Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

subsys nrf_security: add nrf92 devices to security and cracen config #19558

Closed
wants to merge 1 commit into from
Closed

subsys nrf_security: add nrf92 devices to security and cracen config #19558

wants to merge 1 commit into from

Conversation

ayla-nordicsemi
Copy link
Contributor

These changes aim to allow using cracen cryptographic features on nrf92 devices.
These changes are required to allow accessing built-in keys using psa over cracen driver.

@ayla-nordicsemi ayla-nordicsemi self-assigned this Dec 16, 2024
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Dec 16, 2024
@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from 478babb to b9062a2 Compare December 16, 2024 13:22
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 16, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 7

Inputs:

Sources:

sdk-nrf: PR head: 410e31d606e8733399a82a85da667e8556123541

more details

sdk-nrf:

PR head: 410e31d606e8733399a82a85da667e8556123541
merge base: 529429bc90946738df1f2f612a1d9d9a4f27ccd2
target head (main): 0cccc03fa18953e2d9ba7c07c9e0fe42b01af04f
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (3) 
subsys
│  ├── nrf_security
│  │  ├── Kconfig
│  │  ├── src
│  │  │  ├── drivers
│  │  │  │  ├── cracen
│  │  │  │  │  │ Kconfig
│  ├── sdfw_services
│  │  ├── services
│  │  │  ├── psa_crypto
│  │  │  │  │ Kconfig

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • 🟠 Toolchain
  • 🟠 Build twister
  • 🟠 Integration tests
    • 🟠 test-fw-nrfconnect-chip
    • 🟠 test-fw-nrfconnect-nrf_crypto
    • 🟠 test-fw-nrfconnect-tfm
    • 🟠 test-sdk-find-my
    • 🟠 test-sdk-sidewalk
    • 🟠 test-sdk-dfu
    • ⚠️ test-fw-nrfconnect-nrf-iot_cloud
    • ⚠️ test-sdk-dfu
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-thread
    • test-fw-nrfconnect-zigbee
    • test-low-level
    • test-sdk-audio
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@ayla-nordicsemi ayla-nordicsemi mentioned this pull request Dec 16, 2024
Open
@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from b9062a2 to 02cd81a Compare December 18, 2024 14:55
@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from 02cd81a to da33b03 Compare January 9, 2025 15:32
jonathannilsen
jonathannilsen reviewed Jan 14, 2025
View reviewed changes
subsys/sdfw_services/services/psa_crypto/Kconfig
@@ -5,7 +5,7 @@
#

service_name = PSA_CRYPTO
service_default_enabled = n
service_default_enabled = y
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this change required?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be removed as it is not part of this PR changes, I will add it to this one #19561 as it relies on PSA_CRYPTO services to perform the signing of Json Web Tokens.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonathannilsen is it possible to activate this flag for an sdk-nrf sample using the prj.conf file ?
you are right about activating this by default actually doesn't make sense.

subsys/nrf_security/src/drivers/cracen/Kconfig Outdated
@@ -5,7 +5,7 @@
#

config CRACEN_HW_PRESENT
def_bool SOC_SERIES_NRF54LX
def_bool (SOC_SERIES_NRF54LX || SOC_SERIES_NRF92X)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This addition should not be needed I think - it should already be selected by the board

subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig Outdated
Comment on lines 1860 to 1862
depends on SOC_NRF54H20_CPUSEC || \
SOC_NRF9280_CPUSEC || \
SOC_NRF9230_CPUSEC
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be sufficient:

Suggested change
depends on SOC_NRF54H20_CPUSEC || \
SOC_NRF9280_CPUSEC || \
SOC_NRF9230_CPUSEC
depends on SOC_NRF54H20_CPUSEC || SOC_NRF9280_CPUSEC

subsys/nrf_security/src/drivers/cracen/Kconfig Outdated
Comment on lines 19 to 20
depends on (SOC_SERIES_NRF54LX && !SOC_NRF54L20) || SOC_SERIES_NRF54HX || \
(SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_CPUSEC))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would think that this is sufficient:

Suggested change
depends on (SOC_SERIES_NRF54LX && !SOC_NRF54L20) || SOC_SERIES_NRF54HX || \
(SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_CPUSEC))
depends on (SOC_SERIES_NRF54LX && !SOC_NRF54L20) || SOC_SERIES_NRF54HX || \
SOC_SERIES_NRF92X

subsys/nrf_security/Kconfig Outdated
@@ -58,6 +58,7 @@ if NRF_SECURITY

config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
bool
default y if SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_CPUSEC)
Copy link
Contributor

@jonathannilsen jonathannilsen Jan 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
default y if SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_CPUSEC)
default y if SOC_NRF9280_CPUSEC

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CPUSEC should not be referenced in this repo at all

@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from da33b03 to f0ad7cd Compare January 29, 2025 08:36
@ayla-nordicsemi ayla-nordicsemi marked this pull request as ready for review January 30, 2025 13:39
@ayla-nordicsemi ayla-nordicsemi requested review from a team as code owners January 30, 2025 13:39
nordicjm
nordicjm requested changes Feb 3, 2025
View reviewed changes
subsys/nrf_security/Kconfig
@@ -35,7 +35,7 @@ config NRF_SECURITY
depends on SOC_FAMILY_NORDIC_NRF
default y if BUILD_WITH_TFM
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

git commit title should have : not ,

subsys/nrf_security/Kconfig Outdated
@@ -58,6 +58,7 @@ if NRF_SECURITY

config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
bool
default y if SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_CPUSEC)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CPUSEC should not be referenced in this repo at all

subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig Outdated
depends on SOC_NRF54H20_CPUSEC
depends on SOC_NRF54H20_CPUSEC || \
SOC_NRF9280_CPUSEC || \
SOC_NRF9230_CPUSEC
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as above, no mention to CPUSEC

@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from f0ad7cd to 8de8238 Compare February 6, 2025 13:18
@ayla-nordicsemi ayla-nordicsemi force-pushed the add_nrf92_support_to_nrf_security_config branch from 8de8238 to 410e31d Compare February 6, 2025 13:37
@ayla-nordicsemi ayla-nordicsemi changed the title subsys, nrf_security: add nrf92 devices to security and cracen config subsys nrf_security: add nrf92 devices to security and cracen config Feb 6, 2025
@ayla-nordicsemi
Copy link
Contributor Author

ayla-nordicsemi commented Feb 10, 2025
edited
Loading

This pull request is obsolete, the features it aimed to add has been already covered by other pull requests
20107 and secdom/1089.
Closing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonathannilsen jonathannilsen jonathannilsen left review comments

@nordicjm nordicjm nordicjm requested changes

@hakonfam hakonfam Awaiting requested review from hakonfam

@parttimaa parttimaa Awaiting requested review from parttimaa

@mparpala mparpala Awaiting requested review from mparpala

Assignees

@ayla-nordicsemi ayla-nordicsemi

Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ayla-nordicsemi @NordicBuilder @nordicjm @jonathannilsen