Build: Decouple option setting and check in header file config system
Option settings and checks are mixed in config_<component>.h.
config_<component>.h is then included by other components outside the
current one.
Those checks often depends on build options managed in CMake/Kconfig
config. Many of these build options are transparent to other components.
For example, if a <component> specific build option is transparent to
NSPE, when NS is built separatedly from TF-M secure side, this build
option is missing in NS build and then the corresponding checks in
config_<component>.h will fail the build.
Decouple option settings and checks to solve the issue above.
- Add #ifndef/#endif pairs in config_base.h to collect all the base
option settings.
- Let config_tfm.h include config_base.h. It becomes the common config
header file to be included by all components.
- Only keep invalid config check in config_<component>.h. Renamed
config_<component>.h as config_<component>_check.h.
Users shall explicitly set config values in PROJECT_CONFIG_HEADER_FILE
rather than relying on components to implicitly set default values.
- config_<component>_check.h is only included by <component> for check
only.
Change-Id: I8e447a41dee515be53f8c7458f4ada3a965ad566
Signed-off-by: David Hu <david.hu@arm.com>
diff --git a/cmake/install.cmake b/cmake/install.cmake
index f445df8..d251dd3 100644
--- a/cmake/install.cmake
+++ b/cmake/install.cmake
@@ -43,6 +43,8 @@
install(FILES ${CMAKE_SOURCE_DIR}/secure_fw/include/config_tfm.h
DESTINATION ${INSTALL_INTERFACE_INC_DIR})
+install(FILES ${CMAKE_SOURCE_DIR}/config/config_base.h
+ DESTINATION ${INSTALL_INTERFACE_INC_DIR})
install(FILES ${INTERFACE_INC_DIR}/tfm_psa_call_pack.h
DESTINATION ${INSTALL_INTERFACE_INC_DIR})
diff --git a/config/config_base.cmake b/config/config_base.cmake
index 63574da..e14f36f 100755
--- a/config/config_base.cmake
+++ b/config/config_base.cmake
@@ -58,7 +58,7 @@
set(CONFIG_TFM_STACK_WATERMARKS OFF CACHE BOOL "Whether to pre-fill partition stacks with a set value to help determine stack usage")
-set(PROJECT_CONFIG_HEADER_FILE "${CMAKE_SOURCE_DIR}/config/config_base.h" CACHE FILEPATH "User defined header file for TF-M config")
+set(PROJECT_CONFIG_HEADER_FILE "" CACHE FILEPATH "User defined header file for TF-M config")
############################ Platform ##########################################
diff --git a/config/config_base.h b/config/config_base.h
index 37cff07..8f572db 100644
--- a/config/config_base.h
+++ b/config/config_base.h
@@ -11,16 +11,24 @@
/* Platform Partition Configs */
/* Size of input buffer in platform service */
+#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+#endif
/* Size of output buffer in platform service */
+#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+#endif
/* The stack size of the Platform Secure Partition */
+#ifndef PLATFORM_SP_STACK_SIZE
#define PLATFORM_SP_STACK_SIZE 0x500
+#endif
/* Disable Non-volatile counter module */
+#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+#endif
/* Crypto Partition Configs */
@@ -28,130 +36,206 @@
* Heap size for the crypto backend
* CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
*/
+#ifndef CRYPTO_ENGINE_BUF_SIZE
#define CRYPTO_ENGINE_BUF_SIZE 0x2080
+#endif
/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
+#ifndef CRYPTO_CONC_OPER_NUM
#define CRYPTO_CONC_OPER_NUM 8
+#endif
/* Enable PSA Crypto random number generator module */
+#ifndef CRYPTO_RNG_MODULE_ENABLED
#define CRYPTO_RNG_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Key module */
+#ifndef CRYPTO_KEY_MODULE_ENABLED
#define CRYPTO_KEY_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto AEAD module */
+#ifndef CRYPTO_AEAD_MODULE_ENABLED
#define CRYPTO_AEAD_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto MAC module */
+#ifndef CRYPTO_MAC_MODULE_ENABLED
#define CRYPTO_MAC_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Hash module */
+#ifndef CRYPTO_HASH_MODULE_ENABLED
#define CRYPTO_HASH_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto Cipher module */
+#ifndef CRYPTO_CIPHER_MODULE_ENABLED
#define CRYPTO_CIPHER_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key signature module */
+#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto asymmetric key encryption module */
+#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
+#endif
/* Enable PSA Crypto key derivation module */
+#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+#endif
/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
+#ifndef CRYPTO_IOVEC_BUFFER_SIZE
#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+#endif
/* Use stored NV seed to provide entropy */
+#ifndef CRYPTO_NV_SEED
#define CRYPTO_NV_SEED 1
+#endif
/*
* Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
* to optimize memory footprint in resource-constrained devices.
