From bdec5fd36f56f445c673ac14f9f09377b66ba49b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Duda?= <lukasz.duda@nordicsemi.no>
Date: Fri, 27 Sep 2024 23:38:57 +0200
Subject: [PATCH] [nrf toup] Implicitly enable PSA crypto driver for given
 platform
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit makes in clear which crypto driver is enabled by default.
Additionally, stack overflow has been fixed for CC3XX variant, and
mbedTLS Heap is disabled for TF-M variant.

Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
---
 config/nrfconnect/chip-module/Kconfig         |  2 +-
 .../nrfconnect/chip-module/Kconfig.defaults   | 24 ++++++++++++-------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/config/nrfconnect/chip-module/Kconfig b/config/nrfconnect/chip-module/Kconfig
index 207e9db54f..e5251902af 100644
--- a/config/nrfconnect/chip-module/Kconfig
+++ b/config/nrfconnect/chip-module/Kconfig
@@ -172,7 +172,7 @@ config CHIP_MALLOC_SYS_HEAP
 
 config CHIP_TASK_STACK_SIZE
 	int "The CHIP (Matter) thread stack size"
-	default 10240 if LTO
+	default 10240 if (LTO || PSA_CRYPTO_DRIVER_CC3XX)
 	default 6144
 	help
 	  Configures the stack size available for the CHIP (Matter) thread.
diff --git a/config/nrfconnect/chip-module/Kconfig.defaults b/config/nrfconnect/chip-module/Kconfig.defaults
index f173fc2a44..276c2f5620 100644
--- a/config/nrfconnect/chip-module/Kconfig.defaults
+++ b/config/nrfconnect/chip-module/Kconfig.defaults
@@ -300,15 +300,13 @@ choice RNG_GENERATOR_CHOICE
     default XOSHIRO_RANDOM_GENERATOR if SOC_SERIES_NRF53X
 endchoice
 
-config OBERON_BACKEND
-    default y
-
 config MBEDTLS_ENABLE_HEAP
-    default y
+    default y if !BUILD_WITH_TFM
+    default n
 
 config MBEDTLS_HEAP_SIZE
     default 8192
-    
+
 # Enable PSA Crypto dependencies for Matter
 
 config CHIP_CRYPTO_PSA
@@ -317,9 +315,15 @@ config CHIP_CRYPTO_PSA
 
 if CHIP_CRYPTO_PSA
 
+config PSA_CRYPTO_DRIVER_OBERON
+    default y if (SOC_SERIES_NRF52X || SOC_SERIES_NRF53X)
+
 config PSA_CRYPTO_DRIVER_CC3XX
     default n
 
+config PSA_CRYPTO_DRIVER_CRACEN
+    default y if SOC_SERIES_NRF54LX
+
 config PSA_WANT_ALG_SHA_224
     default n
 
@@ -335,14 +339,13 @@ config PSA_USE_CC3XX_HASH_DRIVER
 
 endif # PSA_CRYPTO_DRIVER_CC3XX && PSA_CRYPTO_DRIVER_OBERON
 
-# Spake2+ support
-config MBEDTLS_MD_C
-    default y
-
 endif # CHIP_CRYPTO_PSA
 
 if !CHIP_CRYPTO_PSA
 
+config OBERON_BACKEND
+    default y
+
 config NRF_SECURITY_ADVANCED
     default y
 
@@ -355,6 +358,9 @@ config MBEDTLS_CTR_DRBG_C
 config MBEDTLS_CIPHER_MODE_CTR
     default y
 
+config MBEDTLS_MD_C
+    default y
+
 config MBEDTLS_SHA1_C
     default y if CHIP_WIFI