Clarify why we set num_ops to 1 in iop key generation

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
index c6036e7..7fccc72 100644
--- a/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
+++ b/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.c
@@ -645,6 +645,10 @@
         return mbedtls_to_psa_error(status);
     }
 
+    /* Our implementation of key generation only generates the private key
+       which doesn't invlolve any ECC arithmetic operations so number of ops
+       is less than 1 but we round up to 1 to differentiate between num ops of
+       0 which means no work has been done this facilitates testing. */
     operation->num_ops = 1;
 
     status = mbedtls_mpi_write_binary(&operation->ecp.d, key_output, key_output_size);
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
index 81526f7..4d00142 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function
@@ -10174,6 +10174,12 @@
         if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) {
             num_ops = psa_generate_key_iop_get_num_ops(&operation);
 
+            /* Our implementation of key generation only generates the private key
+               which doesn't invlolve any ECC arithmetic operations so number of ops
+               is less than 1 but we round up to 1 to differentiate between num ops of
+               0 which means no work has been done this facilitates testing.
+               It is acceptable however for other implementations to set the number of
+               ops to zero. */
             TEST_LE_U(num_ops_prior + 1, num_ops);
 
             num_ops_prior = num_ops;