1#-------------------------------------------------------------------------------
2# Copyright (c) 2022-2023, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
8menu "Crypto component options"
9    depends on TFM_PARTITION_CRYPTO
10
11config CRYPTO_LIBRARY_ABI_COMPAT
12    bool "The interfaces towards PSA Crypto in the service and towards the service are the same"
13    default n
14    help
15      The crypto service acts as a layer between a client and towards a library that provides
16      PSA Crypto APIs through the implementation of a PSA Crypto core component. With this option
17      set, the crypto service assumes that the ABI of the internal interface is the same as the
18      client interface. This is not the default case when using the headers provided by the Mbed
19      TLS reference implementation
20
21config CRYPTO_STACK_SIZE
22    hex "Stack size"
23    default 0x1B00
24
25config CRYPTO_ENGINE_BUF_SIZE
26    hex "Crypto engine buffer size"
27    default 0x4000 if CRYPTO_HW_ACCELERATOR_CC312
28    default 0x2080
29    help
30      The Mbed TLS library requires to provide a static buffer to be used as
31      heap for its internal allocation CRYPTO_ENGINE_BUF_SIZE needs to be > 8KB
32      for EC signing by attest module.
33
34config CRYPTO_IOVEC_BUFFER_SIZE
35    int "Default size of the internal scratch buffer"
36    default 5120
37    help
38      The size of the buffer used as an scratch for allocating internal input
39      and output vectors when MM-IOVEC is not enabled.
40
41config CRYPTO_CONC_OPER_NUM
42    int "Max number of concurrent operations"
43    default 8
44    help
45      The max number of concurrent operations that can be active (allocated) at
46      any time in Crypto.
47
48config CRYPTO_RNG_MODULE_ENABLED
49    bool "PSA Crypto random number generator module"
50    default y
51
52config CRYPTO_KEY_MODULE_ENABLED
53    bool "PSA Crypto Key module"
54    default y
55
56config CRYPTO_AEAD_MODULE_ENABLED
57    bool "PSA Crypto AEAD module"
58    default y
59
60config CRYPTO_MAC_MODULE_ENABLED
61    bool "PSA Crypto MAC module"
62    default y
63
64config CRYPTO_HASH_MODULE_ENABLED
65    bool "PSA Crypto Hash module"
66    default y
67
68config CRYPTO_CIPHER_MODULE_ENABLED
69    bool "PSA Crypto Cipher module"
70    default y
71
72config CRYPTO_ASYM_SIGN_MODULE_ENABLED
73    bool "PSA Crypto asymmetric key signature module"
74    default y
75
76config CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED
77    bool "Enable PSA Crypto asymmetric key encryption module"
78    default y
79
80config CRYPTO_KEY_DERIVATION_MODULE_ENABLED
81    bool "PSA Crypto key derivation module"
82    default y
83
84config CRYPTO_NV_SEED
85    bool
86    default n if CRYPTO_HW_ACCELERATOR
87    help
88      Use stored NV seed to provide entropy
89
90config CRYPTO_SINGLE_PART_FUNCS_DISABLED
91    bool "Disable single-part operations"
92    default n
93    help
94      Keep multi-part operations in Hash, MAC, AEAD and symmetric ciphers only,
95      to optimize memory footprint in resource-constrained devices.
96
97endmenu
98