Attest: Set features with config header file
Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com>
Change-Id: Ida7dd261415ac660a425931624a658d766745b91
diff --git a/config/config_base.cmake b/config/config_base.cmake
index d95ae58..4e3ddf7 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -130,10 +130,6 @@
set(TFM_PARTITION_INITIAL_ATTESTATION OFF CACHE BOOL "Enable Initial Attestation partition")
set(SYMMETRIC_INITIAL_ATTESTATION OFF CACHE BOOL "Use symmetric crypto for inital attestation")
-set(ATTEST_INCLUDE_OPTIONAL_CLAIMS ON CACHE BOOL "Include optional claims in initial attestation token")
-set(ATTEST_INCLUDE_COSE_KEY_ID OFF CACHE BOOL "Include COSE key-id in initial attestation token")
-set(ATTEST_TOKEN_PROFILE "PSA_IOT_1" CACHE STRING "Set the initial attestation token profile. Options: PSA_IOT_1, PSA_2_0_0, ARM_CCA")
-set(ATTEST_STACK_SIZE "0x700" CACHE STRING "The stack size of the Initial Attestation Secure Partition")
set(ATTEST_INCLUDE_TEST_CODE OFF CACHE BOOL "Include minimal development tests in the initial attestation regression test suite")
set(ATTEST_KEY_BITS 256 CACHE STRING "The size of the initial attestation key in bits")
diff --git a/config/config_base.h b/config/config_base.h
index e524db7..501fcb6 100644
--- a/config/config_base.h
+++ b/config/config_base.h
@@ -83,4 +83,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_BASE_H__ */
diff --git a/config/profile/config_profile_large.h b/config/profile/config_profile_large.h
index 8e09d71..9ee21e1 100644
--- a/config/profile/config_profile_large.h
+++ b/config/profile/config_profile_large.h
@@ -83,4 +83,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_PROFILE_LARGE_H__ */
diff --git a/config/profile/config_profile_medium.h b/config/profile/config_profile_medium.h
index 83b93e4..a8bf346 100644
--- a/config/profile/config_profile_medium.h
+++ b/config/profile/config_profile_medium.h
@@ -83,4 +83,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_PROFILE_MEDIUM_H__ */
diff --git a/config/profile/config_profile_medium_arotless.h b/config/profile/config_profile_medium_arotless.h
index 59ca891..6fe338b 100644
--- a/config/profile/config_profile_medium_arotless.h
+++ b/config/profile/config_profile_medium_arotless.h
@@ -83,4 +83,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_PROFILE_MEDIUM_AROTLESS_H__ */
diff --git a/config/profile/config_profile_small.h b/config/profile/config_profile_small.h
index a3e0fac..368b5e6 100644
--- a/config/profile/config_profile_small.h
+++ b/config/profile/config_profile_small.h
@@ -80,4 +80,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_PROFILE_SMALL_H__ */
diff --git a/config/tests/config_test_psa_api.h b/config/tests/config_test_psa_api.h
index a4c02f2..816b62c 100644
--- a/config/tests/config_test_psa_api.h
+++ b/config/tests/config_test_psa_api.h
@@ -83,4 +83,18 @@
/* The stack size of the Firmware Update Secure Partition */
#define FWU_STACK_SIZE 0x600
+/* Attest Partition Configs */
+
+/* Include optional claims in initial attestation token */
