xref: /optee_os/core/drivers/crypto/se050/crypto.mk (revision 5ddb11a14c98b32f9b6f337c161e57bd7a8879c3) 
1ifeq ($(CFG_NXP_SE05X),y)
2# Enable the crypto driver
3$(call force,CFG_CRYPTO_DRIVER,y)
4CFG_CRYPTO_DRIVER_DEBUG ?= 0
5
6# SE050 initialization
7# Enables the SCP03 key rotation
8CFG_CORE_SE05X_SCP03_PROVISION ?= n
9# Rotate the SCP03 keys back to the factory settings instead of using a secret
10# set of keys derived from the HUK.
11CFG_CORE_SE05X_SCP03_PROVISION_WITH_FACTORY_KEYS ?= n
12# Displays the SE050 device information on the console at boot (i.e. OEFID)
13CFG_CORE_SE05X_DISPLAY_INFO ?= y
14# Communicate with the Secure Element only over an SCP03 authenticated session.
15# When this option is not enabled, the driver first queries the device on an
16# un-authenticated channel. IF SCP03 is then required, the user should enable
17# CFG_CORE_SE05X_SCP03_EARLY or use libseteec.
18CFG_CORE_SCP03_ONLY ?= n
19# Enables the SCP03 before the REE: notice that if SCP03_PROVISION is enabled,
20# it will also attempt to rotate the keys
21CFG_CORE_SE05X_SCP03_EARLY ?= y
22# Deletes all persistent storage from the SE050 at boot
23CFG_CORE_SE05X_INIT_NVM ?= n
24# Prevents the deletion of the secure storage object holding a reference to a
25# Secure Element (SE) Non Volatile Memory object unless there is explicit
26# confirmation from the SE that the NVM object has been removed.
27CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR ?= n
28
29# I2C bus baudrate (depends on SoC)
30CFG_CORE_SE05X_BAUDRATE ?= 3400000
31# I2C bus [0..2] (depends on board)
32CFG_CORE_SE05X_I2C_BUS ?= 2
33# I2C access via REE after TEE boot
34CFG_CORE_SE05X_I2C_TRAMPOLINE ?= y
35
36# Extra stacks required to support the Plug and Trust external library
37ifeq ($(shell test $(CFG_STACK_THREAD_EXTRA) -lt 8192; echo $$?), 0)
38$(error Error: SE050 requires CFG_STACK_THREAD_EXTRA at least 8192)
39endif
40ifeq ($(shell test $(CFG_STACK_TMP_EXTRA) -lt 8192; echo $$?), 0)
41$(error Error: SE050 requires CFG_STACK_TMP_EXTRA at least 8192)
42endif
43
44# SE05X Die Identifier
45CFG_NXP_SE05X_DIEID_DRV ?= y
46
47# Allow a secure client to enable the SCP03 session
48CFG_NXP_SE05X_SCP03_DRV ?= y
49ifeq ($(CFG_NXP_SE05X_SCP03_DRV),y)
50$(call force,CFG_SCP03_PTA,y,Mandated by CFG_NXP_SE05X_SCP03)
51endif
52
53# Allow a secure client to send APDU raw frames
54CFG_NXP_SE05X_APDU_DRV ?= y
55ifeq ($(CFG_NXP_SE05X_APDU_DRV),y)
56$(call force,CFG_APDU_PTA,y,Mandated by CFG_NXP_SE05X_APDU)
57endif
58
59# Random Number Generator
60CFG_NXP_SE05X_RNG_DRV ?= y
61ifeq ($(CFG_NXP_SE05X_RNG_DRV),y)
62$(call force,CFG_WITH_SOFTWARE_PRNG,n)
63endif
64
65se050-one-enabled = $(call cfg-one-enabled, \
66                        $(foreach v,$(1), CFG_NXP_SE05X_$(v)_DRV))
67# Asymmetric ciphers
68CFG_NXP_SE05X_RSA_DRV ?= y
69CFG_NXP_SE05X_ECC_DRV ?= y
70$(call force,CFG_NXP_SE05X_ACIPHER_DRV,$(call se050-one-enabled,RSA ECC))
71
72# Asymmetric driver
73ifeq ($(CFG_NXP_SE05X_ACIPHER_DRV),y)
74$(call force,CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_NXP_SE05X_ACIPHER_DRV)
75endif
76
77# Asymmetric ciphers configuration
78# - RSA
79ifeq ($(CFG_NXP_SE05X_RSA_DRV),y)
80$(call force,CFG_CRYPTO_DRV_RSA,y)
81CFG_CRYPTO_RSASSA_NA1 ?= y
82_CFG_CORE_LTC_RSA = n
83endif
84# - ECC
85ifeq ($(CFG_NXP_SE05X_ECC_DRV),y)
86$(call force,CFG_CRYPTO_DRV_ECC,y)
87endif
88
89# Symmetric ciphers
90CFG_NXP_SE05X_CTR_DRV ?= y
91$(call force,CFG_NXP_SE05X_CIPHER_DRV,$(call se050-one-enabled,CTR))
92
93# Symmetric driver
94ifeq ($(CFG_NXP_SE05X_CIPHER_DRV),y)
95$(call force,CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_SE05X_CIPHER_DRV)
96endif
97
98endif  # CFG_NXP_SE05X
99