sdfw_services: psa_crypto: Bounce buffer handling

Added bounce buffers for any field written from secure domain to local
domain, as we can't prevent the local domain to have dirty data in the
DataUnit that the secure domain writes to.

Signed-off-by: Karsten Koenig <[email protected]>

Author: karstenkoenig

subsys/sdfw_services/services/psa_crypto/Kconfig

@@ -11,3 +11,30 @@ service_version = 2
 service_buffer_size = 128
 service_name_str = PSA Crypto
 rsource "../Kconfig.template.service"
+
+if SSF_PSA_CRYPTO_SERVICE_ENABLED
+
+config SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+	bool "Make sure that all output buffers can be written cache-safe from the crypto engine"
+	default y
+	depends on DCACHE
+	help
+		When this option is enabled, the PSA Crypto service will allocate bounce buffers for
+		all PSA [inout] and [out] structures that are not aligned to the DCache DataUnit size.
+		When this option is disabled, the PSA Crypto service will never use bounce buffers,
+		and the application must ensure that the structures are cache-safe.
+		The structures are cache-safe if there are no writes locally to any of the DataUnits
+		that contain the structure getting written from the remote.
+
+if SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+
+config SSF_PSA_CRYPTO_SERVICE_OUT_HEAP_SIZE
+	int "Size of the heap used to buffer output from PSA function calls"
+	default 4096
+	help
+	  Size of the heap buffer used for out buffer.
+	  Reducing the size may trigger PSA_ERROR_INSUFFICIENT_MEMORY in PSA calls.
+
+endif # SSF_PSA_CRYPTO_SERVICE_OUT_BOUNCE_BUFFERS
+
+endif # SSF_PSA_CRYPTO_SERVICE_ENABLED