*/
+#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+#endif
/* The stack size of the Crypto Secure Partition */
+#ifndef CRYPTO_STACK_SIZE
#define CRYPTO_STACK_SIZE 0x1B00
+#endif
/* FWU Partition Configs */
/* Size of the FWU internal data transfer buffer */
+#ifndef TFM_FWU_BUF_SIZE
#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+#endif
/* The stack size of the Firmware Update Secure Partition */
+#ifndef FWU_STACK_SIZE
#define FWU_STACK_SIZE 0x600
+#endif
/* Attest Partition Configs */
/* Include optional claims in initial attestation token */
+#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+#endif
/* Include COSE key-id in initial attestation token */
+#ifndef ATTEST_INCLUDE_COSE_KEY_ID
#define ATTEST_INCLUDE_COSE_KEY_ID 0
+#endif
/* The stack size of the Initial Attestation Secure Partition */
+#ifndef ATTEST_STACK_SIZE
#define ATTEST_STACK_SIZE 0x700
+#endif
/* Set the initial attestation token profile */
+#if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
+ (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
+ (!ATTEST_TOKEN_PROFILE_ARM_CCA)
#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+#endif
/* ITS Partition Configs */
/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
+#ifndef ITS_CREATE_FLASH_LAYOUT
#define ITS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
+#ifndef ITS_RAM_FS
#define ITS_RAM_FS 0
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Internal Trusted Storage */
+#ifndef ITS_MAX_ASSET_SIZE
#define ITS_MAX_ASSET_SIZE 512
+#endif
/*
* Size of the ITS internal data transfer buffer
* (Default to the max asset size so that all requests can be handled in one iteration.)
*/
+#ifndef ITS_BUF_SIZE
#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+#endif
/* The maximum number of assets to be stored in the Internal Trusted Storage */
+#ifndef ITS_NUM_ASSETS
#define ITS_NUM_ASSETS 10
+#endif
/* The stack size of the Internal Trusted Storage Secure Partition */
+#ifndef ITS_STACK_SIZE
#define ITS_STACK_SIZE 0x720
+#endif
/* PS Partition Configs */
/* Create flash FS if it doesn't exist for Protected Storage partition */
+#ifndef PS_CREATE_FLASH_LAYOUT
#define PS_CREATE_FLASH_LAYOUT 1
+#endif
/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
+#ifndef PS_RAM_FS
#define PS_RAM_FS 0
+#endif
/* Enable rollback protection for Protected Storage partition */
+#ifndef PS_ROLLBACK_PROTECTION
#define PS_ROLLBACK_PROTECTION 1
+#endif
/* Validate filesystem metadata every time it is read from flash */
+#ifndef PS_VALIDATE_METADATA_FROM_FLASH
#define PS_VALIDATE_METADATA_FROM_FLASH 1
+#endif
/* The maximum asset size to be stored in the Protected Storage */
+#ifndef PS_MAX_ASSET_SIZE
#define PS_MAX_ASSET_SIZE 2048
+#endif
/* The maximum number of assets to be stored in the Protected Storage */
+#ifndef PS_NUM_ASSETS
#define PS_NUM_ASSETS 10
+#endif
/* The stack size of the Protected Storage Secure Partition */
+#ifndef PS_STACK_SIZE
#define PS_STACK_SIZE 0x700
+#endif
/* SPM Partition Configs */
/* The maximal number of secure services that are connected or requested at the same time */
+#ifndef CONFIG_TFM_CONN_HANDLE_MAX_NUM
#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+#endif
/* Disable the doorbell APIs */
+#ifndef CONFIG_TFM_DOORBELL_API
#define CONFIG_TFM_DOORBELL_API 0
+#endif
#endif /* __CONFIG_BASE_H__ */
diff --git a/config/post_config.cmake b/config/post_config.cmake
index ca2c7d8..64cf03b 100644
--- a/config/post_config.cmake
+++ b/config/post_config.cmake
@@ -46,3 +46,8 @@
TARGET_CONFIG_HEADER_FILE="${TARGET_CONFIG_HEADER_FILE}"
)
endif()
+
+target_include_directories(tfm_config
+ INTERFACE
+ ${CMAKE_CURRENT_LIST_DIR}
+)
diff --git a/interface/include/tfm_attest_iat_defs.h b/interface/include/tfm_attest_iat_defs.h
index b917c2d..2e628e1 100644
--- a/interface/include/tfm_attest_iat_defs.h
+++ b/interface/include/tfm_attest_iat_defs.h
@@ -12,7 +12,7 @@
extern "C" {
#endif
-#include "config_attest.h"
+#include "config_tfm.h"
#if ATTEST_TOKEN_PROFILE_PSA_IOT_1
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
index 1edae60..5e3b3e5 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
@@ -29,7 +29,7 @@
#ifndef MBEDTLS_CONFIG_H
#define MBEDTLS_CONFIG_H
-#include "config_crypto.h"
+#include "config_tfm.h"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
index ad325a8..20219c2 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
@@ -29,7 +29,7 @@
#ifndef PROFILE_L_MBEDTLS_CONFIG_H
#define PROFILE_L_MBEDTLS_CONFIG_H
-#include "config_crypto.h"
+#include "config_tfm.h"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
index 6840cfe..5ecfeaa 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
@@ -29,7 +29,7 @@
#ifndef PROFILE_M_MBEDTLS_CONFIG_H
#define PROFILE_M_MBEDTLS_CONFIG_H
-#include "config_crypto.h"
+#include "config_tfm.h"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
index d174f5d..7f9b575 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
@@ -29,7 +29,7 @@
#ifndef PROFILE_S_MBEDTLS_CONFIG_H
#define PROFILE_S_MBEDTLS_CONFIG_H
