Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nrf_security: Change default value of PSA_WANT configurations to disabled #11610

Merged
merged 9 commits into from
Jul 7, 2023
Merged

nrf_security: Change default value of PSA_WANT configurations to disabled #11610

merged 9 commits into from
Jul 7, 2023

Conversation

joerchan
Copy link
Contributor

@joerchan joerchan commented Jun 23, 2023
edited
Loading

Change the default value of PSA_WANT configurations to be default disabled.

Kconfig options that required PSA crypto should use select PSA_WANT_<feature>.
Samples or tests that use PSA crypto should use CONFIG_PSA_WANT_<feature_>=y

This simplifies the use of Kconfig default value overrides that are present in OpenThread and Matter.
This is a step towards making the PSA_WANT configurations available in upstream zephyr.

@github-actions github-actions bot added changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest labels Jun 23, 2023
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jun 23, 2023
edited
Loading

The following west manifest projects have been modified in this Pull Request:

Name Old Revision New Revision Diff
matter nrfconnect/sdk-connectedhomeip@6d0b631 nrfconnect/sdk-connectedhomeip@ab1abc1 (master) nrfconnect/sdk-connectedhomeip@6d0b6310..ab1abc1e
trusted-firmware-m nrfconnect/sdk-trusted-firmware-m@ccab64f nrfconnect/sdk-trusted-firmware-m@c5b393b (master) nrfconnect/sdk-trusted-firmware-m@ccab64f0..c5b393bb
zephyr nrfconnect/sdk-zephyr@77ed2a4 nrfconnect/sdk-zephyr@35510c3 (main) nrfconnect/sdk-zephyr@77ed2a43..35510c3d

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jun 23, 2023
edited
Loading

Test specification

CI/Jenkins/NRF

  • Integration Platforms

CI/Jenkins/integration

Test Module File based changes Manually selected West overwrite
desktop52_verification X
test-fw-nrfconnect-ble X
test-fw-nrfconnect-ble_samples X
test-fw-nrfconnect-chip X
test-fw-nrfconnect-fem X
test-fw-nrfconnect-nfc X
test-fw-nrfconnect-nrf-iot_cloud X
test-fw-nrfconnect-nrf-iot_lwm2m X
test-fw-nrfconnect-nrf-iot_thingy91 X
test-fw-nrfconnect-nrf-iot_zephyr_lwm2m X
test-fw-nrfconnect-nrf_crypto X
test-fw-nrfconnect-rpc X
test-fw-nrfconnect-rs X
test-fw-nrfconnect-tfm X
test-fw-nrfconnect-thread X
test-sdk-find-my X
test-sdk-homekit X
test-sdk-wifi X

test-fw-nrfconnect-chip: added because there was no .github/test-spec.yml in 'matter'
test-fw-nrfconnect-tfm: added because there was no .github/test-spec.yml in 'trusted-firmware-m'

Detailed information of selected test modules

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publishing GitHub Action.

@joerchan joerchan force-pushed the psa-default-off branch 9 times, most recently from ab8ed5d to 0f1c23f Compare June 29, 2023 12:24
@joerchan joerchan changed the title DO NOT REVIEW || RUNNING CI FIRST! nrf_security: Change default value of PSA_WANT configurations to disabled Jun 29, 2023
@joerchan joerchan force-pushed the psa-default-off branch 2 times, most recently from 4a0ac81 to 4ddb97a Compare June 30, 2023 14:09
@joerchan joerchan force-pushed the psa-default-off branch 2 times, most recently from e330d31 to 987ad5f Compare July 7, 2023 07:26
@NordicBuilder NordicBuilder removed the DNM label Jul 7, 2023
@joerchan
samples: crypto: Add sample configuration for PSA algorithms used
bb0fb58 
Add sample configurations for the PSA algorithms being used.
This makes the samples not rely on default configurations.

NCSDK-18031

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
samples: tfm: Add sample configuration for PSA algorithms used
970e323 
Add sample configurations for the PSA algorithms being used.
This makes the samples not rely on default configurations.

NCSDK-18031

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
tests: tfm: Add sample configurations for PSA algorithms used
451c8f2 
Add sample configurations for the PSA algorithms being used.
This makes the sample not rely on default configurations.

NCSDK-18031

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
samples: hw_unique_key: Add sample configurations for PSA algs used
cd21f4e 
Add sample configurations for the PSA algorithms being used.
This makes the sample not rely on default configurations.

NCSDK-18031

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
tests: hw_unique_key: Add test configurations for PSA algorithms used
43cbc97 
Add test configurations for the PSA algorithms being used.
This makes the test not rely on default configurations.

NCSDK-18031

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
tfm: Add PSA default configuration with select for required PSA algs
83bdd40 
Add PSA default configuration with select for the required PSA
algorithms needed by TF-M.
key derivation is used by TF-M builtin keys and Protected Storage.
AEAD algorithm is used by Protected Storage.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
samples: psa_tls: Enable the default set of PSA want algs
fa20a59 
Explicitly enable the default set of PSA want algorithms in the
psa_tls sample.
The set of algorithms is not neccesarily the required set of algorithms
but instead just what was already enabled as a simplifiction in order
to not cause any configuration changes in the sample.
Remove PSA want configuration from other kconfig fragments.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
nrf_security: Add missing CCM as a valid ciphersuite requirement
8422989 
Add missing CCM dependency for ciphersuites.
The CCM cipher mode can be used in ciphersuites so it should satisfy
the requirements.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@joerchan
manifest: Update sdk-zephyr to disable PSA configurations by default
57f4030 
Update sdk-zephyr to disable PSA configurations by default.
Remove default configuration overrides in matter project.
Fix TF-M compilation error in ITS when disabling PS.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
@rlubos rlubos merged commit 30f51b2 into nrfconnect:main Jul 7, 2023
29 checks passed
@joerchan joerchan deleted the psa-default-off branch July 7, 2023 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SebastianBoe SebastianBoe SebastianBoe approved these changes

@mswarowsky mswarowsky mswarowsky approved these changes

@frkv frkv Awaiting requested review from frkv

@Vge0rge Vge0rge Awaiting requested review from Vge0rge

@torsteingrindvik torsteingrindvik Awaiting requested review from torsteingrindvik

@magnev magnev Awaiting requested review from magnev magnev is a code owner

@tejlmand tejlmand Awaiting requested review from tejlmand

@carlescufi carlescufi Awaiting requested review from carlescufi

@simensrostad simensrostad Awaiting requested review from simensrostad

@vili-nordic vili-nordic Awaiting requested review from vili-nordic

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest manifest-matter manifest-openthread manifest-trusted-firmware-m manifest-zephyr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@joerchan @NordicBuilder @SebastianBoe @mswarowsky @vili-nordic @rlubos