1 /* 2 * Copyright (c) 2023-2024, Arm Limited. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 /** 8 * This set of compile-time options may be used to enable 9 * or disable features selectively, and reduce the global 10 * memory footprint. 11 */ 12 13 /* 14 * Key algorithms currently supported on mbed TLS libraries 15 */ 16 #define TF_MBEDTLS_RSA 1 17 #define TF_MBEDTLS_ECDSA 2 18 #define TF_MBEDTLS_RSA_AND_ECDSA 3 19 20 #define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \ 21 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) 22 #define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \ 23 || TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA) 24 25 /* 26 * Hash algorithms currently supported on mbed TLS libraries 27 */ 28 #define TF_MBEDTLS_SHA256 1 29 #define TF_MBEDTLS_SHA384 2 30 #define TF_MBEDTLS_SHA512 3 31 32 /* 33 * Configuration file to build mbed TLS with the required features for 34 * Trusted Boot 35 */ 36 37 #define MBEDTLS_PLATFORM_MEMORY 38 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 39 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */ 40 #define MBEDTLS_PLATFORM_SNPRINTF_ALT 41 42 #define MBEDTLS_PKCS1_V21 43 44 #define MBEDTLS_ASN1_PARSE_C 45 #define MBEDTLS_ASN1_WRITE_C 46 47 #define MBEDTLS_BASE64_C 48 #define MBEDTLS_BIGNUM_C 49 50 #define MBEDTLS_ERROR_C 51 #define MBEDTLS_MD_C 52 53 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C 54 #define MBEDTLS_OID_C 55 56 #define MBEDTLS_PK_C 57 #define MBEDTLS_PK_PARSE_C 58 #define MBEDTLS_PK_WRITE_C 59 60 #define MBEDTLS_PLATFORM_C 61 62 #if TF_MBEDTLS_USE_ECDSA 63 #define MBEDTLS_ECDSA_C 64 #define MBEDTLS_ECP_C 65 #if TF_MBEDTLS_KEY_SIZE == 384 66 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 67 #else 68 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 69 #endif 70 #endif 71 #if TF_MBEDTLS_USE_RSA 72 #define MBEDTLS_RSA_C 73 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT 74 #endif 75 76 /* Enable hash algorithms based on TBB or Measured Boot */ 77 #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256) 78 #define MBEDTLS_SHA256_C 79 #endif 80 81 #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384) 82 #define MBEDTLS_SHA384_C 83 #endif 84 85 #if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512) 86 #define MBEDTLS_SHA512_C 87 #endif 88 89 #define MBEDTLS_VERSION_C 90 91 #define MBEDTLS_X509_USE_C 92 #define MBEDTLS_X509_CRT_PARSE_C 93 94 #if TF_MBEDTLS_USE_AES_GCM 95 #define MBEDTLS_AES_C 96 #define MBEDTLS_CIPHER_C 97 #define MBEDTLS_GCM_C 98 #endif 99 100 /* MPI / BIGNUM options */ 101 102 /* Note: Lower numbers trade longer execution time for less RAM allocation */ 103 #define MBEDTLS_MPI_WINDOW_SIZE 1 104 105 #if TF_MBEDTLS_USE_RSA 106 #if TF_MBEDTLS_KEY_SIZE <= 2048 107 #define MBEDTLS_MPI_MAX_SIZE 256 108 #else 109 #define MBEDTLS_MPI_MAX_SIZE 512 110 #endif 111 #else 112 #define MBEDTLS_MPI_MAX_SIZE 256 113 #endif 114 115 /* Memory buffer allocator options */ 116 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE 8 117 118 /* 119 * Prevent the use of 128-bit division which 120 * creates dependency on external libraries. 121 */ 122 #define MBEDTLS_NO_UDBL_DIVISION 123 124 #ifndef __ASSEMBLER__ 125 /* System headers required to build mbed TLS with the current configuration */ 126 #include <stdlib.h> 127 #endif 128 129 /* 130 * Determine Mbed TLS heap size 131 * 13312 = 13*1024 132 * 11264 = 11*1024 133 * 7168 = 7*1024 134 */ 135 #if TF_MBEDTLS_USE_ECDSA 136 #define TF_MBEDTLS_HEAP_SIZE U(13312) 137 #elif TF_MBEDTLS_USE_RSA 138 #if TF_MBEDTLS_KEY_SIZE <= 2048 139 #define TF_MBEDTLS_HEAP_SIZE U(7168) 140 #else 141 #define TF_MBEDTLS_HEAP_SIZE U(11264) 142 #endif 143 #endif 144 145 /* 146 * Warn if errors from certain functions are ignored. 147 * 148 * The warnings are always enabled (where supported) for critical functions 149 * where ignoring the return value is almost always a bug. This macro extends 150 * the warnings to more functions. 151 */ 152 #define MBEDTLS_CHECK_RETURN_WARNING 153