Mss fix ram overflow #17541
Draft
Mss fix ram overflow #17541
+7,036
−32,448
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates manifest for upmerge Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
We need to define _POSIX_C_SOURCE to include gmtime_r from the standard library. Include minimum required _POSIX_C_SOURCE version. Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
-During the last Zephyr upmerge the includes changed from autoconf.h to zephyr/autoconf.h which this commit fixes for the following: - TF-M header for IOCTL API - Out-of-tree device nrf device integration for TF-M - HW unique key library (and sysbuild) - lwm2m_carrier (sysbuild) - Bootloader (Partition Manager) - Netboot (Partition Manager) - Lots of Partition Manager yml files Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-There is a deprecation of "z_arch_esf_t" in favor of using the type "struct arch_esf" that is changed in fault handling code for TF-M. This commit fixes this Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Changed CONFIG_LOG_DOMAIN_ID to Z_LOG_LOCAL_DOMAIN_ID as the former is removed Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Align with Mbed TLS 3.6.0 by adding a new interface pk_ecc.c NOTE: This interface is built around the idea of fallback-to-ECP_C which likely needs to be resolved in a change of this file in Mbed TLS distribution, because of conflicting ideas on what should be happening in a pure configuration of crypto (only using PSA crypto, not enabling anything in legacy) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Removal of unsupported algorithms in nRF Connect SDK: -ARC4 -ARIA -CAMELLIA -DES -SM3 -SM4 -SHAKE256_512 -RIPEMD160 -MD2 -MD4 -AES OFB - AES Output Feedback blockcipher -AES CFB - AES Cipher Feedback blockcipher -FFDH -DH -AES CBC MAC -Removal of deprecated configurations for ECC, RSA, SPAKE2P and SRP key pair (use IMPORT, EXPORT, GENERATE and DERIVE) -Adjusting Bluetooth Fast Pair to set ECC IMPORT, EXPORT, GENERATE and DERIVE key types (KEY_PAIR removed) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-PSA_WANT_KEY_TYPE_ECC_KEY_PAIR is deprecated in Mbed TLS and Bluetooth Fast Pairh have been enabling PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT for key type support. This commit adds the remaining (required): -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Adding config PSA_WANT_TYPE_SPAKE2P_KEY_PAIR_GENERATE -Adding config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This orders the configuration according to upstream Zephyr and Mbed TLS code on PAKE and RSA in the following order _IMPORT _EXPORT _GENERATE _DERIVE Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit adds more TLS/DTLS related configurations for the PSA Crypto oriented build-strategy. It's intent is to enable TLS/DTLS using PSA crypto by default while e.g. supporting PEM file input in NS world. -Removes a default y if BUILD_WITH_TFM for NORDIC_SECURITY_BACKEND -Add MBEDTLS_BASE64_C, MBEDTLS_ASN1_WRITE_C and MBEDTLS_ASN1_PARSE_C as prompt-less configurations that is enabled if PEM is enabled -Removed some dependencies for MBEDTLS_CIPHER_C to ensure it is only enabled when MBEDTLS_LEGACY_CRYPTO_C is enabled -Default enable MBEDTLS_PK_C when MBEDTLS_TLS_LIBRARY is enabled -Added dependencies for MBEDTLS_PK_WRITE_C/MBEDTLS_PK_PARSE_C towards MBEDTLS_PK_C being enabled -Added generation of aforementioned legacy configs for the PSA crypto centric configuration when SPM (TF-M secure image) is not enabled -Enabled X.509 in PSA crypto configuration scope (possible post Mbed TLS 3.6.0 addition, ensuring MBEDTLS_PSA_CRYPTO_CLIENT being properly supported... Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Removing the following ciphers: - Ripemd160 - Aria - Camellia - DES Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-There is a big change in structuring of PSA key attributes with TF-M 2.1. Previously there was a sub-type called "core" inside the PSA key attributes, but this has been swallowed into the top-level structure. This commit removes references to ->core. in code -This code also improves some return-codes to prevent unused variables for a few cases where no crypto drivers are enabled Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
