At the bottom of <tf-m>/platform/ext/common/tfm_mbedcrypto_config.h, it looks to me that, for the platform that does NOT use CC312 as H.W. Crypto Acceleration Engine, one should define MBEDTLS_USER_CONFIG_FILE to include its own definitions, instead of including "mbedtls_accelerator_config.h", which is for CC312.
tfm_mbedcrypto_config.h (MBEDTLS_CONFIG_FILE) #ifdef CRYPTO_HW_ACCELERATOR #include "mbedtls_accelerator_config.h" # for CC312 #endif #if defined(MBEDTLS_USER_CONFIG_FILE) # for other H.W. Acceleration Engine #include MBEDTLS_USER_CONFIG_FILE #endif
In my bare knowledge, to build Isolation level 2, H.W. Crypto Acceleration Engine has to be built with crypto service (<tf-m>/secure_fw/services/crypto/CMakeLists.txt), by defining:
However, it would only work by enabling CRYPTO_HW_ACCELERATOR, which in turn will include "mbedtls_accelerator_config.h" (under <tf-m>/platform/ext/common/cc312/).
Is it by design that one should always define CRYPTO_HW_ACCELERATOR and include CC312 header file then override it (by MBEDTLS_USER_CONFIG_FILE) ?