1ifeq ($(CFG_NXP_SE05X),y) 2# Enable the crypto driver 3$(call force,CFG_CRYPTO_DRIVER,y) 4CFG_CRYPTO_DRIVER_DEBUG ?= 0 5 6# SE050 initialization 7# Some secure elements can only be accessed over an SCP03 enabled session. 8# Some of the NXP SE05X devices fall in this category (i.e NXP SE050F). 9# Only enable this configuration to support those systems. 10CFG_CORE_SCP03_ONLY ?= n 11# Rotate the SCP03 keys during SCP03 init (does not require user intervention). 12# CAUTION: the provisioning configuration chosen might require a stable HUK. 13CFG_CORE_SE05X_SCP03_PROVISION_ON_INIT ?= n 14# Rotate the SCP03 keys via PTA (request from Normal World). 15CFG_CORE_SE05X_SCP03_PROVISION ?= n 16# The Provision request will rotate the SCP03 keys back to its factory settings. 17CFG_CORE_SE05X_SCP03_PROVISION_WITH_FACTORY_KEYS ?= n 18# CAUTION: Leaks the SCP03 keys that are going to be programmed on the device's 19# NVM during a provisioning operation. 20CFG_CORE_SE05X_DISPLAY_SCP03_KEYS ?= n 21# Displays the SE050 device information on the console at boot (i.e. OEFID) 22CFG_CORE_SE05X_DISPLAY_INFO ?= y 23# Enables SCP03 protocol during boot (does not require user intervention) 24CFG_CORE_SE05X_SCP03_EARLY ?= y 25# CAUTION: Deletes all persistent storage (keys/certs) from the SE05X at boot 26CFG_CORE_SE05X_INIT_NVM ?= n 27# Prevents the deletion of the secure storage object holding a reference to a 28# Secure Element (SE) Non Volatile Memory object unless there is explicit 29# confirmation from the SE that the NVM object has been removed. 30CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR ?= n 31# Select the SE05X applet version for aligning the built-in features 32CFG_CORE_SE05X_VER ?= 03_XX 33 34# I2C bus baudrate (depends on SoC) 35CFG_CORE_SE05X_BAUDRATE ?= 3400000 36# I2C bus [0..2] (depends on board) 37CFG_CORE_SE05X_I2C_BUS ?= 2 38# I2C access via REE after TEE boot 39CFG_CORE_SE05X_I2C_TRAMPOLINE ?= y 40 41# Extra stacks required to support the Plug and Trust external library 42ifeq ($(shell test $(CFG_STACK_THREAD_EXTRA) -lt 8192; echo $$?), 0) 43$(error Error: SE050 requires CFG_STACK_THREAD_EXTRA at least 8192) 44endif 45ifeq ($(shell test $(CFG_STACK_TMP_EXTRA) -lt 8192; echo $$?), 0) 46$(error Error: SE050 requires CFG_STACK_TMP_EXTRA at least 8192) 47endif 48 49# SE05X Die Identifier 50CFG_NXP_SE05X_DIEID_DRV ?= y 51 52# Allow a secure client to enable the SCP03 session 53CFG_NXP_SE05X_SCP03_DRV ?= y 54ifeq ($(CFG_NXP_SE05X_SCP03_DRV),y) 55$(call force,CFG_SCP03_PTA,y,Mandated by CFG_NXP_SE05X_SCP03) 56endif 57 58# Allow a secure client to send APDU raw frames 59CFG_NXP_SE05X_APDU_DRV ?= y 60ifeq ($(CFG_NXP_SE05X_APDU_DRV),y) 61$(call force,CFG_APDU_PTA,y,Mandated by CFG_NXP_SE05X_APDU) 62endif 63 64# Random Number Generator 65CFG_NXP_SE05X_RNG_DRV ?= y 66ifeq ($(CFG_NXP_SE05X_RNG_DRV),y) 67$(call force,CFG_WITH_SOFTWARE_PRNG,n) 68endif 69 70se050-one-enabled = $(call cfg-one-enabled, \ 71 $(foreach v,$(1), CFG_NXP_SE05X_$(v)_DRV)) 72# Asymmetric ciphers 73CFG_NXP_SE05X_RSA_DRV ?= y 74CFG_NXP_SE05X_RSA_DRV_FALLBACK ?= n 75CFG_NXP_SE05X_ECC_DRV ?= y 76CFG_NXP_SE05X_ECC_DRV_FALLBACK ?= n 77$(call force,CFG_NXP_SE05X_ACIPHER_DRV,$(call se050-one-enabled,RSA ECC)) 78 79# Asymmetric driver 80ifeq ($(CFG_NXP_SE05X_ACIPHER_DRV),y) 81$(call force,CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_NXP_SE05X_ACIPHER_DRV) 82endif 83 84# Asymmetric ciphers configuration 85# - RSA 86ifeq ($(CFG_NXP_SE05X_RSA_DRV),y) 87$(call force,CFG_CRYPTO_DRV_RSA,y) 88CFG_CRYPTO_RSASSA_NA1 ?= y 89endif 90# - ECC 91ifeq ($(CFG_NXP_SE05X_ECC_DRV),y) 92$(call force,CFG_CRYPTO_DRV_ECC,y) 93endif 94 95# Symmetric ciphers 96CFG_NXP_SE05X_CTR_DRV ?= y 97$(call force,CFG_NXP_SE05X_CIPHER_DRV,$(call se050-one-enabled,CTR)) 98 99# Symmetric driver 100ifeq ($(CFG_NXP_SE05X_CIPHER_DRV),y) 101$(call force,CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_SE05X_CIPHER_DRV) 102endif 103 104endif # CFG_NXP_SE05X 105