…ASIC -PSA_WANT_KEY_TYPE_XXXX_KEY_PAIR_BASIC is a configuration that previously was used to signal "basic type". It is no longer needed to set this configuration as it is only an internal construct. These has been made prompt-less configuration that is automatically enabled when key type support for _IMPORT, _EXPORT, _GENERATE or _DERIVE is requested -This updates the following project configs: - SUIT - psa_tls overlays for RSA - RSA sample Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit improves generation of nrf-config.h which can be built either using PSA crypto or legacy crypto as starting-point. It enables more legacy/platform configurations in case PSA crypto is favored, to ensure that we can split the files: - nrf-config.h: Legacy and platform configurations - nrf-psa-crypto-config.h: PSA_WANT_ALG_XXXX etc. - nrf-psa-crypto-user-config: PSA_NEED_XXXX -Changed platform defines generation using the macro kconfig_check_and_set_base_to_one to kconfig_check_and_set_base. This ensures defines are set to be used for cmakedefine without value for standard configurations in Mbed TLS config. PSA_WANT_ALG_XXX etc. are the only ones that need to use kconfig_check_and_set_base_to_one as it is using #define SOME_DEFINE 1 and have #if checks based on the value -Adding nrf_config.cmake used by PSA crypto generation -Removing all legacy TLS/DTLS and and platform defines from psa_crypto_config.cmake. These are moved to nrf_config.cmake NOTE: This will be renamed to psa_crypto_user_config.cmake in a later commit as this will have PSA_NEED_XXXX configurations only! -Minor adjustments to comments in psa_crypto_want_config.cmake -Auto-enable MBEDTLS_PSA_CRYPTO_CONFIG to legacy_crypto_config.h.template to favor using MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -Fix include-guards for psa_crypto_want_config.h so it fits for the coming rename of this file. We are now using the standardized definition PSA_CRYPTO_CONFIG_H found in Mbed TLS code and TF-M -Simplified the content of nrf-config.h.template. This now contains Platform, _ALT and TLS/DTS and X.509 and cipher-suites. Note: This addition adds a guard against enabling TLS/DTLS and X.509 in TF-M SPM and ARoT builds -The include guard in nrf-config.h.template is changed from MBEDTLS_CONFIG_PSA_H to MBEDTLS_CONFIG_FILE_H to reuse the guard found in Mbed TLS and TF-M .Removing legacy, platform and TLS/DTLS and X.509 configurations from psa_crypto_config.h.template. This is now provided by the generated nrf-config.h file -Changed the include-guard for psa_crypto_config.h.template to the standardized PSA_CRYPTO_USER_CONFIG_H used in TF-M and Mbed TLS. This file has PSA_NEED_XXXX and will be renamed to state that this is a PSA crypto user config file in a later commit Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit introduces using a standardized construct in TF-M
to add configurations that gets loaded through a CMake file that
is passed to TF-M build.
-The configurations passed to TF-M is generated from config_extra.cmake.in
which is passed with configure_file from Zephyr to inject static
configurations that is necessary for building with/without TF-M
and within TF-M's code as well as being compatible with nrf_security
-config_extra.cmake will be generated with the following:
-Static paths for folders relevant for TF-M and non TF-M build
-nrfxlib folder
-nrf_security root folder
-Oberon PSA core module directory
-Arm Mbed TLS module directory
-PSA_CRYPTO_EXTERNAL_CORE, which is a signal that a PSA core external
to TF-M is intended to be built
-Static names to Mbed TLS (and PSA crypto) configurations, without
full path that is used both inside and outside of TF-M
-MBEDTLS_CONFIG_FILE
-MBEDTLS_PSA_CRYPTO_CONFIG_FILE
-MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
-Paths to generated folders for configurations in two sets according
to what is the usage:
-PSA_CRYPTO_CONFIG_INTERFACE_PATH: Interface configurations used by
ARoTs in TF-M image, and in Zephyr NS image in a TF-M enabled builds
-PSA_CRYPTO_CONFIG_LIBRARY_PATH: Library configurations used by
the actual build of crypto (TF-M crypto services in PRoT) or
Mbed TLS and PSA core build in secure-only builds (no TF-M)
-Additional state configurations relevant for external core build
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This adds use of the generated crypto_extra.cmake file used to pass -This is added both in TF-M and in Zephyr builds as it simplifies path-handling for both cases in nrf_security. -This commit removes versions of CMake variables for paths in both entry points to building nrf_security (nrf_security/CMakeLists.txt and nrf_security/tfm/CMakeLists.txt) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-tfm_plat_get_huk and tfm_plat_get_iak APIs have changed a parameter from size_t to psa_key_bits_t. This commit aligns the APIs with TF-M 2.1 Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Removing the Nordic-internal configuratio PSA_WANT_GENERATE_RANDOM for TFM_PARTITION_INITIAL_ATTESTATION, under the assumption that random generator is a default-enabled feature in a standard system Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-TF-M has no active support for out-of-tree builds of PSA core, and they have decided to place every PSA core (and interface file) in a common folder that we will have problem to use directly, as it conflicts with changed files on our end or files provided by the Oberon PSA core. This commit likely will be adjusted