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+/* Include COSE key-id in initial attestation token */
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+/* The stack size of the Initial Attestation Secure Partition */
+#define ATTEST_STACK_SIZE 0x700
+
+/* Set the initial attestation token profile */
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
#endif /* __CONFIG_TEST_PSA_API_H__ */
diff --git a/interface/include/tfm_attest_iat_defs.h b/interface/include/tfm_attest_iat_defs.h
index e5eebc5..b917c2d 100644
--- a/interface/include/tfm_attest_iat_defs.h
+++ b/interface/include/tfm_attest_iat_defs.h
@@ -12,7 +12,9 @@
extern "C" {
#endif
-#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1)
+#include "config_attest.h"
+
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1
/* In case of the original PSA_IOT_PROFILE_1 */
#define IAT_ARM_RANGE_BASE (-75000)
@@ -34,7 +36,7 @@
*/
#define NO_SW_COMPONENT_FIXED_VALUE 1
-#elif defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#elif ATTEST_TOKEN_PROFILE_PSA_2_0_0
/* In case of PSA_2_0_0 (updated PSA profile ) */
#define IAT_NONCE 10 /* EAT nonce */
@@ -49,7 +51,7 @@
#define IAT_SW_COMPONENTS (IAT_ARM_RANGE_BASE + 6)
#define IAT_VERIFICATION_SERVICE (IAT_ARM_RANGE_BASE + 7)
-#elif defined(ATTEST_TOKEN_PROFILE_ARM_CCA)
+#elif ATTEST_TOKEN_PROFILE_ARM_CCA
/* In case of ARM_CCA profile */
#define IAT_NONCE 10 /* EAT nonce*/
diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt
index db47177..055e1f5 100755
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -128,7 +128,6 @@
PRIVATE
$<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
$<$<BOOL:${TFM_DUMMY_PROVISIONING}>:TFM_DUMMY_PROVISIONING>
- $<$<BOOL:${ATTEST_INCLUDE_COSE_KEY_ID}>:ATTEST_INCLUDE_COSE_KEY_ID>
$<$<BOOL:${PLATFORM_DEFAULT_NV_COUNTERS}>:PLATFORM_DEFAULT_NV_COUNTERS>
$<$<BOOL:${PLATFORM_DEFAULT_OTP_WRITEABLE}>:OTP_WRITEABLE>
)
@@ -216,7 +215,6 @@
$<$<BOOL:${PLATFORM_DEFAULT_OTP}>:PLATFORM_DEFAULT_OTP>
$<$<BOOL:${OTP_NV_COUNTERS_RAM_EMULATION}>:OTP_NV_COUNTERS_RAM_EMULATION>
$<$<BOOL:${TFM_DUMMY_PROVISIONING}>:TFM_DUMMY_PROVISIONING>
- $<$<BOOL:${ATTEST_INCLUDE_COSE_KEY_ID}>:ATTEST_INCLUDE_COSE_KEY_ID>
$<$<BOOL:${PLATFORM_DEFAULT_NV_COUNTERS}>:PLATFORM_DEFAULT_NV_COUNTERS>
$<$<BOOL:${PLATFORM_DEFAULT_OTP_WRITEABLE}>:OTP_WRITEABLE>
)
diff --git a/platform/ext/accelerator/cc312/CMakeLists.txt b/platform/ext/accelerator/cc312/CMakeLists.txt
index bb9c130..8cb64e4 100644
--- a/platform/ext/accelerator/cc312/CMakeLists.txt
+++ b/platform/ext/accelerator/cc312/CMakeLists.txt
@@ -114,6 +114,7 @@
target_link_libraries(platform_bl2
PRIVATE
bl2_crypto_hw
+ tfm_config
)
target_link_libraries(${CC312_LIB_PREFIX}cc312_cdmpu
diff --git a/platform/ext/accelerator/cc312/otp_cc312.c b/platform/ext/accelerator/cc312/otp_cc312.c
index 61573c2..2909f8f 100644
--- a/platform/ext/accelerator/cc312/otp_cc312.c
+++ b/platform/ext/accelerator/cc312/otp_cc312.c
@@ -5,6 +5,7 @@
*
*/
+#include "config_attest.h"
#include "tfm_plat_otp.h"
#include "cmsis_compiler.h"
@@ -513,7 +514,7 @@
return err;
}
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
