DNM: PSA crypto static slots #20159
Open
DNM: PSA crypto static slots #20159
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frkv
requested review from
a team,
trantanen,
tokangas,
carlescufi,
Frodevan,
adamkondraciuk,
lemrey,
wentong-li,
bama-nordic,
gmarull and
D-Triveni
as code owners
The dfu_target uses suit_dfu library and does not use SSF services directly. Ref: NCSDK-31359 Signed-off-by: Tomasz Chyrowicz <[email protected]>
Since envelope info library includes directly the platform error header, it is far easier to link them in CMake than remember to manually link platform error with each file that uses envelope info interface. Ref: NCSDK-31359 Signed-off-by: Tomasz Chyrowicz <[email protected]>
The test uses SSF interface mock instead, so disable the SSF to avoid two implementations of the same interface. Ref: NCSDK-31359 Signed-off-by: Tomasz Chyrowicz <[email protected]>
Those fail to build due to RAM overflows. Signed-off-by: Andrzej Głąbek <[email protected]>
sntp_query()'s time parameter was renamed to ts so corresponding change needed to cmock usage. Signed-off-by: Tommi Rantanen <[email protected]>
- Set missing configs to get tests running - Changed define for broadcast_code as per migration guide - OCT-3172
Fixes an issue with this test wrongly using 0 as the area size Signed-off-by: Jamie McCrae <[email protected]>
Output uses logging, which has no guarantee of even being enabled or supported Signed-off-by: Jamie McCrae <[email protected]>
- `native_sim/native` needs to be used now instead of `native_sim` - add entries for failing samples and tests that are to be handled after the upmerge: * sample.mcumgr.smp_svr.ram_load.* * nrf_modem_dect_phy_pcc_event * secure_storage.psa.its.secure_storage.* * sample.net.prometheus - remove `native_posix` Signed-off-by: Maciej Perkowski <[email protected]> Signed-off-by: Andrzej Głąbek <[email protected]>
So far when building for nRF54L15 static DPPI channels were assigned. After adding nRF54L15 support in the DPPI driver this code is unused for nRF54L15 and the common DPPI allocator used hardcoded DPPIC instance. This commit parameterizes the DDPIC instance number depending on the SoC and enables the coresponding instances in the ESB samples' configurations. ESB uses hardcoded instance number per SoC. TODO: Allow selection of the DPPIC instance in one place e.g. Kconfig based on the DTS. Signed-off-by: Michał Grochala <[email protected]>
- Change posix names to zsock. - Remove CONFIG_x_NRF_HW_ASYNC usage. - Correct size for the external flash. Signed-off-by: Markus Lassila <[email protected]>
Function has been deprecated in upstream zephyr, so remove from here. Signed-off-by: Sean Madigan <[email protected]>
Let HOSTAP_CRYPTO_ALT_LEGACY_PSA select MBEDTLS_MD5_C so that md5 related calls are available when crypto_alt is used. Signed-off-by: Ravi Dondaputi <[email protected]>
In scan_only build we need to override the sysbuild config option as well. By default it gets set to SB_CONFIG_WIFI_NRF70_SYSTEM_MODE which enables supplicant. Overriding this with SB_CONFIG_WIFI_NRF70_SCAN_ONLY fixes this. Signed-off-by: Ravi Dondaputi <[email protected]>
The ZMS implementation of the ITS store module is not supported when partition manager is used because the DT chosen `secure_storage_its_partition` cannot be used. This would require using a different, partition manager-specific configuration. As partition manager will be replaced this combination is just not supported. Signed-off-by: Tomi Fontanilles <[email protected]>
We cannot render/link Doxygen groups that belong to another project like Zephyr, see nrfconnect#19341 for progress on that. Signed-off-by: Gerard Marull-Paretas <[email protected]>
Add Zephyr tests due to overflow issues. Refers: NCSDK-31589 NCSDK-31590 NCSDK-31591 Signed-off-by: Katarzyna Giądła <[email protected]>
BLE logging size requirements have increased a lot. We need to reduce logging to fit the application. Signed-off-by: Maximilian Deubel <[email protected]>
Switched from speed to size optimization for nRF54H20 DK target in debug configurations to reduce memory footprint. Jira: NCSDK-31374 Signed-off-by: Mateusz Kapala <[email protected]>
Switched from speed to size optimizations for nRF54L15 DK (nRF54L05 emulated SoC) and enabled LTO in debug and release configurations to reduce memory footprint. Jira: NCSDK-31374 Signed-off-by: Mateusz Kapala <[email protected]>
Remove reference of z_impl_sys_rand_get(). Signed-off-by: Eivind Jølsgard <[email protected]>
Updates required by changes in zephyr upstream for the BT HCI driver. Signed-off-by: Tommi Rantanen <[email protected]>
Update pm policy event usage after API was changed from using relative time in cycles to absolute time in ticks. Signed-off-by: Knut Eldhuset <[email protected]>
This test is not really useful in NCS context (checking if the nRF Wi-Fi driver can be built successfully is done by other tests and samples), and it requires the hal_atmel module to be pulled in (because the WINC1500 driver requires two header files that are located in that module). And the module weights ~87 MB, so it's not reasonable to pull it in just for this one test. Signed-off-by: Andrzej Głąbek <[email protected]>
Fixes an issue with stream writer by providing the size of the partition Signed-off-by: Jamie McCrae <[email protected]>
Change posix names to zsock in nrf_cloud lib. Signed-off-by: Maximilian Deubel <[email protected]>
-This commit adds MBEDTLS_PSA_STATIC_KEY_SLOTS which is default enabled to ensure that there is no dependency on Mbed TLS heap. This configuration is default-enabled as long as MBEDTLS_ENABLE_HEAP or BUILD_WITH_TFM is not enabled -This commit adds MBEDTLS_PSA_KEY_STORE_DYNAMIC which is the counter- part to MBEDTLS_PSA_STATIC_KEY_SLOTS -Added propagating of these Kconfigs to the psa-crypto user config Ref: NCSDK-30210 Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-This updates sdk-oberon-psa-crypto to a version that support static key slots (see previous commit for configurations. -This updates trusted-firmware-m to a version that supports static key slots (see previous commit for configurations). -This updates Mbed TLS to a version that supports static key slots (see previous commit for configurations). Ref: NCSDK-30210 Signed-off-by: Frank Audun Kvamtrø <[email protected]>
frkv
force-pushed
the
psa_crypto_static_slots
branch
from
317da0d to
7d57027
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for statically allocated key slots (so heap can be avoided for constrained devices)
Just for testing. Changes will be taken in #19720 if this works
test_low_level: PR-1765
test_rs: PR-1483
test_fem: PR-1483
test_ble_mesh: ble_mesh_upmerge_test
test_crypto: PR-750
test_suit_dfu: PR-450
test_tfm: PR-194
test_secdom_samples_public: NCSDK-NONE_upmerge_jan2025
test_audio: PR-294