doc: nrf_security: Improve PSA configuration documentation #11702
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joerchan
requested review from
frkv,
Vge0rge,
vili-nordic,
SebastianBoe,
mswarowsky,
carlescufi and
tejlmand
as code owners
github-actions
bot
added
changelog-entry-required
|
The following west manifest projects have been modified in this Pull Request:
Note: This message is automatically posted and updated by the Manifest GitHub Action. |
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
Vge0rge
approved these changes
Jul 5, 2023
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
joerchan
force-pushed
the
psa-oberon-cleanup
branch
from
1ac4eae
to
e45406b
Compare
joerchan
force-pushed
the
psa-oberon-cleanup
branch
2 times, most recently
from
2520bb8
to
d4bc41f
Compare
mia-ko
requested changes
Jul 5, 2023
| | GCM | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_GCM_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_GCM_OBERON` | | ||
| +-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ | ||
| | ChaCha20-Poly1305 | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_CC3XX` | :kconfig:option:`CONFIG_PSA_CRYPTO_DRIVER_ALG_CHACHA20_POLY1305_OBERON` | | ||
| +-----------------------+------------------------------------------------------------------------+-------------------------------------------------------------------------+ | ||
|
|
||
| .. note:: | ||
| * The :ref:`nrf_security_drivers_cc3xx` is limited to AES key sizes of 128 bits on devices with Arm CryptoCell cc310. |
There was a problem hiding this comment.
Should AES be removed before GCM in the line below as well?
There was a problem hiding this comment.
No, the limitation is still valid. we only support AES, and we only support AES key size of 128 bits
There was a problem hiding this comment.
Just to be sure we're not misunderstanding each other :D I meant in line below (i.e. line 189), with the following text:
- The :ref:
nrf_security_drivers_cc3xxdoes not provide hardware support for AES GCM on devices with Arm CryptoCell cc310.
I guess I am not sure why we removed AES from AES GCM in the table above, but we're still keeping it in the limitation in the note below the table.
There was a problem hiding this comment.
Oh yeah, my bad, I didn't read your comment properly.
Yeah, we can say don't support GCM at all.
joerchan
force-pushed
the
psa-oberon-cleanup
branch
from
d4bc41f
to
019b277
Compare
mswarowsky
approved these changes
Jul 5, 2023
mia-ko
approved these changes
Jul 6, 2023
joerchan
force-pushed
the
psa-oberon-cleanup
branch
2 times, most recently
from
77eae59
to
87d6573
Compare
Improve documentation text, change all references to PKCS1V15 to PKCS#1 v1.5. NCSDK-21520 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use the PSA naming of the chachapoly algorithm. This makes it consistent with the PSA documentation as well as the PSA configuration name. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Remove mentions of AES in the cipher documentation. The block ciphers can use different types of block cipher encryption. Stream cipher does not support AES keys at all. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use better naming for cipher names. Document these use natural language instead of code casing. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use better naming for PRNG names. Document these use natural language instead of code casing. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add documentation for enabling PSA RNG configuration. This configuration is new with Oberon PSA core and was not possible to disable earlier. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Update zephyr to include the PSA configuration dependency fixes. This also aligns the PSA configuration names with the NCS documentation. Update nrfxlib to match NCS documentation naming. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
joerchan
force-pushed
the
psa-oberon-cleanup
branch
from
87d6573
to
0f7f9e4
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Improve the PSA configuration.
See commits for details.
Pull zephyr for PSA dependency fixes, as well as updating PSA configuration to be aligned with NCS documentation.