From e3ee4e9cf12fca8b0a419c7e10b629d9aa06a8b2 Mon Sep 17 00:00:00 2001
From: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Date: Fri, 29 Nov 2024 09:25:38 +0100
Subject: [PATCH] secure_storage: change dependencies on settings and flash

The commit changes dependencies on SETTINGS and FLASH
to avoid circular dependencies if security storage
subsystem users select them too.

Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
---
 doc/releases/migration-guide-4.1.rst                 | 12 ++++++++++++
 samples/psa/its/overlay-secure_storage.conf          |  4 ++++
 .../psa/persistent_key/overlay-secure_storage.conf   |  4 ++++
 subsys/secure_storage/Kconfig                        |  1 -
 subsys/secure_storage/Kconfig.its_store              | 10 ++++------
 .../psa/crypto/overlay-secure_storage.conf           |  4 ++++
 .../psa/its/overlay-default_store.conf               |  4 ++++
 7 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/doc/releases/migration-guide-4.1.rst b/doc/releases/migration-guide-4.1.rst
index 12423468f0a2536..22bdd96a15c434b 100644
--- a/doc/releases/migration-guide-4.1.rst
+++ b/doc/releases/migration-guide-4.1.rst
@@ -260,6 +260,18 @@ Other Subsystems
 Flash map
 =========
 
+Secure storage
+==============
+
+* The :kconfig:option:`CONFIG_SECURE_STORAGE_ITS_STORE_MODULE` symbol no longer implies the
+  :kconfig:option:`CONFIG_FLASH` Kconfig option. Platforms using Secure storage must explicitly enable it.
+
+* The :kconfig:option:`CONFIG_SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_SETTINGS` symbol no longer implies the
+  :kconfig:option:`CONFIG_FLASH_MAP` and :kconfig:option:`CONFIG_NVS` Kconfig options.
+  It no longer selects the :kconfig:option:`CONFIG_SETTINGS` Kconfig option either.
+  Platforms using Secure storage must explicitly enable :kconfig:option:`CONFIG_FLASH_MAP`,
+  :kconfig:option:`CONFIG_SETTINGS` and the desired storage system (e.g. :kconfig:option:`CONFIG_ZMS`).
+
 hawkBit
 =======
 
diff --git a/samples/psa/its/overlay-secure_storage.conf b/samples/psa/its/overlay-secure_storage.conf
index 3473ae389101ab5..112986420a8a749 100644
--- a/samples/psa/its/overlay-secure_storage.conf
+++ b/samples/psa/its/overlay-secure_storage.conf
@@ -7,4 +7,8 @@ CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 # On top of that, the ITS implementation uses the stack for buffers.
 CONFIG_MAIN_STACK_SIZE=3072
 
+CONFIG_FLASH=y
+CONFIG_FLASH_MAP=y
+CONFIG_NVS=y
+CONFIG_SETTINGS=y
 CONFIG_SECURE_STORAGE=y
diff --git a/samples/psa/persistent_key/overlay-secure_storage.conf b/samples/psa/persistent_key/overlay-secure_storage.conf
index 3473ae389101ab5..112986420a8a749 100644
--- a/samples/psa/persistent_key/overlay-secure_storage.conf
+++ b/samples/psa/persistent_key/overlay-secure_storage.conf
@@ -7,4 +7,8 @@ CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 # On top of that, the ITS implementation uses the stack for buffers.
 CONFIG_MAIN_STACK_SIZE=3072
 
+CONFIG_FLASH=y
+CONFIG_FLASH_MAP=y
+CONFIG_NVS=y
+CONFIG_SETTINGS=y
 CONFIG_SECURE_STORAGE=y
diff --git a/subsys/secure_storage/Kconfig b/subsys/secure_storage/Kconfig
index 11e78a7dbd2ce88..86c589e81a4ffb8 100644
--- a/subsys/secure_storage/Kconfig
+++ b/subsys/secure_storage/Kconfig
@@ -65,7 +65,6 @@ endif
 
 menuconfig SECURE_STORAGE_ITS_STORE_MODULE
 	bool "ITS store module"
-	imply FLASH # for FLASH_HAS_DRIVER_ENABLED
 	help
 	  The module that handles the storage/retrieval of the ITS data to/from NVM.
 	  Zephyr's ITS implementation calls into it.
diff --git a/subsys/secure_storage/Kconfig.its_store b/subsys/secure_storage/Kconfig.its_store
index 9e4d9b650205931..147210517ae6b78 100644
--- a/subsys/secure_storage/Kconfig.its_store
+++ b/subsys/secure_storage/Kconfig.its_store
@@ -7,12 +7,10 @@ choice SECURE_STORAGE_ITS_STORE_IMPLEMENTATION
 config SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_SETTINGS
 	bool "ITS store module implementation using the settings subsystem for storage"
 	DT_STORAGE_PARTITION := $(dt_nodelabel_path,storage_partition)
-	depends on FLASH_HAS_DRIVER_ENABLED \
-		&& $(dt_path_enabled,$(DT_STORAGE_PARTITION)) \
-		&& $(dt_node_has_compat,$(dt_node_parent,$(DT_STORAGE_PARTITION)),fixed-partitions)
-	imply FLASH_MAP
-	imply NVS
-	select SETTINGS
+	depends on FLASH_HAS_DRIVER_ENABLED
+	depends on $(dt_path_enabled,$(DT_STORAGE_PARTITION))
+	depends on $(dt_node_has_compat,$(dt_node_parent,$(DT_STORAGE_PARTITION)),fixed-partitions)
+	depends on SETTINGS
 
 config SECURE_STORAGE_ITS_STORE_IMPLEMENTATION_NONE
 	bool "No ITS store module implementation"
diff --git a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
index e076008277b6641..b9320c450cd565f 100644
--- a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
+++ b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf
@@ -8,6 +8,10 @@ CONFIG_TIMER_RANDOM_GENERATOR=y
 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=2048
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 
+CONFIG_FLASH=y
+CONFIG_FLASH_MAP=y
+CONFIG_NVS=y
+CONFIG_SETTINGS=y
 CONFIG_SECURE_STORAGE=y
 # For testing isolation between the different callers of the ITS.
 CONFIG_SECURE_STORAGE_PS_IMPLEMENTATION_ITS=y
diff --git a/tests/subsys/secure_storage/psa/its/overlay-default_store.conf b/tests/subsys/secure_storage/psa/its/overlay-default_store.conf
index 584a2d08febb5c9..2845f0b8feaa976 100644
--- a/tests/subsys/secure_storage/psa/its/overlay-default_store.conf
+++ b/tests/subsys/secure_storage/psa/its/overlay-default_store.conf
@@ -1,2 +1,6 @@
+CONFIG_FLASH=y
+CONFIG_FLASH_MAP=y
+CONFIG_NVS=y
+CONFIG_SETTINGS=y
 # Limit the space available for the maximum entry test to not take too long.
 CONFIG_SETTINGS_NVS_SECTOR_COUNT=2