1a8e1175bSopenharmony_ci/** 2a8e1175bSopenharmony_ci * \file config-tfm.h 3a8e1175bSopenharmony_ci * 4a8e1175bSopenharmony_ci * \brief TF-M medium profile, adapted to work on other platforms. 5a8e1175bSopenharmony_ci */ 6a8e1175bSopenharmony_ci/* 7a8e1175bSopenharmony_ci * Copyright The Mbed TLS Contributors 8a8e1175bSopenharmony_ci * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9a8e1175bSopenharmony_ci */ 10a8e1175bSopenharmony_ci 11a8e1175bSopenharmony_ci/* TF-M medium profile: mbedtls legacy configuration */ 12a8e1175bSopenharmony_ci#include "../configs/ext/tfm_mbedcrypto_config_profile_medium.h" 13a8e1175bSopenharmony_ci 14a8e1175bSopenharmony_ci/* TF-M medium profile: PSA crypto configuration */ 15a8e1175bSopenharmony_ci#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/ext/crypto_config_profile_medium.h" 16a8e1175bSopenharmony_ci 17a8e1175bSopenharmony_ci/***********************************************************/ 18a8e1175bSopenharmony_ci/* Tweak the configuration to remove dependencies on TF-M. */ 19a8e1175bSopenharmony_ci/***********************************************************/ 20a8e1175bSopenharmony_ci 21a8e1175bSopenharmony_ci/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ 22a8e1175bSopenharmony_ci#undef MBEDTLS_PSA_CRYPTO_SPM 23a8e1175bSopenharmony_ci 24a8e1175bSopenharmony_ci/* Disable buffer-based memory allocator. This isn't strictly required, 25a8e1175bSopenharmony_ci * but using the native allocator is faster and works better with 26a8e1175bSopenharmony_ci * memory management analysis frameworks such as ASan. */ 27a8e1175bSopenharmony_ci#undef MBEDTLS_MEMORY_BUFFER_ALLOC_C 28a8e1175bSopenharmony_ci 29a8e1175bSopenharmony_ci// This macro is enabled in TFM Medium but is disabled here because it is 30a8e1175bSopenharmony_ci// incompatible with baremetal builds in Mbed TLS. 31a8e1175bSopenharmony_ci#undef MBEDTLS_PSA_CRYPTO_STORAGE_C 32a8e1175bSopenharmony_ci 33a8e1175bSopenharmony_ci// This macro is enabled in TFM Medium but is disabled here because it is 34a8e1175bSopenharmony_ci// incompatible with baremetal builds in Mbed TLS. 35a8e1175bSopenharmony_ci#undef MBEDTLS_ENTROPY_NV_SEED 36a8e1175bSopenharmony_ci 37a8e1175bSopenharmony_ci// These platform-related TF-M settings are not useful here. 38a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_NO_STD_FUNCTIONS 39a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_STD_MEM_HDR 40a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_SNPRINTF_MACRO 41a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_PRINTF_ALT 42a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 43a8e1175bSopenharmony_ci#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE 44a8e1175bSopenharmony_ci 45a8e1175bSopenharmony_ci/* 46a8e1175bSopenharmony_ci * In order to get an example config that works cleanly out-of-the-box 47a8e1175bSopenharmony_ci * for both baremetal and non-baremetal builds, we detect baremetal builds 48a8e1175bSopenharmony_ci * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some 49a8e1175bSopenharmony_ci * variables accordingly. 50a8e1175bSopenharmony_ci */ 51a8e1175bSopenharmony_ci#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__) 52a8e1175bSopenharmony_ci#define MBEDTLS_NO_PLATFORM_ENTROPY 53a8e1175bSopenharmony_ci#else 54a8e1175bSopenharmony_ci/* Use built-in platform entropy functions (TF-M provides its own). */ 55a8e1175bSopenharmony_ci#undef MBEDTLS_NO_PLATFORM_ENTROPY 56a8e1175bSopenharmony_ci#endif 57a8e1175bSopenharmony_ci 58a8e1175bSopenharmony_ci/*********************************************************************** 59a8e1175bSopenharmony_ci * Local changes to crypto config below this delimiter 60a8e1175bSopenharmony_ci **********************************************************************/ 61a8e1175bSopenharmony_ci 62a8e1175bSopenharmony_ci// We expect TF-M to pick this up soon 63a8e1175bSopenharmony_ci#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 64a8e1175bSopenharmony_ci 65a8e1175bSopenharmony_ci/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it 66a8e1175bSopenharmony_ci * does not need CIPHER_C to be enabled, so we can disable it in order 67a8e1175bSopenharmony_ci * to reduce code size further. */ 68a8e1175bSopenharmony_ci#undef MBEDTLS_CIPHER_C 69