ITS: Set features with config header file
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: If687f26760b554790ef5c18be78bfc88ca7e00de
diff --git a/config/config_base.cmake b/config/config_base.cmake
index 4e3ddf7..098a162 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -117,13 +117,6 @@
set(PS_STACK_SIZE "0x700" CACHE STRING "The stack size of the Protected Storage Secure Partition")
set(TFM_PARTITION_INTERNAL_TRUSTED_STORAGE OFF CACHE BOOL "Enable Internal Trusted Storage partition")
-set(ITS_CREATE_FLASH_LAYOUT ON CACHE BOOL "Create flash FS if it doesn't exist for Internal Trusted Storage partition")
-set(ITS_RAM_FS OFF CACHE BOOL "Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition")
-set(ITS_VALIDATE_METADATA_FROM_FLASH ON CACHE BOOL "Validate filesystem metadata every time it is read from flash")
-set(ITS_MAX_ASSET_SIZE "512" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
-set(ITS_NUM_ASSETS "10" CACHE STRING "The maximum number of assets to be stored in the Internal Trusted Storage area")
-set(ITS_BUF_SIZE "" CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
-set(ITS_STACK_SIZE "0x720" CACHE STRING "The stack size of the Internal Trusted Storage Secure Partition")
set(TFM_PARTITION_CRYPTO OFF CACHE BOOL "Enable Crypto partition")
set(CRYPTO_TFM_BUILTIN_KEYS_DRIVER ON CACHE BOOL "Whether to allow crypto service to store builtin keys. Without this, ALL builtin keys must be stored in a platform-specific location")
diff --git a/config/config_base.h b/config/config_base.h
index 501fcb6..2450fdc 100644
--- a/config/config_base.h
+++ b/config/config_base.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_BASE_H__ */
diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h
index 9ee21e1..12d3047 100644
--- a/config/profile/config_profile_large.h
+++ b/config/profile/config_profile_large.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_LARGE_H__ */
diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h
index a8bf346..4c3d8e8 100644
--- a/config/profile/config_profile_medium.h
+++ b/config/profile/config_profile_medium.h
@@ -97,4 +97,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_MEDIUM_H__ */
diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h
index 6fe338b..69d0bfa 100644
--- a/config/profile/config_profile_medium_arotless.h
+++ b/config/profile/config_profile_medium_arotless.h
@@ -97,4 +97,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h
index 368b5e6..dc5c73a 100644
--- a/config/profile/config_profile_small.h
+++ b/config/profile/config_profile_small.h
@@ -94,4 +94,27 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/* Size of the ITS internal data transfer buffer */
+#define ITS_BUF_SIZE 32
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_PROFILE_SMALL_H__ */
diff --git a/config/profile/profile_medium.cmake b/config/profile/profile_medium.cmake
index f6fda19..0d4fd51 100644
--- a/config/profile/profile_medium.cmake
+++ b/config/profile/profile_medium.cmake
@@ -25,7 +25,6 @@
################################## Advanced options #############################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
################################## Dependencies ################################
diff --git a/config/profile/profile_medium_arotless.cmake b/config/profile/profile_medium_arotless.cmake
index 0dd5b22..74a3fcd 100755
--- a/config/profile/profile_medium_arotless.cmake
+++ b/config/profile/profile_medium_arotless.cmake
@@ -24,7 +24,6 @@
################################## Advanced options #############################
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(PS_CRYPTO_AEAD_ALG PSA_ALG_CCM CACHE STRING "The AEAD algorithm to use for authenticated encryption in protected storage")
################################## Dependencies ################################
diff --git a/config/profile/profile_small.cmake b/config/profile/profile_small.cmake
index 4d35712..c8ec10e 100644
--- a/config/profile/profile_small.cmake
+++ b/config/profile/profile_small.cmake
@@ -27,7 +27,6 @@
set(PSA_FRAMEWORK_HAS_MM_IOVEC ON CACHE BOOL "Enable MM-IOVEC")
set(CONFIG_TFM_CONN_HANDLE_MAX_NUM 3 CACHE STRING "The maximal number of secure services that are connected or requested at the same time")
-set(ITS_BUF_SIZE 32 CACHE STRING "Size of the ITS internal data transfer buffer (defaults to ITS_MAX_ASSET_SIZE if not set)")
set(MCUBOOT_IMAGE_NUMBER 1 CACHE STRING "Whether to combine S and NS into either 1 image, or sign each seperately")
################################## Dependencies ################################
diff --git a/config/tests/config_test_psa_api.cmake b/config/tests/config_test_psa_api.cmake
index aabca3c..d6b7944 100644
--- a/config/tests/config_test_psa_api.cmake
+++ b/config/tests/config_test_psa_api.cmake
