nrf_security: Add Oberon PSA configurations in Kconfig #11676
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vge0rge
requested review from
frkv,
vili-nordic,
joerchan,
SebastianBoe and
mswarowsky
as code owners
Vge0rge
removed request for
SebastianBoe,
joerchan,
mswarowsky,
frkv and
vili-nordic
github-actions
bot
added
the
changelog-entry-required
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
Vge0rge
force-pushed
the
oberon_kconfigs
branch
3 times, most recently
from
bdd9e5a
to
2f0f829
Compare
|
The following west manifest projects have been modified in this Pull Request:
Note: This message is automatically posted and updated by the Manifest GitHub Action. |
Vge0rge
force-pushed
the
oberon_kconfigs
branch
4 times, most recently
from
45eec76
to
9df6d43
Compare
Vge0rge
force-pushed
the
oberon_kconfigs
branch
2 times, most recently
from
2890801
to
a954331
Compare
melwee01
requested changes
Aug 2, 2023
|
|
||
| The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_SIGNATURE_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for the RSA PKCS#1 v1.5 signing algorithm. | ||
|
|
||
| The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_ASYMMETRIC_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for RSA PKCS#1 v1.5 and RSA OAEP encryption. |
There was a problem hiding this comment.
Suggested change
| The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_ASYMMETRIC_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for RSA PKCS#1 v1.5 and RSA OAEP encryption. | |
| The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_ASYMMETRIC_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for RSA PKCS#1 v1.5 and RSA OAEP encryption. |
| +-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ | ||
| | RSA PSS | Not supported | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_RSA_PSS_OBERON` | | ||
| +-----------------------+--------------------------------------------------------------------------+--------------------------------------------------------------------------+ | ||
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `RSA configurations`_. |
There was a problem hiding this comment.
Suggested change
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `RSA configurations`_. | |
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `RSA configurations`_. |
There was a problem hiding this comment.
search replaced user enabled with user-enabled in the file.
| | RIPEMD-160 | Not supported | Not supported | | ||
| +-----------------------+---------------------------------------------------------------+---------------------------------------------------------------+ | ||
|
|
||
| You can use the following table to check the Hash algorithm support of each driver: |
There was a problem hiding this comment.
Suggested change
| You can use the following table to check the Hash algorithm support of each driver: | |
| Use the following table to check the Hash algorithm support of each driver: |
Please apply this change to other instances of this, where we changed 'you can use the following configurations' to 'you can check the table'.
There was a problem hiding this comment.
Search-replaced "You can use" with "Use" in the file
|
|
||
| The option :kconfig:option:`CONFIG_PSA_USE_CC3XX_HASH_DRIVER` enables the driver :ref:`nrf_security_drivers_cc3xx` for all the supported algorithms. | ||
|
|
||
| The driver configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `HASH configurations`_. |
There was a problem hiding this comment.
Suggested change
| The driver configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `HASH configurations`_. | |
| The configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `HASH configurations`_. |
There was a problem hiding this comment.
Search-replaced "The driver configuration" with "The configuration" in the file
| | SRP | Not supported | Supported | | ||
| +-----------------------+--------------------------+---------------------------+ | ||
|
|
||
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `Password-authenticated key agreement configurations`_. |
There was a problem hiding this comment.
Suggested change
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user enabled algorithms in `Password-authenticated key agreement configurations`_. | |
| Configuration of the :ref:`nrf_security_drivers_oberon` driver is automatically generated based on the user-enabled algorithms in `Password-authenticated key agreement configurations`_. |
|
Other notes: Notes are rendering on the page with bullet points: Adding: Bartek's opinion, which I think is reasonable, is that bullet points are fine where there are two or more points per note, but we could take them out for notes where there is only one bullet point. |
joerchan
force-pushed
the
oberon_kconfigs
branch
from
494d658
to
33358e2
Compare
joerchan
force-pushed
the
oberon_kconfigs
branch
2 times, most recently
from
e231c8f
to
e73fb29
Compare
joerchan
force-pushed
the
oberon_kconfigs
branch
from
e73fb29
to
efe3d60
Compare
melwee01
requested changes
Aug 30, 2023
| +-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ | ||
| | Stream cipher | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_STREAM_CIPHER_OBERON` | | ||
| +-----------------------+---------------------------------------------------------------------+----------------------------------------------------------------------+ | ||
| Cipher algorithm support for each driver: |
There was a problem hiding this comment.
Suggested change
| Cipher algorithm support for each driver: | |
| The following table shows cipher algorithm support for each driver: |
There was a problem hiding this comment.
While I personally prefer your more straightforward way of introducing tables, it seems that 'the following table shows' is a standard stylistic choice throughout NCS. Can you apply these throughout, or would you like me to add a suggestion for each?
| @@ -272,17 +300,24 @@ The ECC algorithm support is dependent on one or more Kconfig options enabling c | |||
| ECC driver configurations | |||
| ========================= | |||
|
|
|||
| You can use the following Kconfig options for fine-grained control over which drivers provide ECC support: | |||
| Use the following table to check the ECC algorithm support of each driver: | |||
There was a problem hiding this comment.
Think we should follow the same form for these as well. 'The following table shows ECC algorithim support of each driver'...
| +--------------------+-----------------------------------------------------+ | ||
|
|
||
| .. note:: | ||
| * All RSA key size configurations are introduced by :ref:`nrf_security` and are not described by the PSA Crypto specification. |
There was a problem hiding this comment.
I don't remember if it was in reference to this or another PR, but I checked this formatting with Bartek. He said that notes should have bullet points only if there are multiple items in the list.
Please remove bullet points for notes with only one item.
joerchan
force-pushed
the
oberon_kconfigs
branch
from
efe3d60
to
10c4b3f
Compare
joerchan
approved these changes
Sep 4, 2023
melwee01
approved these changes
Sep 5, 2023
Vge0rge
force-pushed
the
oberon_kconfigs
branch
6 times, most recently
from
c453f78
to
282dfa1
Compare
The Oberon core uses a configuration scheme where the user chooses the PSA_WANT and the PSA_USE options and the core itself derives the PSA_NEED configurations which are used internally. This change adapts this new configuration scheme in nrf_security. With this change the user still have the option to explicitely enable/disable drivers with the previous options: PSA_CRYPTO_DRIVER_OBERON PSA_CRYPTO_DRIVER_CC3XX Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Update the documentation files for the NRF security configurations of the PSA APIs to follow the Oberon PSA configuration scheme. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Update the psa_tls sample to follow the new configuration scheme from Oberon PSA core. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Vge0rge
force-pushed
the
oberon_kconfigs
branch
from
282dfa1
to
4bf84ea
Compare
|
Matter/Chip plans failed on nRF7002 while connecting to the wifi: |
Two runs ago CHIP was green. (Check run 90). It seems to me like a CI issue CHIP/MATTER. |
Thanks for info |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change the nrf_security configurations to follow the configuration scheme from the Oberon PSA core.
Signed-off-by: Georgios Vasilakis georgios.vasilakis@nordicsemi.no
test-sdk-nrf: geva-11676