err = verify_zero_bits_count(otp->iak_id,
sizeof(otp->iak_id),
(uint8_t*)&otp->iak_id_zero_bits);
diff --git a/platform/ext/common/provisioning.c b/platform/ext/common/provisioning.c
index 8b6c3e7..358d772 100644
--- a/platform/ext/common/provisioning.c
+++ b/platform/ext/common/provisioning.c
@@ -5,6 +5,7 @@
*
*/
+#include "config_attest.h"
#include "tfm_plat_provisioning.h"
#include "cmsis_compiler.h"
@@ -90,11 +91,11 @@
/* verification_service_url */
"www.trustedfirmware.org",
/* attestation_profile_definition */
-#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1)
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1
"PSA_IOT_PROFILE_1",
-#elif defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#elif ATTEST_TOKEN_PROFILE_PSA_2_0_0
"http://arm.com/psa/2.0.0",
-#elif defined(ATTEST_TOKEN_PROFILE_ARM_CCA)
+#elif ATTEST_TOKEN_PROFILE_ARM_CCA
"http://arm.com/CCA-SSD/1.0.0",
#else
#ifdef TFM_PARTITION_INITIAL_ATTESTATION
@@ -195,7 +196,7 @@
return err;
}
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
err = tfm_plat_otp_write(PLAT_OTP_ID_IAK_ID,
sizeof(psa_rot_prov_data.iak_id),
psa_rot_prov_data.iak_id);
diff --git a/platform/ext/target/arm/rss/common/provisioning.c b/platform/ext/target/arm/rss/common/provisioning.c
index ebcfd82..a861782 100644
--- a/platform/ext/target/arm/rss/common/provisioning.c
+++ b/platform/ext/target/arm/rss/common/provisioning.c
@@ -8,6 +8,7 @@
#include "tfm_plat_provisioning.h"
#include "cmsis_compiler.h"
+#include "config_attest.h"
#include "tfm_plat_otp.h"
#include "tfm_attest_hal.h"
#include "psa/crypto.h"
@@ -115,11 +116,11 @@
/* verification_service_url */
"www.trustedfirmware.org",
/* attestation_profile_definition */
-#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1)
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1
"PSA_IOT_PROFILE_1",
-#elif defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#elif ATTEST_TOKEN_PROFILE_PSA_2_0_0
"http://arm.com/psa/2.0.0",
-#elif defined(ATTEST_TOKEN_PROFILE_ARM_CCA)
+#elif ATTEST_TOKEN_PROFILE_ARM_CCA
"http://arm.com/CCA-SSD/1.0.0",
#else
#ifdef TFM_PARTITION_INITIAL_ATTESTATION
diff --git a/secure_fw/partitions/initial_attestation/CMakeLists.txt b/secure_fw/partitions/initial_attestation/CMakeLists.txt
index 7b0a85f..ffdf1e1 100644
--- a/secure_fw/partitions/initial_attestation/CMakeLists.txt
+++ b/secure_fw/partitions/initial_attestation/CMakeLists.txt
@@ -49,6 +49,7 @@
target_link_libraries(tfm_psa_rot_partition_attestation
PRIVATE
platform_s
+ tfm_config
tfm_qcbor_s
tfm_t_cose_s
tfm_sprt
@@ -59,10 +60,7 @@
PRIVATE
$<$<BOOL:${ATTEST_INCLUDE_TEST_CODE}>:INCLUDE_TEST_CODE>
$<$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>:SYMMETRIC_INITIAL_ATTESTATION>
- $<$<BOOL:${ATTEST_INCLUDE_OPTIONAL_CLAIMS}>:INCLUDE_OPTIONAL_CLAIMS>
- $<$<BOOL:${ATTEST_INCLUDE_COSE_KEY_ID}>:ATTEST_INCLUDE_COSE_KEY_ID>
$<$<NOT:$<BOOL:${PLATFORM_DEFAULT_ATTEST_HAL}>>:CLAIM_VALUE_CHECK>
- ATTEST_TOKEN_PROFILE_${ATTEST_TOKEN_PROFILE}
$<$<NOT:$<BOOL:${SYMMETRIC_INITIAL_ATTESTATION}>>:ATTEST_KEY_BITS=${ATTEST_KEY_BITS}>
)
@@ -75,9 +73,9 @@
.