-#include "config_crypto.h"
+#include "config_tfm.h"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/platform/ext/accelerator/cc312/otp_cc312.c b/platform/ext/accelerator/cc312/otp_cc312.c
index 2909f8f..e5e35ee 100644
--- a/platform/ext/accelerator/cc312/otp_cc312.c
+++ b/platform/ext/accelerator/cc312/otp_cc312.c
@@ -5,7 +5,7 @@
*
*/
-#include "config_attest.h"
+#include "config_tfm.h"
#include "tfm_plat_otp.h"
#include "cmsis_compiler.h"
diff --git a/platform/ext/common/provisioning.c b/platform/ext/common/provisioning.c
index 01f482e..a03ecd5 100644
--- a/platform/ext/common/provisioning.c
+++ b/platform/ext/common/provisioning.c
@@ -5,7 +5,7 @@
*
*/
-#include "config_attest.h"
+#include "config_tfm.h"
#include "tfm_plat_provisioning.h"
#include "cmsis_compiler.h"
diff --git a/platform/ext/target/arm/rss/common/bl1/provisioning.c b/platform/ext/target/arm/rss/common/bl1/provisioning.c
index 0c3471c..a2bfe25 100644
--- a/platform/ext/target/arm/rss/common/bl1/provisioning.c
+++ b/platform/ext/target/arm/rss/common/bl1/provisioning.c
@@ -7,7 +7,7 @@
#include "tfm_plat_provisioning.h"
-#include "config_attest.h"
+#include "config_tfm.h"
#include "cmsis_compiler.h"
#include "tfm_plat_otp.h"
#include "tfm_attest_hal.h"
diff --git a/secure_fw/include/config_tfm.h b/secure_fw/include/config_tfm.h
index 5f60871..d59be98 100644
--- a/secure_fw/include/config_tfm.h
+++ b/secure_fw/include/config_tfm.h
@@ -24,6 +24,8 @@
#include TARGET_CONFIG_HEADER_FILE
#endif
+#include "config_base.h"
+
#ifdef __cplusplus
}
#endif
diff --git a/secure_fw/partitions/crypto/config_crypto.h b/secure_fw/partitions/crypto/config_crypto.h
deleted file mode 100644
index 40d2c09..0000000
--- a/secure_fw/partitions/crypto/config_crypto.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_CRYPTO_H__
-#define __CONFIG_PARTITION_CRYPTO_H__
-
-#include "config_tfm.h"
-
-/*
- * Heap size for the crypto backend
- * CRYPTO_ENGINE_BUF_SIZE needs to be >8KB for EC signing by attest module.
- */
-#ifndef CRYPTO_ENGINE_BUF_SIZE
-#pragma message("CRYPTO_ENGINE_BUF_SIZE is defaulted to 0x2080. Please check and set it explicitly.")
-#define CRYPTO_ENGINE_BUF_SIZE 0x2080
-#endif
-
-/* The max number of concurrent operations that can be active (allocated) at any time in Crypto */
-#ifndef CRYPTO_CONC_OPER_NUM
-#pragma message("CRYPTO_CONC_OPER_NUM is defaulted to 8. Please check and set it explicitly.")
-#define CRYPTO_CONC_OPER_NUM 8
-#endif
-
-/* Enable PSA Crypto random number generator module */
-#ifndef CRYPTO_RNG_MODULE_ENABLED
-#pragma message("CRYPTO_RNG_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_RNG_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto Key module */
-#ifndef CRYPTO_KEY_MODULE_ENABLED
-#pragma message("CRYPTO_KEY_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_KEY_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto AEAD module */
-#ifndef CRYPTO_AEAD_MODULE_ENABLED
-#pragma message("CRYPTO_AEAD_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_AEAD_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto MAC module */
-#ifndef CRYPTO_MAC_MODULE_ENABLED
-#pragma message("CRYPTO_MAC_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_MAC_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto Hash module */
-#ifndef CRYPTO_HASH_MODULE_ENABLED
-#pragma message("CRYPTO_HASH_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_HASH_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto Cipher module */
-#ifndef CRYPTO_CIPHER_MODULE_ENABLED
-#pragma message("CRYPTO_CIPHER_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_CIPHER_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto asymmetric key signature module */
-#ifndef CRYPTO_ASYM_SIGN_MODULE_ENABLED
-#pragma message("CRYPTO_ASYM_SIGN_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto asymmetric key encryption module */
-#ifndef CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
-#pragma message("CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
-#endif
-
-/* Enable PSA Crypto key derivation module */
-#ifndef CRYPTO_KEY_DERIVATION_MODULE_ENABLED
-#pragma message("CRYPTO_KEY_DERIVATION_MODULE_ENABLED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
-#endif
-
-/* Default size of the internal scratch buffer used for PSA FF IOVec allocations */
-#ifndef CRYPTO_IOVEC_BUFFER_SIZE
-#pragma message("CRYPTO_IOVEC_BUFFER_SIZE is defaulted to 5120. Please check and set it explicitly.")
-#define CRYPTO_IOVEC_BUFFER_SIZE 5120
-#endif
-
-/* Use stored NV seed to provide entropy */
-#ifndef CRYPTO_NV_SEED
-#pragma message("CRYPTO_NV_SEED is defaulted to 1. Please check and set it explicitly.")
-#define CRYPTO_NV_SEED 1
-#endif
-
-/*
- * Only enable multi-part operations in Hash, MAC, AEAD and symmetric ciphers,
- * to optimize memory footprint in resource-constrained devices.
- */
-#ifndef CRYPTO_SINGLE_PART_FUNCS_DISABLED
-#pragma message("CRYPTO_SINGLE_PART_FUNCS_DISABLED is defaulted to 0. Please check and set it explicitly.")
