xref: /optee_os/core/drivers/crypto/se050/crypto.mk (revision a5d5bbc82de95f531512fafa76a42c879e81b4c4) 
1ifeq ($(CFG_NXP_SE05X),y)
2# Enable the crypto driver
3$(call force,CFG_CRYPTO_DRIVER,y)
4CFG_CRYPTO_DRIVER_DEBUG ?= 0
5
6# SE050 initialization
7# Enables the SCP03 key rotation
8CFG_CORE_SE05X_SCP03_PROVISION ?= n
9# Displays the SE050 device information on the console at boot (i.e. OEFID)
10CFG_CORE_SE05X_DISPLAY_INFO ?= y
11# Communicate with the Secure Element only over an SCP03 authenticated session.
12# When this option is not enabled, the driver first queries the device on an
13# un-authenticated channel. IF SCP03 is then required, the user should enable
14# CFG_CORE_SE05X_SCP03_EARLY or use libseteec.
15CFG_CORE_SCP03_ONLY ?= n
16# Enables the SCP03 before the REE: notice that if SCP03_PROVISION is enabled,
17# it will also attempt to rotate the keys
18CFG_CORE_SE05X_SCP03_EARLY ?= y
19# Deletes all persistent storage from the SE050 at boot
20CFG_CORE_SE05X_INIT_NVM ?= n
21# Prevents the deletion of the secure storage object holding a reference to a
22# Secure Element (SE) Non Volatile Memory object unless there is explicit
23# confirmation from the SE that the NVM object has been removed.
24CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR ?= n
25
26# I2C bus baudrate (depends on SoC)
27CFG_CORE_SE05X_BAUDRATE ?= 3400000
28# I2C bus [0..2] (depends on board)
29CFG_CORE_SE05X_I2C_BUS ?= 2
30# I2C access via REE after TEE boot
31CFG_CORE_SE05X_I2C_TRAMPOLINE ?= y
32
33# Extra stacks required to support the Plug and Trust external library
34ifeq ($(shell test $(CFG_STACK_THREAD_EXTRA) -lt 8192; echo $$?), 0)
35$(error Error: SE050 requires CFG_STACK_THREAD_EXTRA at least 8192)
36endif
37ifeq ($(shell test $(CFG_STACK_TMP_EXTRA) -lt 8192; echo $$?), 0)
38$(error Error: SE050 requires CFG_STACK_TMP_EXTRA at least 8192)
39endif
40
41# SE05X Die Identifier
42CFG_NXP_SE05X_DIEID_DRV ?= y
43
44# Allow a secure client to enable the SCP03 session
45CFG_NXP_SE05X_SCP03_DRV ?= y
46ifeq ($(CFG_NXP_SE05X_SCP03_DRV),y)
47$(call force,CFG_SCP03_PTA,y,Mandated by CFG_NXP_SE05X_SCP03)
48endif
49
50# Allow a secure client to send APDU raw frames
51CFG_NXP_SE05X_APDU_DRV ?= y
52ifeq ($(CFG_NXP_SE05X_APDU_DRV),y)
53$(call force,CFG_APDU_PTA,y,Mandated by CFG_NXP_SE05X_APDU)
54endif
55
56# Random Number Generator
57CFG_NXP_SE05X_RNG_DRV ?= y
58ifeq ($(CFG_NXP_SE05X_RNG_DRV),y)
59$(call force,CFG_WITH_SOFTWARE_PRNG,n)
60endif
61
62se050-one-enabled = $(call cfg-one-enabled, \
63                        $(foreach v,$(1), CFG_NXP_SE05X_$(v)_DRV))
64# Asymmetric ciphers
65CFG_NXP_SE05X_RSA_DRV ?= y
66CFG_NXP_SE05X_ECC_DRV ?= y
67$(call force,CFG_NXP_SE05X_ACIPHER_DRV,$(call se050-one-enabled,RSA ECC))
68
69# Asymmetric driver
70ifeq ($(CFG_NXP_SE05X_ACIPHER_DRV),y)
71$(call force,CFG_CRYPTO_DRV_ACIPHER,y,Mandated by CFG_NXP_SE05X_ACIPHER_DRV)
72endif
73
74# Asymmetric ciphers configuration
75# - RSA
76ifeq ($(CFG_NXP_SE05X_RSA_DRV),y)
77$(call force,CFG_CRYPTO_DRV_RSA,y)
78CFG_CRYPTO_RSASSA_NA1 ?= y
79_CFG_CORE_LTC_RSA = n
80endif
81# - ECC
82ifeq ($(CFG_NXP_SE05X_ECC_DRV),y)
83$(call force,CFG_CRYPTO_DRV_ECC,y)
84endif
85
86# Symmetric ciphers
87CFG_NXP_SE05X_CTR_DRV ?= y
88$(call force,CFG_NXP_SE05X_CIPHER_DRV,$(call se050-one-enabled,CTR))
89
90# Symmetric driver
91ifeq ($(CFG_NXP_SE05X_CIPHER_DRV),y)
92$(call force,CFG_CRYPTO_DRV_CIPHER,y,Mandated by CFG_NXP_SE05X_CIPHER_DRV)
93endif
94
95endif  # CFG_NXP_SE05X
96