1 /* 2 * Copyright (c) 2023-2024, Arm Ltd. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef PSA_MBEDTLS_CONFIG_H 8 #define PSA_MBEDTLS_CONFIG_H 9 10 #include "default_mbedtls_config.h" 11 12 #define MBEDTLS_PSA_CRYPTO_C 13 #define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS 14 15 /* 16 * Using PSA crypto API requires an RNG right now. If we don't define the macro 17 * below then we get build errors. 18 * 19 * This is a functionality gap in mbedTLS. The technical limitation is that 20 * psa_crypto_init() is all-or-nothing, and fixing that would require separate 21 * initialization of the keystore, the RNG, etc. 22 * 23 * By defining MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, we pretend using an external 24 * RNG. As a result, the PSA crypto init code does nothing when it comes to 25 * initializing the RNG, as we are supposed to take care of that ourselves. 26 */ 27 #define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG 28 29 /* 30 * Override heap size for PSA Crypto when RSA key size > 2048. 31 */ 32 #if TF_MBEDTLS_USE_RSA && TF_MBEDTLS_KEY_SIZE > 2048 33 #undef TF_MBEDTLS_HEAP_SIZE 34 #define TF_MBEDTLS_HEAP_SIZE U(12 * 1024) 35 #endif 36 37 #endif /* PSA_MBEDTLS_CONFIG_H */ 38