-#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
-#endif
-
-/* The stack size of the Crypto Secure Partition */
-#ifndef CRYPTO_STACK_SIZE
-#pragma message("CRYPTO_STACK_SIZE is defaulted to 0x1B00. Please check and set it explicitly.")
-#define CRYPTO_STACK_SIZE 0x1B00
-#endif
-
-/* Check invalid configs. */
-#if CRYPTO_NV_SEED && defined(CRYPTO_HW_ACCELERATOR)
-#error "Invalid config: CRYPTO_NV_SEED AND CRYPTO_HW_ACCELERATOR!"
-#endif
-
-#if (!CRYPTO_NV_SEED) && (!defined(CRYPTO_HW_ACCELERATOR))
-#error "Invalid config: NOT CRYPTO_NV_SEED AND NOT CRYPTO_HW_ACCELERATOR!"
-#endif
-
-#endif /* __CONFIG_PARTITION_CRYPTO_H__ */
diff --git a/secure_fw/partitions/crypto/config_crypto_check.h b/secure_fw/partitions/crypto/config_crypto_check.h
new file mode 100644
index 0000000..9dbcd34
--- /dev/null
+++ b/secure_fw/partitions/crypto/config_crypto_check.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PARTITION_CRYPTO_H__
+#define __CONFIG_PARTITION_CRYPTO_H__
+
+#include "config_tfm.h"
+
+/* Check invalid configs. */
+#if CRYPTO_NV_SEED && defined(CRYPTO_HW_ACCELERATOR)
+#error "Invalid config: CRYPTO_NV_SEED AND CRYPTO_HW_ACCELERATOR!"
+#endif
+
+#if (!CRYPTO_NV_SEED) && (!defined(CRYPTO_HW_ACCELERATOR))
+#error "Invalid config: NOT CRYPTO_NV_SEED AND NOT CRYPTO_HW_ACCELERATOR!"
+#endif
+
+#endif /* __CONFIG_PARTITION_CRYPTO_H__ */
diff --git a/secure_fw/partitions/crypto/crypto_aead.c b/secure_fw/partitions/crypto/crypto_aead.c
index a49611b..cb83228 100644
--- a/secure_fw/partitions/crypto/crypto_aead.c
+++ b/secure_fw/partitions/crypto/crypto_aead.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_alloc.c b/secure_fw/partitions/crypto/crypto_alloc.c
index 73c2a46..059b749 100644
--- a/secure_fw/partitions/crypto/crypto_alloc.c
+++ b/secure_fw/partitions/crypto/crypto_alloc.c
@@ -9,7 +9,7 @@
#include <stdint.h>
#include <string.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_asymmetric.c b/secure_fw/partitions/crypto/crypto_asymmetric.c
index cd4289a..471d7de 100644
--- a/secure_fw/partitions/crypto/crypto_asymmetric.c
+++ b/secure_fw/partitions/crypto/crypto_asymmetric.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_check_config.h b/secure_fw/partitions/crypto/crypto_check_config.h
index 6c171ed..c06b46c 100644
--- a/secure_fw/partitions/crypto/crypto_check_config.h
+++ b/secure_fw/partitions/crypto/crypto_check_config.h
@@ -7,7 +7,7 @@
#ifndef __CRYPTO_CHECK_CONFIG_H__
#define __CRYPTO_CHECK_CONFIG_H__
-#include "config_crypto.h"
+#include "config_tfm.h"
#if CRYPTO_RNG_MODULE_ENABLED && \
(!defined(MBEDTLS_CTR_DRBG_C) && \
diff --git a/secure_fw/partitions/crypto/crypto_cipher.c b/secure_fw/partitions/crypto/crypto_cipher.c
index d30604c..b664b99 100644
--- a/secure_fw/partitions/crypto/crypto_cipher.c
+++ b/secure_fw/partitions/crypto/crypto_cipher.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_hash.c b/secure_fw/partitions/crypto/crypto_hash.c
index 3857772..4dc0b10 100644
--- a/secure_fw/partitions/crypto/crypto_hash.c
+++ b/secure_fw/partitions/crypto/crypto_hash.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index 741a5f6..8c115c8 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c
@@ -6,7 +6,8 @@
*/
#include <stdbool.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
+#include "config_crypto_check.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_key_derivation.c b/secure_fw/partitions/crypto/crypto_key_derivation.c
index c22fe31..f9fb1da 100644
--- a/secure_fw/partitions/crypto/crypto_key_derivation.c
+++ b/secure_fw/partitions/crypto/crypto_key_derivation.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
#include <string.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_sp_log.h"
#include "tfm_mbedcrypto_include.h"
diff --git a/secure_fw/partitions/crypto/crypto_key_management.c b/secure_fw/partitions/crypto/crypto_key_management.c
index 0fa11ae..328ce4d 100644
--- a/secure_fw/partitions/crypto/crypto_key_management.c
+++ b/secure_fw/partitions/crypto/crypto_key_management.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
#include "tfm_crypto_key.h"
diff --git a/secure_fw/partitions/crypto/crypto_library.c b/secure_fw/partitions/crypto/crypto_library.c
index 37b3e28..a3e0969 100644
--- a/secure_fw/partitions/crypto/crypto_library.c
+++ b/secure_fw/partitions/crypto/crypto_library.c
@@ -11,7 +11,7 @@
#include "tfm_sp_log.h"
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "psa/crypto.h"
#include "psa/error.h"
#include "crypto_library.h"
diff --git a/secure_fw/partitions/crypto/crypto_mac.c b/secure_fw/partitions/crypto/crypto_mac.c
index 0fcda86..6e7fab0 100644
--- a/secure_fw/partitions/crypto/crypto_mac.c
+++ b/secure_fw/partitions/crypto/crypto_mac.c
@@ -8,7 +8,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/crypto/crypto_rng.c b/secure_fw/partitions/crypto/crypto_rng.c
index 37cc18e..0cc8b34 100644
--- a/secure_fw/partitions/crypto/crypto_rng.c
+++ b/secure_fw/partitions/crypto/crypto_rng.c
@@ -9,7 +9,7 @@
#include <stddef.h>
#include <stdint.h>
-#include "config_crypto.h"
+#include "config_tfm.h"
#include "tfm_mbedcrypto_include.h"
#include "tfm_crypto_api.h"
diff --git a/secure_fw/partitions/firmware_update/config_fwu.h b/secure_fw/partitions/firmware_update/config_fwu.h
deleted file mode 100644
index 7980de4..0000000
--- a/secure_fw/partitions/firmware_update/config_fwu.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_FWU_H__
-#define __CONFIG_PARTITION_FWU_H__
-
-#include "config_tfm.h"
-
-/* Size of the FWU internal data transfer buffer */
-#ifndef TFM_FWU_BUF_SIZE
-#pragma message("TFM_FWU_BUF_SIZE is defaulted to PSA_FWU_MAX_WRITE_SIZE. Please check and set it explicitly.")
