152#ifndef ATTEST_INCLUDE_COSE_KEY_ID
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]153#define ATTEST_INCLUDE_COSE_KEY_ID 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]154#endif
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]155
156/* The stack size of the Initial Attestation Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]157#ifndef ATTEST_STACK_SIZE
Tamas Ban6bff4682024-09-25 15:15:26 +0200[diff] [blame]158#define ATTEST_STACK_SIZE 0x800
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]159#endif
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]160
161/* Set the initial attestation token profile */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]162#if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
163 (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
164 (!ATTEST_TOKEN_PROFILE_ARM_CCA)
Antonio de Angelis58fc26c2024-11-07 17:06:55 +0100[diff] [blame]165#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]166#endif
Xinyu Zhangd15f99c2022-10-27 15:03:34 +0800[diff] [blame]167
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]168/* ITS Partition Configs */
169
170/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]171#ifndef ITS_CREATE_FLASH_LAYOUT
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]172#define ITS_CREATE_FLASH_LAYOUT 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]173#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]174
175/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]176#ifndef ITS_RAM_FS
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]177#define ITS_RAM_FS 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]178#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]179
180/* Validate filesystem metadata every time it is read from flash */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]181#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]182#define ITS_VALIDATE_METADATA_FROM_FLASH 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]183#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]184
185/* The maximum asset size to be stored in the Internal Trusted Storage */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]186#ifndef ITS_MAX_ASSET_SIZE
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]187#define ITS_MAX_ASSET_SIZE 512
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]188#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]189
190/*
191 * Size of the ITS internal data transfer buffer
192 * (Default to the max asset size so that all requests can be handled in one iteration.)
193 */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]194#ifndef ITS_BUF_SIZE
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]195#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]196#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]197
198/* The maximum number of assets to be stored in the Internal Trusted Storage */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]199#ifndef ITS_NUM_ASSETS
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]200#define ITS_NUM_ASSETS 10
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]201#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]202
203/* The stack size of the Internal Trusted Storage Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]204#ifndef ITS_STACK_SIZE
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]205#define ITS_STACK_SIZE 0x720
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]206#endif
Xinyu Zhangc8fc2c02022-10-31 12:13:45 +0800[diff] [blame]207
Markus Swarowsky7de096f2023-03-16 10:32:02 +0100[diff] [blame]208/* The size of the authentication tag used when authentication/encryption of ITS files is enabled */
209#ifndef TFM_ITS_AUTH_TAG_LENGTH
210#define TFM_ITS_AUTH_TAG_LENGTH 16
211#endif
212
Gabor Tothdd6c4052024-09-13 14:06:19 +0200[diff] [blame]213/* The size of the key used when authentication/encryption of ITS files is enabled */
214#ifndef TFM_ITS_KEY_LENGTH
215#define TFM_ITS_KEY_LENGTH 16
216#endif
217
Markus Swarowsky7de096f2023-03-16 10:32:02 +0100[diff] [blame]218/* The size of the nonce used when ITS file encryption is enabled */
219#ifndef TFM_ITS_ENC_NONCE_LENGTH
220#define TFM_ITS_ENC_NONCE_LENGTH 12
221#endif
222
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]223/* PS Partition Configs */
224
225/* Create flash FS if it doesn't exist for Protected Storage partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]226#ifndef PS_CREATE_FLASH_LAYOUT
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]227#define PS_CREATE_FLASH_LAYOUT 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]228#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]229
230/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]231#ifndef PS_RAM_FS
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]232#define PS_RAM_FS 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]233#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]234
235/* Enable rollback protection for Protected Storage partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]236#ifndef PS_ROLLBACK_PROTECTION
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]237#define PS_ROLLBACK_PROTECTION 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]238#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]239
240/* Validate filesystem metadata every time it is read from flash */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]241#ifndef PS_VALIDATE_METADATA_FROM_FLASH
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]242#define PS_VALIDATE_METADATA_FROM_FLASH 1
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]243#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]244
245/* The maximum asset size to be stored in the Protected Storage */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]246#ifndef PS_MAX_ASSET_SIZE
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]247#define PS_MAX_ASSET_SIZE 2048
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]248#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]249
250/* The maximum number of assets to be stored in the Protected Storage */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]251#ifndef PS_NUM_ASSETS
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]252#define PS_NUM_ASSETS 10
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]253#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]254
255/* The stack size of the Protected Storage Secure Partition */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]256#ifndef PS_STACK_SIZE
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]257#define PS_STACK_SIZE 0x700
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]258#endif
Xinyu Zhang07152702022-10-31 12:35:49 +0800[diff] [blame]259
Chris Brand72ee4c62024-01-08 16:56:55 -0800[diff] [blame]260/* NS Agent Mailbox Partition Configs */
261
Sherry Zhang415d7132023-08-09 16:26:56 +0800[diff] [blame]262/* The stack size of the NS Agent Mailbox Secure Partition */
263#ifndef NS_AGENT_MAILBOX_STACK_SIZE
264#define NS_AGENT_MAILBOX_STACK_SIZE 0x800
265#endif
266
Chris Brandda938d82024-08-01 12:42:10 -0700[diff] [blame]267/* Whether the mailbox itself is in memory that is uncached in the SPE */
268#ifndef MAILBOX_IS_UNCACHED_S
269#define MAILBOX_IS_UNCACHED_S 1
270#endif
271
272/* Whether the mailbox itself is in memory that is uncached in the NSPE */
273#ifndef MAILBOX_IS_UNCACHED_NS
274#define MAILBOX_IS_UNCACHED_NS 1
275#endif
276
David Hue2cda482025-03-19 08:21:21 +0000[diff] [blame]277/*
278 * Whether the client ID translation can accept NS client ID == 0.