at some later point, but it tries to control include-order towards our replacement files and our strategy of handling generated crypto configurations for the build of the PSA interface and the library containing crypto support -This commit relies on the CMake variable PSA_CRYPTO_EXTERNAL_CORE which is added as a [nrf noup] in TF-M -This commit adds external_core.cmake which handles the following: - Ensure includes happen right after TF-M creates library targets to ensure that include-order dependency is resolved for taking in out-of-tree include folder from nrf_security, generated config file folder, Oberon PSA core include folders and out-of-tree addition of Arm Mbed TLS distribution (include and library folder) - Ensure that the generated config files (configured in NCS) are propagated to the TF-M build and is used for every library that depends on either PSA interface or library version of these -This commit adds external_core_install.cmake which will be used instead of the TF-M install target for specific PSA interface files. -Adding lots of files from TF-M tree into nrf_security include folder. nrf_security/include is added early in the include order to override equivalently named files from Arm Mbed TLS distribution in the PSA interface usage Note: It is frustrating that TF-M is include order dependent, and parts of the work to fix this will go towards ensuring that this is not in effect in upstream TF-M code. The files copied here are unfortunate and is only done to accelerate TF-M 2.1 integration... Please see NCSDK-XXXXX for details on how to fix this in upstream TF-M ref: NCSDK-XXXXX Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This adjusts the out-of-tree file used for TF-M builds to adjust the PSA crypto APIs symbol names for crypto service build (prefixed with e.g. mbedcrypto__ to not collide with the PSA crypto APIs calls made from any other service and/or testing done from inside TF-M image. -This includes additions for PAKE APIs currently not supported in TF-M Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This resolves an issue transferring compiler-flags and linker-options aggregated from TF-M build into all libraries built by nrf_security. The libraries psa_crypto_config and psa_crypto_library_config was chosen as this would previously be used by the now removed mbedcrypto_common, but this has been erased. By setting the compiler- flags and linker-options to these targets we ensure that the right floating-point configurations are used when building and linking with crypto-libraries Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit adds usage of psa_crypto_config and psa_crypto_config_library and it is a major refactoring on the PSA core in build -Previously we have made choices on whether or not to build specific features dependent on CMake variables constructed by nrf_security (BUILD_INSIDE_TFM and/or COMPILE_PSA_APIS). These have been removed in favor of the standard signals that exists in Mbed TLS and TF-M (MBEDTLS_PSA_CRYPTO_SPM and MBEDTLS_PSA_CRYPTO_C). This commit tries to fix a technical debt issue of using multiple competing signals for the same meaning. From this commit on, the standard signals will be used in all cases. -Added early exit in PSA crypto core build in case MBEDTLS_PSA_CRYPTO_C is not set (meaning it doesn't need to be built) -Added an early exit in all PSA driver build in case MBEDTLS_PSA_CRYPTO_C is not set (meaning it doesn't build the PSA core and no drivers are needed) -Adding cmake/generate_configs.cmake that includes macros generate_mbedcrypto_interface_configs and generate_mbedcrypto_library_configs which is used to ensure -Adding macros to store/restore specific configurations that needs to be changed depending on whether you have an interface build or a library build (generated in two sets) -Removing Kconfig GENERATE_MBEDTLS_CFG_FILE as it is unsupported -Removing MBEDTLS_USER_CONFIG_FILE as we are now using MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -Changing the default names for Mbed TLS config files according to the generated files named earlier in this commit-message -Removed all references to mbedcrypto_common which was used to transfer information both to PSA crypto interface and library build. This is now handled by psa_crypto_config and psa_crypto_library_config Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Creating named library: oberon_psa_core
-Creating libraries for PSA crypto drivers:
-cracen_psa_driver
-oberon_psa_driver
(nrf_cc3xx and nrf_cc3xx_platform are skipped as these come pre-built
and are only linked in to the new oberon_psa_core library)
-Make all drivers reference the new target psa_crypto_library_config
both for include-folders and for configurations
-Make oberon_psa_core link to every PSA crypto driver
-Make all warning-disablement private to the relevant drivers
