1 /* 2 * Copyright (c) 2023-2025, Arm Ltd. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef PSA_MBEDTLS_CONFIG_H 8 #define PSA_MBEDTLS_CONFIG_H 9 10 #include "default_mbedtls_config.h" 11 12 #define MBEDTLS_PSA_CRYPTO_C 13 #define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS 14 15 /* 16 * Using PSA crypto API requires an RNG right now. If we don't define the macro 17 * below then we get build errors. 18 * 19 * This is a functionality gap in mbedTLS. The technical limitation is that 20 * psa_crypto_init() is all-or-nothing, and fixing that would require separate 21 * initialization of the keystore, the RNG, etc. 22 * 23 * By defining MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, we pretend using an external 24 * RNG. As a result, the PSA crypto init code does nothing when it comes to 25 * initializing the RNG, as we are supposed to take care of that ourselves. 26 */ 27 #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 28 29 /* 30 * Override heap size for PSA Crypto for RSA keys. 31 */ 32 #if TF_MBEDTLS_USE_RSA 33 #undef TF_MBEDTLS_HEAP_SIZE 34 #if TF_MBEDTLS_KEY_SIZE > 2048 35 #define TF_MBEDTLS_HEAP_SIZE U(12 * 1024) 36 #elif TF_MBEDTLS_KEY_SIZE <= 2048 37 #define TF_MBEDTLS_HEAP_SIZE U(9 * 1024) 38 #endif 39 #endif 40 41 #endif /* PSA_MBEDTLS_CONFIG_H */ 42