Tfm test #14013
Closed
Tfm test #14013
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Upmerge to update the TF-M version to 2.0.0 This comes with the mbed TLS version 3.5.0 And the TF-M tests v23.06_API1.5_ADAC_EAC Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The place where TF-M stores the non-secure API headers changed in 2.0.0 So changing them for all applications that need them Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Remove include of tfm_api.h as it got deleted Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The target tfm_partition_defs got removed and tfm_config gets used now so updating it Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
hash_info.c got removed in mbed TLS 3.5.0 Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The preload.cmake file was renamed to cpuarch.cmake in TF-M 2.0.0 Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
With TF-M 2.0.0 and the included split build feature the ns target isn't build anymore therefore removing the reference to it. Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Set the full path for the generated Mbed TLS PSA crypto config file for TF-M as the build system needs the full path Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
CONFIG_TFM_CONN_HANDLE_MAX_NUM is only need if TF-M is used with IPC mode Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Within the non-secure exception handling several Faults got defined again, but the definition within TF-M can be used Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The TFM_ITS_MAX_ASSET_SIZE is now set via the tfm_config.h.in file directly not via a CMake define that was set with TFM_ITS_MAX_ASSET_SIZE_OVERRIDE, therefore removing it. Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
TFM_BUILD_NS got removed with the split build of TF-M 2.0.0 in zephyr so remove it in the ncs CMake as well Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Due to the split build of TF-M we need to pass the PSA_WANT configuration to the Secure and Non-Secure image. Before TF-M was building both images in the same process but now the Non-Secure image is build separately. But for some images like tests we need to know the PSA configuration for both images, but so far the PSA_WANT configuration was ignored if legacy was used in the Non-Secure. This commit places the setting the PSA_WANT configurations in a separate cmake file so it can be used by legacy and psa. Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Due to the TF-M split build feature the separate build logic is needed to support Non-secure builds with the out-of-tree boards of the TF-M nordic_nrf platforms Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The non-secure test application has to be build separately in the tf-m-tests repository as an external project. The regression tests need to provide test configurations to both TF-M an NS app. Duplicate configuration done in the spe/CMakeLists.txt to configure TF-M image for the regression tests. While coping some files from TF-M to the non-secure interface to make the tests run Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Don't assume that the NS domain can use UART0 Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Updates the Oberon PSA core to the version 1.2.1 which is compatbile with MbedTLS 3.5.2 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
This includes the required adaptions to nrf_security to work with the new Oberon PSA core version 1.2.1 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
For the tfm_regression tests we have only one app.overlay file, so aligning the psa_arch_tests with that Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Building the Non secure test app separately. This also Uses the test non-secure application directly, without getting called from the zephyr application Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
PSA_WANT_ symbols for the MD case Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
psa_util.c got added to legacy crypto of mbed TLS 3.5.0 so adding it to our legacy build as well Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Add Missing PSA_WANT configs for key pairs Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Adding the Kconfig keys to accelerate RSA Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
So far the MBEDTLS_USER_CONFIG_FILE was used to pass the PSA configuration to mbedTLS but with mbed TLS 3.5.2 it has its own MBEDTLS_PSA_CRYPTO_CONFIG_FILE so changing the build system to use that for passing the PSA_WANT configs which is now required for legacy and PSA crypto builds. The MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE is now used for the PSA_NEED definitions. Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
By setting CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR RSA got enabled by default, moving it into the rsa.conf will only enabled it when needed. Also adding the Key size 2048 as this is size of the used certificate Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
For TLS some Mbed TLS config defines are needed, even though PSA crypto is used, as TLS is still using legacy crypto. So that mbedTLS legacy crypto is added in the non-secure app. To configure it the Kconfig options are set and the corresboding cmake defines, but they didn't get parsed in the nrf-config.h file so adding this with this commit Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Before this MBEDTLS option was enabled by default, causing build issues Adding it as Kconfig enables it to be enabled when needed Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Remove header files which exist in the Oberon PSA core under the mbedtls folder which are not modified by Oberon. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Enable a key size of 2048 instead of 1024 as the source code explicitly uses this key size. It is not clear how this has been passing CI earlier. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
PKCS5 uses CBC with PKCS7 padding, so we're adding the dependency to Kconfig. Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Since we don't provide the function anymore. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
uoscore isn't ported to use NRF security so it is not supported. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
The new mbedtls revision has brought in more mbedtls legacy sources. Add these to the build as well. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
We recently deleted the oberon "legacy mbedtls" header files, in this patch we add some cmake code for also adding mbedtls "legacy mbedtls" header files to path to replace these deleted files. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Fix project config for wifi board Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Add missing MBEDTLS_PK_C dependcy for WPA_SUPP_CRYPTO PSA and legacy Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
MBEDTLS_RSA_C is now partially implemented using PSA APIs, so we need to add the requirement that these are enabled. Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Stop enabling the deprecated Kconfig TFM_BUILD_NS. I don't think this option was doing what the author thought it was doing anyway. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
This commit contains several changes to make fota_download compatible with the new TF-M revision. We check for CONFIG_TRUSTED_EXECUTION_NONSECURE instead of CONFIG_BUILD_WITH_TFM because the fota_download test that mocks TF-M no longer has CONFIG_BUILD_WITH_TFM set, but it does have CONFIG_TRUSTED_EXECUTION_NONSECURE set. We stop checking for CONFIG_SPM_SERVICE_S0_ACTIVE because it is no longer supported. We remove the \#error "Not possible to read s0 active status" because it was triggering a build error. We add missing include paths that were no longer being added in the new TF-M revision. And we disable CONFIG_BUILD_WITH_TFM=n to avoid a multiple definition error. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
For WPA_SUPP_CRYPTO_LEGACY, MBEDTLS_PKCS5_C is needed. Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Attempt at fixing regression in PSA Core for PAKE. The Oberon PSA Core used to support empty peers/users, but has now broken this support. This is the first patch in an attempt to recover this support. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Use PSA_WANT config to enable RSA together with the used key sizes Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
We had a patch there because we enabled the MBEDTLS_PLATFORM_ZEROIZE_ALT when CryptoCell is enabled but we don't need this anymore since the platform zeroize function not not provided by the CryptoCell platform library anymore. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
github-actions
bot
added
doc-required
|
The following west manifest projects have been modified in this Pull Request: Note: This message is automatically posted and updated by the Manifest GitHub Action. |
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.