@@ -6,13 +6,6 @@
#------------------------------------------------------------------------------
############ Override defaults for PSA API tests ##############################
-
-# When building for the PSA Crypto API tests, ensure the ITS max asset size is
-# set to at least the size of the largest asset created by the tests
-if (("${TEST_PSA_API}" STREQUAL "CRYPTO") AND NOT (ITS_MAX_ASSET_SIZE GREATER 1229))
- set(ITS_MAX_ASSET_SIZE "1229" CACHE STRING "The maximum asset size to be stored in the Internal Trusted Storage area")
-endif()
-
if ("${TEST_PSA_API}" STREQUAL "IPC")
# PSA Arch test partitions only support IPC model so far
set(CONFIG_TFM_SPM_BACKEND "IPC" CACHE STRING "The SPM backend [IPC, SFN]")
@@ -41,4 +34,8 @@
set(TFM_PARTITION_PLATFORM ON CACHE BOOL "Enable Platform partition")
endif()
-set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api.h" CACHE FILEPATH "User defined header file for TF-M config")
+if ("${TEST_PSA_API}" STREQUAL "CRYPTO")
+ set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api_crypto.h" CACHE FILEPATH "User defined header file for TF-M config")
+else()
+ set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/tests/config_test_psa_api.h" CACHE FILEPATH "User defined header file for TF-M config")
+endif()
diff --git a/config/tests/config_test_psa_api.h b/config/tests/config_test_psa_api.h
index 816b62c..ba0f675 100644
--- a/config/tests/config_test_psa_api.h
+++ b/config/tests/config_test_psa_api.h
@@ -97,4 +97,30 @@
/* Set the initial attestation token profile */
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#define ITS_MAX_ASSET_SIZE 512
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
#endif /* __CONFIG_TEST_PSA_API_H__ */
diff --git a/config/tests/config_test_psa_api_crypto.h b/config/tests/config_test_psa_api_crypto.h
new file mode 100644
index 0000000..178d8e6
--- /dev/null
+++ b/config/tests/config_test_psa_api_crypto.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_BASE_H__
+#define __CONFIG_BASE_H__
+
+/* Platform Partition Configs */
+
+/* Size of input buffer in platform service */
+#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+
+/* Size of output buffer in platform service */
+#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+
+/* The stack size of the Platform Secure Partition */
+#define PLATFORM_SP_STACK_SIZE 0x500
+
+/* Disable Non-volatile counter module */
+#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+
+/* Crypto Partition Configs */
+
+/*
+ * Heap size for the crypto backend
+ * CRYPTO_ENGINE_BUF_SIZE needs to be much larger for PSA API tests.
+ */
+#define CRYPTO_ENGINE_BUF_SIZE 0x5000
+
+/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#define CRYPTO_CONC_OPER_NUM 8
+
+/* Disable PSA Crypto random number generator module */
+#define CRYPTO_RNG_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Key module */
+#define CRYPTO_KEY_MODULE_DISABLED 0
+
+/* Disable PSA Crypto AEAD module */
+#define CRYPTO_AEAD_MODULE_DISABLED 0
+
+/* Disable PSA Crypto MAC module */
+#define CRYPTO_MAC_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Hash module */
+#define CRYPTO_HASH_MODULE_DISABLED 0
+
+/* Disable PSA Crypto Cipher module */
+#define CRYPTO_CIPHER_MODULE_DISABLED 0
+
+/* Disable PSA Crypto asymmetric key signature module */
+#define CRYPTO_ASYM_SIGN_MODULE_DISABLED 0
+
+/* Disable PSA Crypto asymmetric key encryption module */
+#define CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED 0
+
+/* Disable PSA Crypto key derivation module */
+#define CRYPTO_KEY_DERIVATION_MODULE_DISABLED 0
+
+/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+
+/* Use stored NV seed to provide entropy */
+#define CRYPTO_NV_SEED 1
+
+/*
+ * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
+ * to optimize memory footprint in resource-constrained devices.
+ */
+#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+
+/* The stack size of the Crypto Secure Partition */
+#define CRYPTO_STACK_SIZE 0x1B00
+
+/* FWU Partition Configs */
+
+/* Size of the FWU internal data transfer buffer */
+#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+
+/* The stack size of the Firmware Update Secure Partition */
+#define FWU_STACK_SIZE 0x600
+
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
+/* ITS Partition Configs */
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#define ITS_RAM_FS 0
+
+/* Validate filesystem metadata every time it is read from flash */
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+/*
+ * The maximum asset size to be stored in the Internal Trusted Storage
+ * When building for the PSA Crypto API tests, ensure the ITS max asset size is
+ * set to at least the size of the largest asset created by the tests.