-#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
-#endif
-
-/* The stack size of the Firmware Update Secure Partition */
-#ifndef FWU_STACK_SIZE
-#pragma message("FWU_STACK_SIZE is defaulted to 0x600. Please check and set it explicitly.")
-#define FWU_STACK_SIZE 0x600
-#endif
-
-#endif /* __CONFIG_PARTITION_FWU_H__ */
diff --git a/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c b/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c
index e45921f..34257e0 100644
--- a/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c
+++ b/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c
@@ -8,7 +8,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
-#include "config_fwu.h"
+#include "config_tfm.h"
#include "tfm_platform_api.h"
#include "tfm_bootloader_fwu_abstraction.h"
#include "psa/update.h"
diff --git a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
index 5b47c64..3fd70f3 100644
--- a/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_asymmetric_key.c
@@ -9,7 +9,7 @@
#include "attest_key.h"
#include <stdint.h>
#include <stddef.h>
-#include "config_attest.h"
+#include "config_tfm.h"
#include "tfm_plat_defs.h"
#include "tfm_plat_device_id.h"
#include "t_cose_standard_constants.h"
diff --git a/secure_fw/partitions/initial_attestation/attest_core.c b/secure_fw/partitions/initial_attestation/attest_core.c
index fe0ecb1..c37d5d5 100644
--- a/secure_fw/partitions/initial_attestation/attest_core.c
+++ b/secure_fw/partitions/initial_attestation/attest_core.c
@@ -13,7 +13,7 @@
#include "attest_boot_data.h"
#include "attest_key.h"
#include "attest_token.h"
-#include "config_attest.h"
+#include "config_tfm.h"
#include "tfm_plat_defs.h"
#include "tfm_plat_device_id.h"
#include "tfm_plat_boot_seed.h"
diff --git a/secure_fw/partitions/initial_attestation/attest_key.h b/secure_fw/partitions/initial_attestation/attest_key.h
index d278eb9..cba5908 100644
--- a/secure_fw/partitions/initial_attestation/attest_key.h
+++ b/secure_fw/partitions/initial_attestation/attest_key.h
@@ -9,7 +9,7 @@
#define __ATTEST_KEY_H__
#include "attest.h"
-#include "config_attest.h"
+#include "config_tfm.h"
#include "psa/initial_attestation.h"
#include "psa/crypto.h"
#include "q_useful_buf.h"
diff --git a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
index 92f3281..2ae56d3 100644
--- a/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
+++ b/secure_fw/partitions/initial_attestation/attest_symmetric_key.c
@@ -11,7 +11,7 @@
#include <string.h>
#include "attest_key.h"
-#include "config_attest.h"
+#include "config_tfm.h"
#include "psa/crypto.h"
#include "tfm_crypto_defs.h"
diff --git a/secure_fw/partitions/initial_attestation/attest_token_encode.c b/secure_fw/partitions/initial_attestation/attest_token_encode.c
index a02480d..e5669e3 100644
--- a/secure_fw/partitions/initial_attestation/attest_token_encode.c
+++ b/secure_fw/partitions/initial_attestation/attest_token_encode.c
@@ -10,7 +10,7 @@
*/
#include "attest_token.h"
-#include "config_attest.h"
+#include "config_tfm.h"
#include "qcbor/qcbor.h"
#ifdef SYMMETRIC_INITIAL_ATTESTATION
#include "t_cose_mac0_sign.h"
diff --git a/secure_fw/partitions/initial_attestation/config_attest.h b/secure_fw/partitions/initial_attestation/config_attest.h
deleted file mode 100644
index 44aa671..0000000
--- a/secure_fw/partitions/initial_attestation/config_attest.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_ATTEST_H__
-#define __CONFIG_PARTITION_ATTEST_H__
-
-#include "config_tfm.h"
-
-/* Include optional claims in initial attestation token */
-#ifndef ATTEST_INCLUDE_OPTIONAL_CLAIMS
-#pragma message("ATTEST_INCLUDE_OPTIONAL_CLAIMS is defaulted to 1. Please check and set it explicitly.")
