xref: /rk3399_ARM-atf/include/drivers/auth/mbedtls/default_psa_mbedtls_config.h (revision f1318bffd4615701d3043df8b569e56a5dba074e) 
1640ba634SRyan Everett /*
2*2ffc28c8SLauren Wehrmeister  * Copyright (c) 2023-2025, Arm Ltd. All rights reserved.
3640ba634SRyan Everett  *
4640ba634SRyan Everett  * SPDX-License-Identifier: BSD-3-Clause
5640ba634SRyan Everett  */
6640ba634SRyan Everett 
7640ba634SRyan Everett #ifndef PSA_MBEDTLS_CONFIG_H
8640ba634SRyan Everett #define PSA_MBEDTLS_CONFIG_H
9640ba634SRyan Everett 
10640ba634SRyan Everett #include "default_mbedtls_config.h"
11640ba634SRyan Everett 
12640ba634SRyan Everett #define MBEDTLS_PSA_CRYPTO_C
13640ba634SRyan Everett #define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
14640ba634SRyan Everett 
15640ba634SRyan Everett /*
16640ba634SRyan Everett  * Using PSA crypto API requires an RNG right now. If we don't define the macro
17640ba634SRyan Everett  * below then we get build errors.
18640ba634SRyan Everett  *
19640ba634SRyan Everett  * This is a functionality gap in mbedTLS. The technical limitation is that
20640ba634SRyan Everett  * psa_crypto_init() is all-or-nothing, and fixing that would require separate
21640ba634SRyan Everett  * initialization of the keystore, the RNG, etc.
22640ba634SRyan Everett  *
23640ba634SRyan Everett  * By defining MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, we pretend using an external
24640ba634SRyan Everett  * RNG. As a result, the PSA crypto init code does nothing when it comes to
25640ba634SRyan Everett  * initializing the RNG, as we are supposed to take care of that ourselves.
26640ba634SRyan Everett  */
27640ba634SRyan Everett #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
28640ba634SRyan Everett 
2952d29345SRyan Everett /*
30*2ffc28c8SLauren Wehrmeister  * Override heap size for PSA Crypto for RSA keys.
3152d29345SRyan Everett  */
32*2ffc28c8SLauren Wehrmeister #if TF_MBEDTLS_USE_RSA
3352d29345SRyan Everett   #undef TF_MBEDTLS_HEAP_SIZE
34*2ffc28c8SLauren Wehrmeister   #if TF_MBEDTLS_KEY_SIZE > 2048
3552d29345SRyan Everett     #define TF_MBEDTLS_HEAP_SIZE    U(12 * 1024)
36*2ffc28c8SLauren Wehrmeister   #elif TF_MBEDTLS_KEY_SIZE <= 2048
37*2ffc28c8SLauren Wehrmeister     #define TF_MBEDTLS_HEAP_SIZE    U(9 * 1024)
38*2ffc28c8SLauren Wehrmeister   #endif
3952d29345SRyan Everett #endif
4052d29345SRyan Everett 
41640ba634SRyan Everett #endif /* PSA_MBEDTLS_CONFIG_H */
42