)
-target_compile_definitions(tfm_attestation_defs
+target_link_libraries(tfm_attestation_defs
INTERFACE
- ATTEST_TOKEN_PROFILE_${ATTEST_TOKEN_PROFILE}
+ tfm_config
)
############################ Partition Defs ####################################
@@ -92,12 +90,3 @@
INTERFACE
TFM_PARTITION_INITIAL_ATTESTATION
)
-
-################ Display the configuration being applied #######################
-
-include(utils)
-dump_options("Initial Attestation config"
-"
- ATTEST_STACK_SIZE
-"
-)
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 93dd9d7..1a8b773 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -9,6 +9,7 @@
#include "attest_key.h"
#include <stdint.h>
#include <stddef.h>
+#include "config_attest.h"
#include "tfm_plat_defs.h"
#include "tfm_plat_device_id.h"
#include "t_cose_standard_constants.h"
@@ -33,7 +34,7 @@
static size_t attestation_public_key_len = 0;
static psa_ecc_family_t attestation_key_curve;
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
/* 32bytes */
static uint8_t attestation_key_id[PSA_HASH_LENGTH(PSA_ALG_SHA_256)];
#endif
@@ -128,7 +129,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
#define MAX_ENCODED_COSE_KEY_SIZE \
1 + /* 1 byte to encode map */ \
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c
index f88f772..fe0ecb1 100644
--- a/secure_fw/partitions/initial_attestation/attest_core.c
+++ b/secure_fw/partitions/initial_attestation/attest_core.c
@@ -13,6 +13,7 @@
#include "attest_boot_data.h"
#include "attest_key.h"
#include "attest_token.h"
+#include "config_attest.h"
#include "tfm_plat_defs.h"
#include "tfm_plat_device_id.h"
#include "tfm_plat_boot_seed.h"
@@ -157,7 +158,7 @@
}
if (component_cnt == 0) {
-#ifdef ATTEST_TOKEN_PROFILE_PSA_IOT_1
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1
/* Allowed to not have SW components claim, but it must be indicated
* that this state is intentional. In this case, include the
* IAT_NO_SW_COMPONENTS claim with a fixed value.
@@ -313,7 +314,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#if defined(INCLUDE_OPTIONAL_CLAIMS)
+#if ATTEST_INCLUDE_OPTIONAL_CLAIMS
/*!
* \brief Static function to add the verification service indicator claim
* to the attestation token.
@@ -343,10 +344,9 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#endif /* INCLUDE_OPTIONAL_CLAIMS */
+#endif /* ATTEST_INCLUDE_OPTIONAL_CLAIMS */
-#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \
- defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1 || ATTEST_TOKEN_PROFILE_PSA_2_0_0
/*!
* \brief Static function to add boot seed claim to attestation token.
*
@@ -413,7 +413,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#if defined(INCLUDE_OPTIONAL_CLAIMS)
+#if ATTEST_INCLUDE_OPTIONAL_CLAIMS
/*!
* \brief Static function to add certification reference claim to attestation
* token.
@@ -458,10 +458,10 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#endif /* INCLUDE_OPTIONAL_CLAIMS */
+#endif /* ATTEST_INCLUDE_OPTIONAL_CLAIMS */
#endif /* ATTEST_TOKEN_PROFILE_PSA_IOT_1 || ATTEST_TOKEN_PROFILE_PSA_2_0_0 */
-#ifdef ATTEST_TOKEN_PROFILE_ARM_CCA
+#if ATTEST_TOKEN_PROFILE_ARM_CCA
/*!
* \brief Static function to add the platform hash algorithm identifier
* claim to the attestation token. This hash algo is used for extending
@@ -679,8 +679,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#if defined(ATTEST_TOKEN_PROFILE_PSA_IOT_1) || \
- defined(ATTEST_TOKEN_PROFILE_PSA_2_0_0)
+#if ATTEST_TOKEN_PROFILE_PSA_IOT_1 || ATTEST_TOKEN_PROFILE_PSA_2_0_0
static enum psa_attest_err_t
(*claim_query_funcs[])(struct attest_token_encode_ctx *) = {
&attest_add_boot_seed_claim,
@@ -690,12 +689,12 @@
&attest_add_security_lifecycle_claim,
&attest_add_all_sw_components,
&attest_add_profile_definition,
-#ifdef INCLUDE_OPTIONAL_CLAIMS
+#if ATTEST_INCLUDE_OPTIONAL_CLAIMS
&attest_add_verification_service,
&attest_add_cert_ref_claim
#endif
};
-#elif defined(ATTEST_TOKEN_PROFILE_ARM_CCA)
+#elif ATTEST_TOKEN_PROFILE_ARM_CCA
static enum psa_attest_err_t
(*claim_query_funcs[])(struct attest_token_encode_ctx *) = {
@@ -706,7 +705,7 @@
&attest_add_profile_definition,
&attest_add_hash_algo_claim,
&attest_add_platform_config_claim,
-#ifdef INCLUDE_OPTIONAL_CLAIMS
+#if ATTEST_INCLUDE_OPTIONAL_CLAIMS
&attest_add_verification_service,
#endif
};
diff --git a/secure_fw/partitions/initial_attestation/attest_key.h b/secure_fw/partitions/initial_attestation/attest_key.h
index 5aa2d12..d278eb9 100644
--- a/secure_fw/partitions/initial_attestation/attest_key.h
+++ b/secure_fw/partitions/initial_attestation/attest_key.h
@@ -9,6 +9,7 @@
#define __ATTEST_KEY_H__
#include "attest.h"
+#include "config_attest.h"
#include "psa/initial_attestation.h"
#include "psa/crypto.h"
#include "q_useful_buf.h"
@@ -30,7 +31,7 @@
enum psa_attest_err_t
attest_get_instance_id(struct q_useful_buf_c *id_buf);
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
/**
* \brief Get the attestation key ID.