-#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
-#endif
-
-/* Include COSE key-id in initial attestation token */
-#ifndef ATTEST_INCLUDE_COSE_KEY_ID
-#pragma message("ATTEST_INCLUDE_COSE_KEY_ID is defaulted to 0. Please check and set it explicitly.")
-#define ATTEST_INCLUDE_COSE_KEY_ID 0
-#endif
-
-/* The stack size of the Initial Attestation Secure Partition */
-#ifndef ATTEST_STACK_SIZE
-#pragma message("ATTEST_STACK_SIZE is defaulted to 0x700. Please check and set it explicitly.")
-#define ATTEST_STACK_SIZE 0x700
-#endif
-
-/* Set the initial attestation token profile */
-#if (!ATTEST_TOKEN_PROFILE_PSA_IOT_1) && \
- (!ATTEST_TOKEN_PROFILE_PSA_2_0_0) && \
- (!ATTEST_TOKEN_PROFILE_ARM_CCA)
-#pragma message("ATTEST_TOKEN_PROFILE_PSA_IOT_1 is chosen by default. Please check and set it explicitly.")
-#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
-#endif
-
-#endif /* __CONFIG_PARTITION_ATTEST_H__ */
diff --git a/secure_fw/partitions/internal_trusted_storage/config_its.h b/secure_fw/partitions/internal_trusted_storage/config_its.h
deleted file mode 100644
index a1f7384..0000000
--- a/secure_fw/partitions/internal_trusted_storage/config_its.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_ITS_H__
-#define __CONFIG_PARTITION_ITS_H__
-
-#include "config_tfm.h"
-
-/* Create flash FS if it doesn't exist for Internal Trusted Storage partition */
-#ifndef ITS_CREATE_FLASH_LAYOUT
-#pragma message("ITS_CREATE_FLASH_LAYOUT is defaulted to 1. Please check and set it explicitly.")
-#define ITS_CREATE_FLASH_LAYOUT 1
-#endif
-
-/* Enable emulated RAM FS for platforms that don't have flash for Internal Trusted Storage partition */
-#ifndef ITS_RAM_FS
-#pragma message("ITS_RAM_FS is defaulted to 0. Please check and set it explicitly.")
-#define ITS_RAM_FS 0
-#endif
-
-/* Validate filesystem metadata every time it is read from flash */
-#ifndef ITS_VALIDATE_METADATA_FROM_FLASH
-#pragma message("ITS_VALIDATE_METADATA_FROM_FLASH is defaulted to 1. Please check and set it explicitly.")
-#define ITS_VALIDATE_METADATA_FROM_FLASH 1
-#endif
-
-/* The maximum asset size to be stored in the Internal Trusted Storage */
-#ifndef ITS_MAX_ASSET_SIZE
-#pragma message("ITS_MAX_ASSET_SIZE is defaulted to 512. Please check and set it explicitly.")
-#define ITS_MAX_ASSET_SIZE 512
-#endif
-
-/*
- * Size of the ITS internal data transfer buffer
- * (Default to the max asset size so that all requests can be handled in one iteration.)
- */
-#ifndef ITS_BUF_SIZE
-#pragma message("ITS_BUF_SIZE is defaulted to ITS_MAX_ASSET_SIZE. Please check and set it explicitly.")
-#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
-#endif
-
-/* The maximum number of assets to be stored in the Internal Trusted Storage */
-#ifndef ITS_NUM_ASSETS
-#pragma message("ITS_NUM_ASSETS is defaulted to 10. Please check and set it explicitly.")
-#define ITS_NUM_ASSETS 10
-#endif
-
-/* The stack size of the Internal Trusted Storage Secure Partition */
-#ifndef ITS_STACK_SIZE
-#pragma message("ITS_STACK_SIZE is defaulted to 0x720. Please check and set it explicitly.")
-#define ITS_STACK_SIZE 0x720
-#endif
-
-#endif /* __CONFIG_PARTITION_ITS_H__ */
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
index c880ad4..f432da4 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.c
@@ -7,7 +7,7 @@
#include "its_flash.h"
-#include "config_its.h"
+#include "config_tfm.h"
#include "flash_fs/its_flash_fs.h"
#if ITS_RAM_FS
diff --git a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
index 8248bae..1af7289 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
+++ b/secure_fw/partitions/internal_trusted_storage/flash/its_flash.h
@@ -11,7 +11,7 @@
#ifndef __ITS_FLASH_H__
#define __ITS_FLASH_H__
-#include "config_its.h"
+#include "config_tfm.h"
#include "its_utils.h"
#include "tfm_hal_its.h"
#ifdef TFM_PARTITION_PROTECTED_STORAGE
diff --git a/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c b/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
index 233e3f3..8ae4ed4 100644
--- a/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
+++ b/secure_fw/partitions/internal_trusted_storage/flash_fs/its_flash_fs_mblock.c
@@ -7,7 +7,7 @@
#include <string.h>
-#include "config_its.h"
+#include "config_tfm.h"
#include "its_flash_fs_mblock.h"
#include "psa/storage_common.h"
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
index ad3f5ec..d5484dd 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_internal_trusted_storage.c
@@ -7,7 +7,7 @@
*
*/
#include <string.h>
-#include "config_its.h"
+#include "config_tfm.h"
#include "tfm_internal_trusted_storage.h"
#include "tfm_hal_its.h"
diff --git a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
index e1b62b7..c767c06 100644
--- a/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
+++ b/secure_fw/partitions/internal_trusted_storage/tfm_its_req_mngr.c
@@ -10,7 +10,7 @@
#include <stdbool.h>
#include "cmsis_compiler.h"
-#include "config_its.h"
+#include "config_tfm.h"
#include "psa/storage_common.h"
#include "tfm_internal_trusted_storage.h"
#include "its_utils.h"
diff --git a/secure_fw/partitions/platform/config_platform.h b/secure_fw/partitions/platform/config_platform.h
deleted file mode 100644
index c55d07f..0000000
--- a/secure_fw/partitions/platform/config_platform.h
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_PLATFORM_H__
-#define __CONFIG_PARTITION_PLATFORM_H__
-
-#include "config_tfm.h"
-
-/* Size of input buffer in platform service */
-#ifndef PLATFORM_SERVICE_INPUT_BUFFER_SIZE
-#pragma message("PLATFORM_SERVICE_INPUT_BUFFER_SIZE is defaulted to 64. Please check and set it explicitly.")