279 * NS client ID from NSPE is calculated as an offset of the client ID range in
280 * NS Agent mailbox client ID translation.
281 * Select this option to allow platforms to accept NS client ID == 0 as a valid
282 * offset.
283 */
284#ifndef MAILBOX_SUPPORT_NS_CLIENT_ID_ZERO
285#define MAILBOX_SUPPORT_NS_CLIENT_ID_ZERO 0
286#endif
287
Jackson Cooper-Driver92f631c2024-10-08 13:46:42 +0000[diff] [blame]288/* Secure Test Partition Configs */
289#ifdef TFM_PARTITION_DPE
290/* DPE tests require larger test partition stack */
291#define SECURE_TEST_PARTITION_STACK_SIZE 0x3000
292#else
David Vincze37faec62025-01-20 18:07:12 +0000[diff] [blame]293#define SECURE_TEST_PARTITION_STACK_SIZE 0x0F00
Jackson Cooper-Driver92f631c2024-10-08 13:46:42 +0000[diff] [blame]294#endif
295
Chris Brand72ee4c62024-01-08 16:56:55 -0800[diff] [blame]296/* SPM Configs */
Xinyu Zhangcdbe3622022-10-31 14:34:25 +0800[diff] [blame]297
Xinyu Zhang9a6d90a2023-03-22 17:32:27 +0800[diff] [blame]298#ifdef CONFIG_TFM_CONNECTION_POOL_ENABLE
Xinyu Zhangcdbe3622022-10-31 14:34:25 +0800[diff] [blame]299/* The maximal number of secure services that are connected or requested at the same time */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]300#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
Chris Brand80326b72023-03-15 13:07:49 -0700[diff] [blame]301#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]302#endif
Xinyu Zhang9a6d90a2023-03-22 17:32:27 +0800[diff] [blame]303#endif
Xinyu Zhangcdbe3622022-10-31 14:34:25 +0800[diff] [blame]304
Xinyu Zhang44dbfa62022-11-23 14:22:32 +0800[diff] [blame]305/* Disable the doorbell APIs */
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]306#ifndef CONFIG_TFM_DOORBELL_API
Chris Brand80326b72023-03-15 13:07:49 -0700[diff] [blame]307#define CONFIG_TFM_DOORBELL_API 0
308#endif
309
Nicola Mazzucatob369b332025-01-02 09:11:57 +0000[diff] [blame]310/*
311 * Scheduling type for Hybrid Platforms (Currently in Experimental Stage)
312 * Options can be found in spm/include/tfm_hybrid_platform.h
313 */
314#ifndef CONFIG_TFM_HYBRID_PLAT_SCHED_TYPE
315#define CONFIG_TFM_HYBRID_PLAT_SCHED_TYPE TFM_HYBRID_PLAT_SCHED_OFF
316#else
317
318#if (CONFIG_TFM_HYBRID_PLAT_SCHED_TYPE == TFM_HYBRID_PLAT_SCHED_OFF)
319 /* default, nothing to do, no overrides */
320#endif
321
322#if (CONFIG_TFM_HYBRID_PLAT_SCHED_TYPE == TFM_HYBRID_PLAT_SCHED_SPE)
323 #ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
324 #define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 1
325 #define CONFIG_TFM_SPM_BACKEND_IPC 1
326 #endif
327#endif
328#if (CONFIG_TFM_HYBRID_PLAT_SCHED_TYPE == TFM_HYBRID_PLAT_SCHED_NSPE)
329 #ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
330 #define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0
331 #define CONFIG_TFM_SPM_BACKEND_IPC 1
332 #endif
333#endif
334
335#endif
336
Chris Brand80326b72023-03-15 13:07:49 -0700[diff] [blame]337/* Do not run the scheduler after handling a secure interrupt if the NSPE was pre-empted */
338#ifndef CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED
339#define CONFIG_TFM_SCHEDULE_WHEN_NS_INTERRUPTED 0
David Hu6d1a9b62023-02-22 16:54:04 +0800[diff] [blame]340#endif
Xinyu Zhangcdbe3622022-10-31 14:34:25 +0800[diff] [blame]341
Sherry Zhangf2a4f912023-09-12 15:38:12 +0800[diff] [blame]342/* Mask Non-Secure interrupts when executing in secure state. */
343#ifndef CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT
344#define CONFIG_TFM_SECURE_THREAD_MASK_NS_INTERRUPT 0
345#endif
346
Roman Mazurak96585b82024-04-03 14:35:00 +0300[diff] [blame]347/*
348 * tfm_hal_post_partition_init_hook is called if this option is enabled.
349 * It's called by SPM right before starting scheduler.
350 */
351#ifndef CONFIG_TFM_POST_PARTITION_INIT_HOOK
352#define CONFIG_TFM_POST_PARTITION_INIT_HOOK 0
353#endif
354
Andrej Butok302da632023-07-14 12:57:08 +0200[diff] [blame]355/* Enable OTP/NV_COUNTERS emulation in RAM */
356#ifndef OTP_NV_COUNTERS_RAM_EMULATION
357#define OTP_NV_COUNTERS_RAM_EMULATION 0
358#endif
359
Aziz IDOMAR82772882024-04-09 14:19:52 +0100[diff] [blame]360/* Error Codes Configs */
361
362/* Enable unique error codes */
363#ifndef TFM_UNIQUE_ERROR_CODES
364#define TFM_UNIQUE_ERROR_CODES 0
365#endif
366
Xinyu Zhanga2fab0e2022-10-24 15:37:46 +0800[diff] [blame]367#endif /* __CONFIG_BASE_H__ */