+ */
+#define ITS_MAX_ASSET_SIZE 1229
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#define ITS_NUM_ASSETS 10
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#define ITS_STACK_SIZE 0x720
+
+#endif /* __CONFIG_BASE_H__ */
diff --git a/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt b/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt
index a93c641..fd33b30 100644
--- a/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt
+++ b/secure_fw/partitions/internal_trusted_storage/CMakeLists.txt
@@ -54,6 +54,7 @@
target_link_libraries(tfm_psa_rot_partition_its
PRIVATE
platform_s
+ tfm_config
tfm_sprt
)
@@ -67,13 +68,6 @@
PS_MAX_ASSET_SIZE=${PS_MAX_ASSET_SIZE}
PS_NUM_ASSETS=${PS_NUM_ASSETS}
PS_CRYPTO_AEAD_ALG=${PS_CRYPTO_AEAD_ALG}
- PRIVATE
- $<$<BOOL:${ITS_CREATE_FLASH_LAYOUT}>:ITS_CREATE_FLASH_LAYOUT>
- $<$<BOOL:${ITS_RAM_FS}>:ITS_RAM_FS>
- $<$<OR:$<BOOL:${ITS_VALIDATE_METADATA_FROM_FLASH}>,$<BOOL:${PS_VALIDATE_METADATA_FROM_FLASH}>>:ITS_VALIDATE_METADATA_FROM_FLASH>
- ITS_MAX_ASSET_SIZE=${ITS_MAX_ASSET_SIZE}
- ITS_NUM_ASSETS=${ITS_NUM_ASSETS}
- $<$<BOOL:${ITS_BUF_SIZE}>:ITS_BUF_SIZE=${ITS_BUF_SIZE}>
)
################ Display the configuration being applied #######################
@@ -90,14 +84,6 @@
PS_NUM_ASSETS;
PS_CRYPTO_AEAD_ALG;
PS_STACK_SIZE;
-
- ITS_CREATE_FLASH_LAYOUT;
- ITS_RAM_FS;
- ITS_VALIDATE_METADATA_FROM_FLASH;
- ITS_MAX_ASSET_SIZE;
- ITS_NUM_ASSETS;
- ITS_BUF_SIZE;
- ITS_STACK_SIZE
"
)
diff --git a/secure_fw/partitions/internal_trusted_storage/config_its.h b/secure_fw/partitions/internal_trusted_storage/config_its.h
new file mode 100644
index 0000000..e1a4938
--- /dev/null
+++ b/secure_fw/partitions/internal_trusted_storage/config_its.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PARTITION_ITS_H__
+#define __CONFIG_PARTITION_ITS_H__
+
+#include "config_tfm.h"
+#include "config_ps.h"
+
+/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
+#pragma message ("ITS_CREATE_FLASH_LAYOUT is defaulted to 1. Please check and set it explicitly.")
+#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
+
+/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
+#pragma message ("ITS_RAM_FS is defaulted to 0. Please check and set it explicitly.")
+#define ITS_RAM_FS 0
+#endif
+
+/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
+#pragma message ("ITS_VALIDATE_METADATA_FROM_FLASH is defaulted to 1. Please check and set it explicitly.")
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
+
+/* Enable ITS_VALIDATE_METADATA_FROM_FLASH when PS_VALIDATE_METADATA_FROM_FLASH is enabled */
+#if (!ITS_VALIDATE_METADATA_FROM_FLASH) && PS_VALIDATE_METADATA_FROM_FLASH
+#pragma message ("ITS_VALIDATE_METADATA_FROM_FLASH is redefined to 1.")
+#undef ITS_VALIDATE_METADATA_FROM_FLASH
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
+
+/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
+#pragma message ("ITS_MAX_ASSET_SIZE is defaulted to 512. Please check and set it explicitly.")
+#define ITS_MAX_ASSET_SIZE 512
+#endif
+
+/*
+ * Size of the ITS internal data transfer buffer
+ * (Default to the max asset size so that all requests can be handled in one iteration.)
+ */
+#ifndef ITS_BUF_SIZE
+#pragma message ("ITS_BUF_SIZE is defaulted to ITS_MAX_ASSET_SIZE. Please check and set it explicitly.")
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+#endif
+
+/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
+#pragma message ("ITS_NUM_ASSETS is defaulted to 10. Please check and set it explicitly.")
+#define ITS_NUM_ASSETS 10
+#endif
+
+/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
+#pragma message ("ITS_STACK_SIZE is defaulted to 0x720. Please check and set it explicitly.")