-#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
-#endif
-
-/* Size of output buffer in platform service */
-#ifndef PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE
-#pragma message("PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE is defaulted to 64. Please check and set it explicitly.")
-#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
-#endif
-
-/* The stack size of the Platform Secure Partition */
-#ifndef PLATFORM_SP_STACK_SIZE
-#pragma message("PLATFORM_SP_STACK_SIZE is defaulted to 0x500. Please check and set it explicitly.")
-#define PLATFORM_SP_STACK_SIZE 0x500
-#endif
-
-/* Disable Non-volatile counter module */
-#ifndef PLATFORM_NV_COUNTER_MODULE_DISABLED
-#pragma message("PLATFORM_NV_COUNTER_MODULE_DISABLED is defaulted to 0. Please check and set it explicitly.")
-#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
-#endif
-
-#endif /* __CONFIG_PARTITION_PLATFORM_H__ */
diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
index d3bb00f..6099a8f 100644
--- a/secure_fw/partitions/platform/platform_sp.c
+++ b/secure_fw/partitions/platform/platform_sp.c
@@ -5,7 +5,7 @@
*
*/
-#include "config_platform.h"
+#include "config_tfm.h"
#include "platform_sp.h"
#include "tfm_platform_system.h"
diff --git a/secure_fw/partitions/protected_storage/config_ps.h b/secure_fw/partitions/protected_storage/config_ps.h
deleted file mode 100644
index 8955fc7..0000000
--- a/secure_fw/partitions/protected_storage/config_ps.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
- */
-
-#ifndef __CONFIG_PARTITION_PS_H__
-#define __CONFIG_PARTITION_PS_H__
-
-#include "config_its.h"
-#include "config_platform.h"
-#include "config_tfm.h"
-
-/* Create flash FS if it doesn't exist for Protected Storage partition */
-#ifndef PS_CREATE_FLASH_LAYOUT
-#pragma message("PS_CREATE_FLASH_LAYOUT is defaulted to 1. Please check and set it explicitly.")
-#define PS_CREATE_FLASH_LAYOUT 1
-#endif
-
-/* Enable emulated RAM FS for platforms that don't have flash for Protected Storage partition */
-#ifndef PS_RAM_FS
-#pragma message("PS_RAM_FS is defaulted to 0. Please check and set it explicitly.")
-#define PS_RAM_FS 0
-#endif
-
-/* Enable rollback protection for Protected Storage partition */
-#ifndef PS_ROLLBACK_PROTECTION
-#pragma message("PS_ROLLBACK_PROTECTION is defaulted to 1. Please check and set it explicitly.")
-#define PS_ROLLBACK_PROTECTION 1
-#endif
-
-/* Validate filesystem metadata every time it is read from flash */
-#ifndef PS_VALIDATE_METADATA_FROM_FLASH
-#pragma message("PS_VALIDATE_METADATA_FROM_FLASH is defaulted to 1. Please check and set it explicitly.")
-#define PS_VALIDATE_METADATA_FROM_FLASH 1
-#endif
-
-/* The maximum asset size to be stored in the Protected Storage */
-#ifndef PS_MAX_ASSET_SIZE
-#pragma message("PS_MAX_ASSET_SIZE is defaulted to 2048. Please check and set it explicitly.")
-#define PS_MAX_ASSET_SIZE 2048
-#endif
-
-/* The maximum number of assets to be stored in the Protected Storage */
-#ifndef PS_NUM_ASSETS
-#pragma message("PS_NUM_ASSETS is defaulted to 10. Please check and set it explicitly.")
-#define PS_NUM_ASSETS 10
-#endif
-
-/* The stack size of the Protected Storage Secure Partition */
-#ifndef PS_STACK_SIZE
-#pragma message("PS_STACK_SIZE is defaulted to 0x700. Please check and set it explicitly.")
-#define PS_STACK_SIZE 0x700
-#endif
-
-/* Check invalid configs. */
-#if PS_ROLLBACK_PROTECTION && PLATFORM_NV_COUNTER_MODULE_DISABLED
-#error "Invalid config: PS_ROLLBACK_PROTECTION and PLATFORM_NV_COUNTER_MODULE_DISABLED!"
