diff --git a/modules/trusted-firmware-m/Kconfig.mbedtls_minimal.defconfig b/modules/trusted-firmware-m/Kconfig.mbedtls_minimal.defconfig index eeefa5f30d40..3e42277c86cc 100644 --- a/modules/trusted-firmware-m/Kconfig.mbedtls_minimal.defconfig +++ b/modules/trusted-firmware-m/Kconfig.mbedtls_minimal.defconfig @@ -70,218 +70,3 @@ config MBEDTLS_PSA_CRYPTO_STORAGE_C config MBEDTLS_LEGACY_CRYPTO_C default n - -config PSA_WANT_ALG_CTR_DRBG - default n - -config PSA_WANT_ALG_HMAC_DRBG - bool - default y - -config PSA_WANT_KEY_TYPE_DERIVE - bool - default n - -config PSA_WANT_KEY_TYPE_HMAC - bool - default n - -config PSA_WANT_KEY_TYPE_AES - bool - default n - -config PSA_WANT_KEY_TYPE_CHACHA20 - bool - default n - -config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR - bool - default n - -config PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY - bool - default n - -config PSA_WANT_KEY_TYPE_RAW_DATA - bool - default n - -config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR - bool - default n - -config PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - bool - default n - -config PSA_WANT_ALG_CCM - bool - default n - -config PSA_WANT_ALG_GCM - bool - default n - -config PSA_WANT_ALG_CHACHA20_POLY1305 - bool - default n - -config PSA_WANT_ALG_CBC_MAC - bool - default n - -config PSA_WANT_ALG_CMAC - bool - default n - -config PSA_WANT_ALG_HMAC - bool - default n - -config PSA_WANT_ALG_SHA_1 - bool - default n - -config PSA_WANT_ALG_SHA_224 - bool - default n - -config PSA_WANT_ALG_SHA_256 - bool - default n - -config PSA_WANT_ALG_SHA_384 - bool - default n - -config PSA_WANT_ALG_SHA_512 - bool - default n - -config PSA_WANT_ALG_RIPEMD160 - bool - default n - -config PSA_WANT_ALG_MD5 - bool - default n - -config PSA_WANT_ALG_ECB_NO_PADDING - bool - default n - -config PSA_WANT_ALG_CBC_NO_PADDING - bool - default n - -config PSA_WANT_ALG_CBC_PKCS7 - bool - default n - -config PSA_WANT_ALG_CFB - bool - default n - -config PSA_WANT_ALG_CTR - bool - default n - -config PSA_WANT_ALG_OFB - bool - default n - -config PSA_WANT_ALG_XTS - bool - default n - -config PSA_WANT_ALG_HKDF - bool - default n - -config PSA_WANT_ALG_PBKDF2_HMAC - bool - default n - -config PSA_WANT_ALG_TLS12_PRF - bool - default n - -config PSA_WANT_ALG_ECDH - bool - default n - -config PSA_WANT_ALG_ECDSA - bool - default n - -config PSA_WANT_ALG_DETERMINISTIC_ECDSA - bool - default n - -config PSA_WANT_ECC_BRAINPOOL_P_R1_256 - bool - default n - -config PSA_WANT_ECC_BRAINPOOL_P_R1_384 - bool - default n - -config PSA_WANT_ECC_BRAINPOOL_P_R1_512 - bool - default n - -config PSA_WANT_ECC_MONTGOMERY_255 - bool - default n - -config PSA_WANT_ECC_MONTGOMERY_448 - bool - default n - -config PSA_WANT_ECC_SECP_K1_192 - bool - default n - -config PSA_WANT_ECC_SECP_K1_256 - bool - default n - -config PSA_WANT_ECC_SECP_R1_192 - bool - default n - -config PSA_WANT_ECC_SECP_R1_224 - bool - default n - -config PSA_WANT_ECC_SECP_R1_256 - bool - default n - -config PSA_WANT_ECC_SECP_R1_384 - bool - default n - -config PSA_WANT_ECC_SECP_R1_521 - bool - default n - -config PSA_WANT_ALG_RSA_OAEP - bool - default n - -config PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - bool - default n - -config PSA_WANT_ALG_RSA_PKCS1V15_SIGN - bool - default n - -config PSA_WANT_ALG_RSA_PSS - bool - default n - -config PSA_WANT_ALG_STREAM_CIPHER - bool - default n diff --git a/modules/trusted-firmware-m/Kconfig.psa.defconfig b/modules/trusted-firmware-m/Kconfig.psa.defconfig index 3ff4020e1ec3..57aa7efd0d44 100644 --- a/modules/trusted-firmware-m/Kconfig.psa.defconfig +++ b/modules/trusted-firmware-m/Kconfig.psa.defconfig @@ -1,163 +1,3 @@ config MBEDTLS bool default n - -config PSA_WANT_KEY_TYPE_DERIVE - bool - default y -config PSA_WANT_KEY_TYPE_HMAC - bool - default y -config PSA_WANT_KEY_TYPE_AES - bool - default y -config PSA_WANT_KEY_TYPE_CHACHA20 - bool - default y -config PSA_WANT_KEY_TYPE_ECC_KEY_PAIR - bool - default y -config PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY - bool - default y -config PSA_WANT_KEY_TYPE_RAW_DATA - bool - default y -config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR - bool - default y -config PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY - bool - default y -config PSA_WANT_ALG_CCM - bool - default y -config PSA_WANT_ALG_GCM - bool - default y -config PSA_WANT_ALG_CHACHA20_POLY1305 - bool - default y -config PSA_WANT_ALG_CBC_MAC - bool - default y -config PSA_WANT_ALG_CMAC - bool - default y -config PSA_WANT_ALG_HMAC - bool - default y -config PSA_WANT_ALG_SHA_1 - bool - default n -config PSA_WANT_ALG_SHA_224 - bool - default y -config PSA_WANT_ALG_SHA_256 - bool - default y -config PSA_WANT_ALG_SHA_384 - bool - default y -config PSA_WANT_ALG_SHA_512 - bool - default y -config PSA_WANT_ALG_RIPEMD160 - bool - default n -config PSA_WANT_ALG_MD5 - bool - default n -config PSA_WANT_ALG_ECB_NO_PADDING - bool - default y -config PSA_WANT_ALG_CBC_NO_PADDING - bool - default y -config PSA_WANT_ALG_CBC_PKCS7 - bool - default y -config PSA_WANT_ALG_CFB - bool - default n -config PSA_WANT_ALG_CTR - bool - default y -config PSA_WANT_ALG_OFB - bool - default n - -# PSA_WANT_ALG_XTS - Currently not supported - -config PSA_WANT_ALG_HKDF - bool - default y -config PSA_WANT_ALG_PBKDF2_HMAC - bool - default y -config PSA_WANT_ALG_TLS12_PRF - bool - default y -config PSA_WANT_ALG_TLS12_PSK_TO_MS - bool - default y -config PSA_WANT_ALG_ECDH - bool - default y -config PSA_WANT_ALG_ECDSA - bool - default y -config PSA_WANT_ALG_DETERMINISTIC_ECDSA - bool - default y -config PSA_WANT_ECC_BRAINPOOL_P_R1_256 - bool - default y -config PSA_WANT_ECC_BRAINPOOL_P_R1_384 - bool - default n -config PSA_WANT_ECC_BRAINPOOL_P_R1_512 - bool - default n -config PSA_WANT_ECC_MONTGOMERY_255 - bool - default y -config PSA_WANT_ECC_MONTGOMERY_448 - bool - default n -config PSA_WANT_ECC_SECP_K1_192 - bool - default n -config PSA_WANT_ECC_SECP_K1_256 - bool - default y -config PSA_WANT_ECC_SECP_R1_192 - bool - default y -config PSA_WANT_ECC_SECP_R1_224 - bool - default y -config PSA_WANT_ECC_SECP_R1_256 - bool - default y -config PSA_WANT_ECC_SECP_R1_384 - bool - default y -config PSA_WANT_ECC_SECP_R1_521 - bool - default y -config PSA_WANT_ALG_RSA_OAEP - bool - default y -config PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - bool - default y -config PSA_WANT_ALG_RSA_PKCS1V15_SIGN - bool - default y -config PSA_WANT_ALG_RSA_PSS - bool - default y -config PSA_WANT_ALG_STREAM_CIPHER - bool - default y diff --git a/subsys/nrf_security/Kconfig.tls b/subsys/nrf_security/Kconfig.tls index 71a81fdd12ea..009a20bc015c 100644 --- a/subsys/nrf_security/Kconfig.tls +++ b/subsys/nrf_security/Kconfig.tls @@ -73,6 +73,8 @@ menuconfig MBEDTLS_TLS_LIBRARY bool prompt "Create mbed TLS transport layer security library" select MBEDTLS_X509_LIBRARY + imply PSA_WANT_ALG_TLS12_PRF + imply PSA_WANT_ALG_TLS12_PSK_TO_MS default y if MBEDTLS_PSA_CRYPTO_C && (MBEDTLS_ECDSA_C || MBEDTLS_ECDH_C) help Create the mbed SSL/TLS library in addition to the mbed crypto @@ -80,15 +82,6 @@ menuconfig MBEDTLS_TLS_LIBRARY if MBEDTLS_TLS_LIBRARY -# Enact override to set this configuration in case MBEDTLS_TLS_LIBRARY is enabled -config PSA_WANT_ALG_TLS12_PRF - bool - default y - -config PSA_WANT_ALG_TLS12_PSK_TO_MS - bool - default y - config MBEDTLS_SSL_CLI_C bool "Enable the SSL/TLS client code" default y diff --git a/west.yml b/west.yml index e946d8bb39f1..db01a9c41f6e 100644 --- a/west.yml +++ b/west.yml @@ -59,7 +59,7 @@ manifest: # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html - name: zephyr repo-path: sdk-zephyr - revision: 77ed2a43ed4f52fd9ce19c71525617ac2a9948a7 + revision: 35510c3d8e95826803ffaee1bb678163e1846320 import: # In addition to the zephyr repository itself, NCS also # imports the contents of zephyr/west.yml at the above @@ -144,11 +144,11 @@ manifest: - name: trusted-firmware-m repo-path: sdk-trusted-firmware-m path: modules/tee/tf-m/trusted-firmware-m - revision: ccab64f0be60b81d968dde83b48b6a01605c8128 + revision: c5b393bb0bc9436c486c791d8698e1cdb8ed2c18 - name: matter repo-path: sdk-connectedhomeip path: modules/lib/matter - revision: 6d0b6310ca48741d358ec06e6a175fc077982ae8 + revision: ab1abc1ed9c8a4342b55782aae7416b860f5d89d submodules: - name: nlio path: third_party/nlio/repo