nrf_security: Added support for PSA Crypto service #14923
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
osaether
requested review from
frkv,
Vge0rge,
vili-nordic,
SebastianBoe and
mswarowsky
as code owners
github-actions
bot
added
the
changelog-entry-required
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
| psa_status_t psa_crypto_init(void) | ||
| { | ||
| return ssf_psa_crypto_init(); | ||
| } |
There was a problem hiding this comment.
In TF-M this function looks like this:
could we do the same optimization here?
Just return PSA_SUCCESS here. And have SDFW invoke psa_crypto_init before it boots the local domain?
osaether
force-pushed
the
psa_crypto_service
branch
from
d80f1ed to
a90a9ce
Compare
osaether
changed the title
osaether
force-pushed
the
psa_crypto_service
branch
from
a90a9ce to
93ed582
Compare
|
Do you need to rebase on top of #14883 ? Since this is the version secdom is pulling in. |
osaether
changed the title
osaether
force-pushed
the
psa_crypto_service
branch
3 times, most recently
from
89a682d to
b6a5119
Compare
osaether
requested review from
anhmolt,
hakonfam and
jonathannilsen
as code owners
subsys/sdfw_services/services/psa_crypto/zcbor_generated/psa_crypto_service_encode.c
Show resolved
Hide resolved
osaether
force-pushed
the
psa_crypto_service
branch
8 times, most recently
from
d453ad1 to
dfe2a6b
Compare
osaether
force-pushed
the
psa_crypto_service
branch
2 times, most recently
from
b9d39be to
1574b17
Compare
hakonfam
approved these changes
Apr 22, 2024
osaether
force-pushed
the
psa_crypto_service
branch
4 times, most recently
from
1dbaaf6 to
bafef3f
Compare
mswarowsky
reviewed
Apr 22, 2024
|
|
||
| config PSA_CORE_DISABLED | ||
| bool | ||
| prompt "PSA core-less for SSF crypto client support" |
There was a problem hiding this comment.
Do we want this user configurable?
wouldn't it be better to set default y with depends on PSA_SSF_CRYPTO_CLIENT
Added support for PSA Crypto service -Adding configuration PSA_SSF_CRYPTO_CLIENT for a local domain build which enables PSA core-less build where ssf_crypto provides the PSA crypto APIs directly. -Adding Kconfig in PSA_CORE choice: PSA_CORE_DISABLED when SSF_CLIENT is enabled which provides PSA crypto built into the SDFW image. -Enabling MBEDTLS_PSA_CRYPTO_SPM for builds when SSF_SERVER is enabled (zephyr based build with no TF-M in SDFW). -Add MBEDTLS_USE_PSA_CRYPTO for legacy build to ensure it is using PSA APIs based on SSF_CLIENT enabled. -Add logic to give SSF_CLIENT access to the psa/crypto.h from Oberon without building the PSA core locally. -Add logic to consider both BUILD_WITH_TFM or SSF_CLIENT as something that provides PSA crypto services as a client. Ref: NCSDK-15632 Signed-off-by: Ole Sæther <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
osaether
force-pushed
the
psa_crypto_service
branch
from
bafef3f to
731ac29
Compare
|
Superseded by this: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for PSA Crypto service
-Adding configuration PSA_SSF_CRYPTO_CLIENT for a local domain build
which enables PSA core-less build where ssf_crypto provides the
PSA crypto APIs directly.
-Adding Kconfig in PSA_CORE choice: PSA_CORE_DISABLED when SSF_CLIENT
is enabled which provides PSA crypto built into the SDFW image.
-Enabling MBEDTLS_PSA_CRYPTO_SPM for builds when SSF_SERVER is enabled
(zephyr based build with no TF-M in SDFW).
-Add MBEDTLS_USE_PSA_CRYPTO for legacy build to ensure it is using
PSA APIs based on SSF_CLIENT enabled.
-Add logic to give SSF_CLIENT access to the psa/crypto.h from Oberon
without building the PSA core locally.
-Add logic to consider both BUILD_WITH_TFM or SSF_CLIENT as something that
provides PSA crypto services as a client.
Ref: NCSDK-15632