-#endif
-
-#if PS_ROLLBACK_PROTECTION && (!defined(PS_ENCRYPTION))
-#error "Invalid config: PS_ROLLBACK_PROTECTION and NOT PS_ENCRYPTION!"
-#endif
-
-#if (!PS_ROLLBACK_PROTECTION) && defined(PS_ENCRYPTION) && \
- (defined(PS_CRYPTO_AEAD_ALG_GCM) || defined(PS_CRYPTO_AEAD_ALG_CCM))
-#error "Invalid config: NOT PS_ROLLBACK_PROTECTION and PS_ENCRYPTION and PSA_ALG_GCM or PSA_ALG_CCM!"
-#endif
-
-/* Enable ITS_VALIDATE_METADATA_FROM_FLASH when PS_VALIDATE_METADATA_FROM_FLASH is enabled */
-#if PS_VALIDATE_METADATA_FROM_FLASH && (!ITS_VALIDATE_METADATA_FROM_FLASH)
-#pragma message("ITS_VALIDATE_METADATA_FROM_FLASH is redefined to 1.")
-#undef ITS_VALIDATE_METADATA_FROM_FLASH
-#define ITS_VALIDATE_METADATA_FROM_FLASH 1
-#endif
-
-#endif /* __CONFIG_PARTITION_PS_H__ */
diff --git a/secure_fw/partitions/protected_storage/config_ps_check.h b/secure_fw/partitions/protected_storage/config_ps_check.h
new file mode 100644
index 0000000..0cb01a8
--- /dev/null
+++ b/secure_fw/partitions/protected_storage/config_ps_check.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#ifndef __CONFIG_PARTITION_PS_H__
+#define __CONFIG_PARTITION_PS_H__
+
+#include "config_tfm.h"
+
+/* Check invalid configs. */
+#if PS_ROLLBACK_PROTECTION && PLATFORM_NV_COUNTER_MODULE_DISABLED
+#error "Invalid config: PS_ROLLBACK_PROTECTION and PLATFORM_NV_COUNTER_MODULE_DISABLED!"
+#endif
+
+#if PS_ROLLBACK_PROTECTION && (!defined(PS_ENCRYPTION))
+#error "Invalid config: PS_ROLLBACK_PROTECTION and NOT PS_ENCRYPTION!"
+#endif
+
+#if (!PS_ROLLBACK_PROTECTION) && defined(PS_ENCRYPTION) && \
+ (defined(PS_CRYPTO_AEAD_ALG_GCM) || defined(PS_CRYPTO_AEAD_ALG_CCM))
+#error "Invalid config: NOT PS_ROLLBACK_PROTECTION and PS_ENCRYPTION and PSA_ALG_GCM or PSA_ALG_CCM!"
+#endif
+
+/*
+ * ITS_VALIDATE_METADATA_FROM_FLASH shall be enabled when PS_VALIDATE_METADATA_FROM_FLASH is
+ * enabled
+ */
+#if PS_VALIDATE_METADATA_FROM_FLASH && (!ITS_VALIDATE_METADATA_FROM_FLASH)
+#error "Invalid config: ITS_VALIDATE_METADATA_FROM_FLASH shall be enabled when PS_VALIDATE_METADATA_FROM_FLASH is enabled"
+#endif
+
+#endif /* __CONFIG_PARTITION_PS_H__ */
diff --git a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
index 6464dda..20e9adf 100644
--- a/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
+++ b/secure_fw/partitions/protected_storage/crypto/ps_crypto_interface.c
@@ -10,7 +10,7 @@
#include <stdbool.h>
#include <string.h>
-#include "config_ps.h"
+#include "config_tfm.h"
#include "tfm_crypto_defs.h"
#include "psa/crypto.h"
diff --git a/secure_fw/partitions/protected_storage/ps_object_defs.h b/secure_fw/partitions/protected_storage/ps_object_defs.h
index e0ddd5c..7ca7d33 100644
--- a/secure_fw/partitions/protected_storage/ps_object_defs.h
+++ b/secure_fw/partitions/protected_storage/ps_object_defs.h
@@ -10,7 +10,7 @@
#include <stdint.h>
-#include "config_ps.h"
+#include "config_tfm.h"
#include "psa/protected_storage.h"
#ifdef PS_ENCRYPTION
diff --git a/secure_fw/partitions/protected_storage/ps_object_table.c b/secure_fw/partitions/protected_storage/ps_object_table.c
index 862732e..eb8f7a1 100644
--- a/secure_fw/partitions/protected_storage/ps_object_table.c
+++ b/secure_fw/partitions/protected_storage/ps_object_table.c
@@ -11,7 +11,7 @@
#include <string.h>
#include "cmsis_compiler.h"
-#include "config_ps.h"
+#include "config_tfm.h"
#include "crypto/ps_crypto_interface.h"
#include "nv_counters/ps_nv_counters.h"
#include "psa/internal_trusted_storage.h"
diff --git a/secure_fw/partitions/protected_storage/tfm_protected_storage.c b/secure_fw/partitions/protected_storage/tfm_protected_storage.c
index 2374432..b66806d 100644
--- a/secure_fw/partitions/protected_storage/tfm_protected_storage.c
+++ b/secure_fw/partitions/protected_storage/tfm_protected_storage.c
@@ -5,7 +5,8 @@
*
*/
-#include "config_ps.h"
+#include "config_tfm.h"
+#include "config_ps_check.h"
#include "tfm_protected_storage.h"
#include "ps_object_system.h"
#include "tfm_ps_defs.h"