1#------------------------------------------------------------------------------- 2# Copyright (c) 2023, Arm Limited. All rights reserved. 3# Copyright (c) 2024 Cypress Semiconductor Corporation (an Infineon company) 4# or an affiliate of Cypress Semiconductor Corporation. All rights reserved. 5# 6# SPDX-License-Identifier: BSD-3-Clause 7# 8#------------------------------------------------------------------------------- 9 10menuconfig TFM_PARTITION_PROTECTED_STORAGE 11 bool "Protected Storage" 12 depends on TFM_PARTITION_PLATFORM && TFM_PARTITION_CRYPTO 13 default n 14 15if TFM_PARTITION_PROTECTED_STORAGE 16 17config PS_ENCRYPTION 18 bool "PS encryption" 19 default y 20 help 21 Enable encryption option to encrypt the protected storage data. 22 23config PS_CRYPTO_AEAD_ALG 24 string "PS encryption AEAD algorithm" 25 default "PSA_ALG_GCM" 26 help 27 Indicates the AEAD algorithm to use for authenticated encryption in 28 Protected Storage. 29 30 Note: For GCM/CCM it is essential that IV doesn't get repeated. If this 31 flag is set to PSA_ALG_GCM or PSA_ALG_CCM, PS_ROLLBACK_PROTECTION must be 32 enabled to protect against IV rollback. 33 34config PS_AES_KEY_USAGE_LIMIT 35 string "Number of blocks to use a key for before changing it. 0 for no limit" 36 depends on PS_ENCRYPTION 37 default "0" 38 help 39 If this value is non-zero, PS will not use any given key to encrypt/decrypt 40 more than the specified number of blocks. 41 42 Note: If this is set too low, it will limit the maximum size of objects that 43 can be stored in PS, because the system will reject object that are too large 44 to be encrypted and then decrypted again without hitting this limit. 45endif 46