xref: /rk3399_ARM-atf/include/drivers/auth/mbedtls/default_mbedtls_config.h (revision 6acdf7b709d59543cfb06d7cfb75b402b7b195d2) 
1 /*
2  * Copyright (c) 2023-2026, Arm Limited. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 /**
8  *  This set of compile-time options may be used to enable
9  *  or disable features selectively, and reduce the global
10  *  memory footprint.
11  */
12 
13 /*
14  * This file is compatible with versions >= 3.6.5
15  */
16 #define MBEDTLS_CONFIG_VERSION         0x03060500
17 
18 /*
19  * Key algorithms currently supported on mbed TLS libraries
20  */
21 #define TF_MBEDTLS_RSA			1
22 #define TF_MBEDTLS_ECDSA		2
23 #define TF_MBEDTLS_RSA_AND_ECDSA	3
24 
25 #define TF_MBEDTLS_USE_RSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA \
26 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
27 #define TF_MBEDTLS_USE_ECDSA (TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_ECDSA \
28 		|| TF_MBEDTLS_KEY_ALG_ID == TF_MBEDTLS_RSA_AND_ECDSA)
29 
30 /*
31  * Hash algorithms currently supported on mbed TLS libraries
32  */
33 #define TF_MBEDTLS_SHA256		1
34 #define TF_MBEDTLS_SHA384		2
35 #define TF_MBEDTLS_SHA512		3
36 
37 /*
38  * Configuration file to build mbed TLS with the required features for
39  * Trusted Boot
40  */
41 
42 #define MBEDTLS_PLATFORM_MEMORY
43 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
44 /* Prevent mbed TLS from using snprintf so that it can use tf_snprintf. */
45 #define MBEDTLS_PLATFORM_SNPRINTF_ALT
46 
47 #define MBEDTLS_PKCS1_V21
48 
49 #define MBEDTLS_ASN1_PARSE_C
50 #define MBEDTLS_ASN1_WRITE_C
51 
52 #define MBEDTLS_BASE64_C
53 #define MBEDTLS_BIGNUM_C
54 
55 #define MBEDTLS_ERROR_C
56 #define MBEDTLS_MD_C
57 
58 #define MBEDTLS_MEMORY_BUFFER_ALLOC_C
59 #define MBEDTLS_OID_C
60 
61 #define MBEDTLS_PK_C
62 #define MBEDTLS_PK_PARSE_C
63 #define MBEDTLS_PK_WRITE_C
64 
65 #define MBEDTLS_PLATFORM_C
66 
67 #if TF_MBEDTLS_USE_ECDSA
68 #define MBEDTLS_ECDSA_C
69 #define MBEDTLS_ECP_C
70 #if TF_MBEDTLS_KEY_SIZE == 384
71 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
72 #else
73 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
74 #endif
75 #endif
76 #if TF_MBEDTLS_USE_RSA
77 #define MBEDTLS_RSA_C
78 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
79 #endif
80 
81 /* Enable hash algorithms based on TBB or Measured Boot */
82 #if MEASURED_BOOT || (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256)
83     #define MBEDTLS_SHA256_C
84     #if (ENABLE_FEAT_CRYPTO == 1)
85     #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
86     #endif
87 #endif
88 
89 #if MEASURED_BOOT || (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384)
90     #define MBEDTLS_SHA384_C
91     #if (ENABLE_FEAT_CRYPTO_SHA3 == 1)
92     #define MBEDTLS_SHA512_C
93     #define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
94     #endif
95 #endif
96 
97 #if MEASURED_BOOT || (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512)
98     #define MBEDTLS_SHA512_C
99     #if (ENABLE_FEAT_CRYPTO_SHA3 == 1)
100     #define MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY
101     #endif
102 #endif
103 
104 #define MBEDTLS_VERSION_C
105 
106 #define MBEDTLS_X509_USE_C
107 #define MBEDTLS_X509_CRT_PARSE_C
108 
109 #if TF_MBEDTLS_USE_AES_GCM
110 #define MBEDTLS_AES_C
111 #define MBEDTLS_CIPHER_C
112 #define MBEDTLS_GCM_C
113 #endif
114 
115 /* MPI / BIGNUM options */
116 
117 /* Note: Lower numbers trade longer execution time for less RAM allocation */
118 #define MBEDTLS_MPI_WINDOW_SIZE			1
119 
120 #if TF_MBEDTLS_USE_RSA
121 #if TF_MBEDTLS_KEY_SIZE <= 2048
122 #define MBEDTLS_MPI_MAX_SIZE			256
123 #else
124 #define MBEDTLS_MPI_MAX_SIZE			512
125 #endif
126 #else
127 #define MBEDTLS_MPI_MAX_SIZE			256
128 #endif
129 
130 /* Memory buffer allocator options */
131 #define MBEDTLS_MEMORY_ALIGN_MULTIPLE		8
132 
133 /*
134  * Prevent the use of 128-bit division which
135  * creates dependency on external libraries.
136  */
137 #define MBEDTLS_NO_UDBL_DIVISION
138 
139 #ifndef __ASSEMBLER__
140 /* System headers required to build mbed TLS with the current configuration */
141 #include <stdlib.h>
142 #endif
143 
144 /*
145  * Determine Mbed TLS heap size.
146  */
147 #if TF_MBEDTLS_USE_ECDSA
148 #define TF_MBEDTLS_HEAP_SIZE		U(13 * 1024)
149 #elif TF_MBEDTLS_USE_RSA
150 #if TF_MBEDTLS_KEY_SIZE <= 2048
151 #define TF_MBEDTLS_HEAP_SIZE		U(7 * 1024)
152 #else
153 #define TF_MBEDTLS_HEAP_SIZE		U(11 * 1024)
154 #endif
155 #endif
156 
157 /*
158  * Warn if errors from certain functions are ignored.
159  *
160  * The warnings are always enabled (where supported) for critical functions
161  * where ignoring the return value is almost always a bug. This macro extends
162  * the warnings to more functions.
163  */
164 #define MBEDTLS_CHECK_RETURN_WARNING
165 
166 /*
167  * Use an implementation of SHA-256 with a smaller memory footprint but reduced
168  * speed.
169  */
170 #define MBEDTLS_SHA256_SMALLER
171