-Adding NRF_RNG entropy driver to oberon_psa_core (was ${mbedcrypto_target}
-Removing CONFIG_NRF_SECURITY_LEGACY_AND_PSA as it is now possible
to configure both PSA crypto and at the same time enable legacy
configurations by enabling by setting MBEDTLS_LEGACY_CRYPTO_C
-Making PSA crypto driver CMake only relevant for PSA crypto drivers
instead of doing this as well as legacy support
-Fix coding standard in all driver CMake logic
-Move interrupts.c addition for CRACEN internal to the sxsymcrypt runtime
-Simplified oberon_psa_driver and cracen_psa_driver CMake logic so
it has a unified look-and-feel and don't infer e.g. TF-M builds
-Made PSA_CRYPTO_DRIVER_CRACEN default enabled
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This removes a dependency for MBEDTLS_CIPHER_C if TLS is enabled Now only MBEDTLS_MD_C is a legacy dependency for this module Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Some out-of-tree files from Mbed TLS have been kept in nrf_security to get around issues with compiler warnings for unused functions and symbols and to remove unnecessary code when nrf_oberon is in use and is providing the Mbed TLS legacy support. This commit removes unused files (changed earlier) as well as finally removing aes.c and aes_oberon.c from the build as these are no longer needed. We now use Mbed TLS sources for most use-cases... Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Add support for threading in PSA core to align with Mbed TLS 3.6.0 Mbed TLS 3.6.0 requires 3 mutex-symbols being globally accessible: - mbedtls_threading_key_slot_mutex - mbedtls_threading_psa_globaldata_mutex - mbedtls_threading_psa_rngdata_mutex Note: This is not used when CryptoCell is enabled, which has a different solution for threading support available in platform integration files found in nrfxlib. Note: This commit will likely be replaced with a implementation upstream, but is added here temporarily Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Enabling CONFIG_MBEDTLS_SSL_CLI_C for psa_tls sample This seems required to be set after Mbed TLS 3.6.0... Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit contains coding-standard fixes for CMake. This doesn't change any functionality Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Ensure MBEDTLS_THREADING_C is enabled when either CC3XX_BACKEND or PSA core is enabled. Enabling this will only happen when the core is built in secure-only builds. TF-M circumvents threading in its build -Ensure MBEDTLS_THREADING_ALT is set -Ensure MBEDTLS_BASE64_C is enabled always to simplify adding support for PEM (parse and write -Adding Kconfig MBEDTLS_OID_C so it can be generated in nrf-config.h both when building PSA centric and with MBEDTLS_LEGACY_CRYPTO_C enabled -Enabling MBEDTLS_ASN1_WRITE_C/MBEDTLS_ASN1_PARSE_C additionally when MBEDTLS_USE_PSA_CRYPTO is set for X.509 support -Remove MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT depending on !BUILD_WITH_TFM -Remove default enablement of MBEDTLS_LEGACY_CRYPTO_C when BUILD_WITH_TFM is set -Ensure all legacy configurations aren't built when PSA crypto is used (using the Zephyr Kconfig PSA_CRYPTO_CLIENT to test) -Resolve PSA_WANT_ALG_XXXX and PSA_WANT_KEY_TYPE_XXXX from all enabled legacy crypto configurations Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
This will be re-enabled when sdl2 is added to toolchain. Signed-off-by: Thomas Stilwell <Thomas.Stilwell@nordicsemi.no>
-Fixes issues on nRF54L15 devices (uses CRACEN) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Added this sample scenario to quarantine. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
Fix build error by including missing file mbedtls_config.h. Signed-off-by: Simen S. Røstad <simen.rostad@nordicsemi.no>
Enable WIFI_NRF70 only for Wi-Fi builds Signed-off-by: Simen S. Røstad <simen.rostad@nordicsemi.no>
-Setting the flag was missing Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Added regression trying to fix tfm_hello_Word. This commmit fixes it Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
New failures from upmerge Signed-off-by: Maciej Perkowski <Maciej.Perkowski@nordicsemi.no>
The flash_thread is using a colliding name when registering with the log module LOG_MODULE_REGISTER(flash, LOG_LEVEL_INF). Update name to flash_thd to avoid naming collision. Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
Update the nrf7002 in the thingy91x board to match upstream dts model. Additionally add COEX model of nrf700x for use with for example cpunet. Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
Ignore the min heap requirements for Wi-Fi. Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
github-actions
bot
added
doc-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:more detailsGithub labels
List of changed files detected by CI (0)Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
for upmerge