* In asymmetric key algorithm based Initial Attestation, it is the hash
diff --git a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
index 35b2296..92f3281 100644
--- a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
@@ -11,6 +11,7 @@
#include <string.h>
#include "attest_key.h"
+#include "config_attest.h"
#include "psa/crypto.h"
#include "tfm_crypto_defs.h"
@@ -27,7 +28,7 @@
static uint8_t instance_id_buf[PSA_HASH_LENGTH(INSTANCE_ID_HASH_ALG) + 1];
static size_t instance_id_len = 0;
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
/* kid buffer */
static uint8_t kid_buf[KID_BUF_LEN];
/* Actual kid length */
@@ -145,7 +146,7 @@
return PSA_ATTEST_ERR_SUCCESS;
}
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
enum psa_attest_err_t
attest_get_initial_attestation_key_id(struct q_useful_buf_c *attest_key_id)
{
diff --git a/secure_fw/partitions/initial_attestation/attest_token_encode.c b/secure_fw/partitions/initial_attestation/attest_token_encode.c
index 58c7c27..c4239d6 100644
--- a/secure_fw/partitions/initial_attestation/attest_token_encode.c
+++ b/secure_fw/partitions/initial_attestation/attest_token_encode.c
@@ -10,6 +10,7 @@
*/
#include "attest_token.h"
+#include "config_attest.h"
#include "qcbor.h"
#ifdef SYMMETRIC_INITIAL_ATTESTATION
#include "t_cose_mac0_sign.h"
@@ -244,7 +245,7 @@
if (opt_flags & TOKEN_OPT_SHORT_CIRCUIT_SIGN) {
t_cose_options |= T_COSE_OPT_SHORT_CIRCUIT_SIG;
} else {
-#ifdef ATTEST_INCLUDE_COSE_KEY_ID
+#if ATTEST_INCLUDE_COSE_KEY_ID
attest_ret = attest_get_initial_attestation_key_id(&attest_key_id);
if (attest_ret != PSA_ATTEST_ERR_SUCCESS) {
return ATTEST_TOKEN_ERR_GENERAL;
diff --git a/secure_fw/partitions/initial_attestation/config_attest.h b/secure_fw/partitions/initial_attestation/config_attest.h
new file mode 100644
index 0000000..b1b2697
--- /dev/null
+++ b/secure_fw/partitions/initial_attestation/config_attest.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PARTITION_ATTEST_H__
+#define __CONFIG_PARTITION_ATTEST_H__
+
+#include "config_tfm.h"
+
+/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
+#pragma message ("ATTEST_INCLUDE_OPTIONAL_CLAIMS is defaulted to 1. Please check and set it explicitly.")
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#endif
+
+/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
+#pragma message ("ATTEST_INCLUDE_COSE_KEY_ID is defaulted to 0. Please check and set it explicitly.")
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
+
+/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
+#pragma message ("ATTEST_STACK_SIZE is defaulted to 0x700. Please check and set it explicitly.")
+#define ATTEST_STACK_SIZE 0x700
+#endif
+
+/* Set the initial attestation token profile */
+#if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
+ (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
+ (!ATTEST_TOKEN_PROFILE_ARM_CCA)
+#pragma message ("ATTEST_TOKEN_PROFILE_PSA_IOT_1 is chosen by default. Please check and set it explicitly.")
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
+
+#endif /* __CONFIG_PARTITION_ATTEST_H__ */