+#define ITS_STACK_SIZE 0x720
+#endif
+
+#endif /* __CONFIG_PARTITION_ITS_H__ */
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
index 99c387f..4d23097 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -7,9 +7,10 @@
#include "its_flash.h"
+#include "config_its.h"
#include "flash_fs/its_flash_fs.h"
-#ifdef ITS_RAM_FS
+#if ITS_RAM_FS
#ifndef ITS_RAM_FS_SIZE
#error "ITS_RAM_FS_SIZE must be defined by the target in flash_layout.h"
#endif
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
index d2aecbc..42c88f4 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2017-2022, Arm Limited. All rights reserved.
* Copyright (c) 2020, Cypress Semiconductor Corporation. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
@@ -9,12 +9,13 @@
#ifndef __ITS_FLASH_H__
#define __ITS_FLASH_H__
+#include "config_its.h"
#include "its_utils.h"
#include "tfm_hal_its.h"
#include "tfm_hal_ps.h"
/* Include the correct flash interface implementation for ITS */
-#ifdef ITS_RAM_FS
+#if ITS_RAM_FS
/* RAM FS: use a buffer to emulate storage in RAM */
#include "its_flash_ram.h"
extern uint8_t its_block_data[];
diff --git a/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c b/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
index 6be0047..233e3f3 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
+++ b/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021, Arm Limited. All rights reserved.
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -7,6 +7,7 @@
#include <string.h>
+#include "config_its.h"
#include "its_flash_fs_mblock.h"
#include "psa/storage_common.h"
@@ -212,7 +213,7 @@
return cur_meta;
}
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
/**
* \brief Validates file metadata in order to guarantee that a corruption or
* malicious change in stored metadata doesn't result in an invalid
@@ -729,7 +730,7 @@
if (err != PSA_SUCCESS) {
return err;
}
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
err = its_mblock_validate_metadata_xor(fs_ctx, h_meta, block_id);
#endif
}
@@ -757,7 +758,7 @@
/* Increment again to avoid using the erase val as the swap count */
fs_ctx->meta_block_header.active_swap_count++;
}
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
/* Calculate metadata XOR value. */
err = its_mblock_calculate_metadata_xor(fs_ctx,
fs_ctx->scratch_metablock,
@@ -1135,7 +1136,7 @@
(uint8_t *)file_meta, offset,
ITS_FILE_METADATA_SIZE);
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
if (err == PSA_SUCCESS) {
err = its_mblock_validate_file_meta(fs_ctx, file_meta);
}
@@ -1157,7 +1158,7 @@
(uint8_t *)block_meta, pos,
ITS_BLOCK_METADATA_SIZE);
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
if (err == PSA_SUCCESS) {
err = its_mblock_validate_block_meta(fs_ctx, block_meta);
}
@@ -1181,7 +1182,7 @@
(uint8_t *)block_meta, pos,
ITS_BLOCK_METADATA_SIZE);
-#ifdef ITS_VALIDATE_METADATA_FROM_FLASH
+#if ITS_VALIDATE_METADATA_FROM_FLASH
if (err == PSA_SUCCESS) {
err = its_mblock_validate_block_meta_comp(fs_ctx, block_meta);
}
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
index f20ff00..cf440d8 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
@@ -5,6 +5,7 @@
*
*/
#include <string.h>
+#include "config_its.h"
#include "tfm_internal_trusted_storage.h"
#include "tfm_hal_its.h"
@@ -140,8 +141,8 @@
/* Prepare the ITS filesystem */
status = its_flash_fs_prepare(&fs_ctx_its);
-#ifdef ITS_CREATE_FLASH_LAYOUT
- /* If ITS_CREATE_FLASH_LAYOUT is set, it indicates that it is required to
+#if ITS_CREATE_FLASH_LAYOUT
+ /* If ITS_CREATE_FLASH_LAYOUT is set to 1, it indicates that it is required to
* create a ITS flash layout. ITS service will generate an empty and valid
* ITS flash layout to store assets. It will erase all data located in the
* assigned ITS memory area before generating the ITS layout.
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index 512fb78..970f473 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -9,6 +9,7 @@
#include <string.h>
#include <stdbool.h>
+#include "config_its.h"
#include "psa/storage_common.h"
#include "tfm_internal_trusted_storage.h"
#include "its_utils.h"
@@ -22,13 +23,6 @@
#endif /* PSA_FRAMEWORK_HAS_MM_IOVEC != 1 */
#if PSA_FRAMEWORK_HAS_MM_IOVEC != 1
-#ifndef ITS_BUF_SIZE
-/* By default, set the ITS buffer size to the max asset size so that all
- * requests can be handled in one iteration.
- */
-#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
-#endif
-
/* Buffer to store asset data from the caller.
* Note: size must be aligned to the max flash program unit to meet the
* alignment requirement of the filesystem.