1ifeq ($(CFG_NXP_SE05X),y)
2# Enable the crypto driver
3$(call force,CFG_CRYPTO_DRIVER,y)
4CFG_CRYPTO_DRIVER_DEBUG ?= 0
5
6# SE050 initialization
7# Some secure elements can only be accessed over an SCP03 enabled session.
8# Some of the NXP SE05X devices fall in this category (i.e NXP SE050F).
9# Only enable this configuration to support those systems.
10CFG_CORE_SCP03_ONLY ?= n
11# Rotate the SCP03 keys during SCP03 init (does not require user intervention).
12# CAUTION: the provisioning configuration chosen might require a stable HUK.
13CFG_CORE_SE05X_SCP03_PROVISION_ON_INIT ?= n
14# Rotate the SCP03 keys via PTA (request from Normal World).
15CFG_CORE_SE05X_SCP03_PROVISION ?= n
16# The Provision request will rotate the SCP03 keys back to its factory settings.
17CFG_CORE_SE05X_SCP03_PROVISION_WITH_FACTORY_KEYS ?= n
18# CAUTION: Leaks the SCP03 keys that are going to be programmed on the device's
19# NVM during a provisioning operation.
20CFG_CORE_SE05X_DISPLAY_SCP03_KEYS ?= n
21# Displays the SE050 device information on the console at boot (i.e. OEFID)
22CFG_CORE_SE05X_DISPLAY_INFO ?= y
23# Enables SCP03 protocol during boot (does not require user intervention)
24CFG_CORE_SE05X_SCP03_EARLY ?= y
25# CAUTION: Deletes all persistent storage (keys/certs) from the SE05X at boot
26CFG_CORE_SE05X_INIT_NVM ?= n
27# Prevents the deletion of the secure storage object holding a reference to a
28# Secure Element (SE) Non Volatile Memory object unless there is explicit
29# confirmation from the SE that the NVM object has been removed.
30CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR ?= n
31
32# I2C bus baudrate (depends on SoC)
33CFG_CORE_SE05X_BAUDRATE ?= 3400000
34# I2C bus [0..2] (depends on board)
35CFG_CORE_SE05X_I2C_BUS ?= 2
36# I2C access via REE after TEE boot
37CFG_CORE_SE05X_I2C_TRAMPOLINE ?= y
38
39# Extra stacks required to support the Plug and Trust external library
40ifeq ($(shell test $(CFG_STACK_THREAD_EXTRA) -lt 8192; echo $$?), 0)
41$(error Error: SE050 requires CFG_STACK_THREAD_EXTRA at least 8192)
42endif
43ifeq ($(shell test $(CFG_STACK_TMP_EXTRA) -lt 8192; echo $$?), 0)
44$(error Error: SE050 requires CFG_STACK_TMP_EXTRA at least 8192)
45endif
46
47# SE05X Die Identifier
48CFG_NXP_SE05X_DIEID_DRV ?= y
49
50# Allow a secure client to enable the SCP03 session
51CFG_NXP_SE05X_SCP03_DRV ?= y
52ifeq ($(CFG_NXP_SE05X_SCP03_DRV),y)
53$(call force,CFG_SCP03_PTA,y,Mandated by CFG_NXP_SE05X_SCP03)
54endif
55
56# Allow a secure client to send APDU raw frames
57CFG_NXP_SE05X_APDU_DRV ?= y
58ifeq ($(CFG_NXP_SE05X_APDU_DRV),y)
59$(call force,CFG_APDU_PTA,y,Mandated by CFG_NXP_SE05X_APDU)
60endif
61
62# Random Number Generator
63CFG_NXP_SE05X_RNG_DRV ?= y
64ifeq ($(CFG_NXP_SE05X_RNG_DRV),y)
65$(call force,CFG_WITH_SOFTWARE_PRNG,n)
66endif
67
68se050-one-enabled = $(call cfg-one-enabled, \
69                        $(foreach v,$(1), CFG_NXP_SE05X_$(v)_DRV))
70# Asymmetric ciphers
71CFG_NXP_SE05X_RSA_DRV ?= y
72CFG_NXP_SE05X_RSA_DRV_FALLBACK ?= n
73CFG_NXP_SE05X_ECC_DRV ?= y
74CFG_NXP_SE05X_ECC_DRV_FALLBACK ?= n
75$(call force,CFG_NXP_SE05X_ACIPHER_DRV,$(call se050-one-enabled,RSA ECC))
76
77# Asymmetric driver
78ifeq ($(CFG_NXP_SE05X_ACIPHER_DRV),y)
79$(call force,CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_NXP_SE05X_ACIPHER_DRV)
80endif
81
82# Asymmetric ciphers configuration
83# - RSA
84ifeq ($(CFG_NXP_SE05X_RSA_DRV),y)
85$(call force,CFG_CRYPTO_DRV_RSA,y)
86CFG_CRYPTO_RSASSA_NA1 ?= y
87endif
88# - ECC
89ifeq ($(CFG_NXP_SE05X_ECC_DRV),y)
90$(call force,CFG_CRYPTO_DRV_ECC,y)
91endif
92
93# Symmetric ciphers
94CFG_NXP_SE05X_CTR_DRV ?= y
95$(call force,CFG_NXP_SE05X_CIPHER_DRV,$(call se050-one-enabled,CTR))
96
97# Symmetric driver
98ifeq ($(CFG_NXP_SE05X_CIPHER_DRV),y)
99$(call force,CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_SE05X_CIPHER_DRV)
100endif
101
102endif  # CFG_NXP_SE05X
103