sdk-nrf-upmerge #16860

Updates manifest for upmerge Signed-off-by: Bjarki Arge Andreasen <[email protected]>

-During the last Zephyr upmerge the includes changed from autoconf.h to zephyr/autoconf.h which this commit fixes for the following: - TF-M header for IOCTL API - Out-of-tree device nrf device integration for TF-M - HW unique key library (and sysbuild) - lwm2m_carrier (sysbuild) - Bootloader (Partition Manager) - Netboot (Partition Manager) - Lots of Partition Manager yml files Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-There is a deprecation of "z_arch_esf_t" in favor of using the type "struct arch_esf" that is changed in fault handling code for TF-M. This commit fixes this Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Changed CONFIG_LOG_DOMAIN_ID to Z_LOG_LOCAL_DOMAIN_ID as the former is removed Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Align with Mbed TLS 3.6.0 by adding a new interface pk_ecc.c NOTE: This interface is built around the idea of fallback-to-ECP_C which likely needs to be resolved in a change of this file in Mbed TLS distribution, because of conflicting ideas on what should be happening in a pure configuration of crypto (only using PSA crypto, not enabling anything in legacy) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Removal of unsupported algorithms in nRF Connect SDK: -ARC4 -ARIA -CAMELLIA -DES -SM3 -SM4 -SHAKE256_512 -RIPEMD160 -MD2 -MD4 -AES OFB - AES Output Feedback blockcipher -AES CFB - AES Cipher Feedback blockcipher -FFDH -DH -AES CBC MAC -Removal of deprecated configurations for ECC, RSA, SPAKE2P and SRP key pair (use IMPORT, EXPORT, GENERATE and DERIVE) -Adjusting Bluetooth Fast Pair to set ECC IMPORT, EXPORT, GENERATE and DERIVE key types (KEY_PAIR removed) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-PSA_WANT_KEY_TYPE_ECC_KEY_PAIR is deprecated in Mbed TLS and Bluetooth Fast Pairh have been enabling PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT for key type support. This commit adds the remaining (required): -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE -PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Adding config PSA_WANT_TYPE_SPAKE2P_KEY_PAIR_GENERATE -Adding config PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This orders the configuration according to upstream Zephyr and Mbed TLS code on PAKE and RSA in the following order _IMPORT _EXPORT _GENERATE _DERIVE Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit adds more TLS/DTLS related configurations for the PSA Crypto oriented build-strategy. It's intent is to enable TLS/DTLS using PSA crypto by default while e.g. supporting PEM file input in NS world. -Removes a default y if BUILD_WITH_TFM for NORDIC_SECURITY_BACKEND -Add MBEDTLS_BASE64_C, MBEDTLS_ASN1_WRITE_C and MBEDTLS_ASN1_PARSE_C as prompt-less configurations that is enabled if PEM is enabled -Removed some dependencies for MBEDTLS_CIPHER_C to ensure it is only enabled when MBEDTLS_LEGACY_CRYPTO_C is enabled -Default enable MBEDTLS_PK_C when MBEDTLS_TLS_LIBRARY is enabled -Added dependencies for MBEDTLS_PK_WRITE_C/MBEDTLS_PK_PARSE_C towards MBEDTLS_PK_C being enabled -Added generation of aforementioned legacy configs for the PSA crypto centric configuration when SPM (TF-M secure image) is not enabled -Enabled X.509 in PSA crypto configuration scope (possible post Mbed TLS 3.6.0 addition, ensuring MBEDTLS_PSA_CRYPTO_CLIENT being properly supported... Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Removing the following ciphers: - Ripemd160 - Aria - Camellia - DES Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-There is a big change in structuring of PSA key attributes with TF-M 2.1. Previously there was a sub-type called "core" inside the PSA key attributes, but this has been swallowed into the top-level structure. This commit removes references to ->core. in code -This code also improves some return-codes to prevent unused variables for a few cases where no crypto drivers are enabled Signed-off-by: Frank Audun Kvamtrø <[email protected]>

…ASIC -PSA_WANT_KEY_TYPE_XXXX_KEY_PAIR_BASIC is a configuration that previously was used to signal "basic type". It is no longer needed to set this configuration as it is only an internal construct. These has been made prompt-less configuration that is automatically enabled when key type support for _IMPORT, _EXPORT, _GENERATE or _DERIVE is requested -This updates the following project configs: - SUIT - psa_tls overlays for RSA - RSA sample Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit improves generation of nrf-config.h which can be built either using PSA crypto or legacy crypto as starting-point. It enables more legacy/platform configurations in case PSA crypto is favored, to ensure that we can split the files: - nrf-config.h: Legacy and platform configurations - nrf-psa-crypto-config.h: PSA_WANT_ALG_XXXX etc. - nrf-psa-crypto-user-config: PSA_NEED_XXXX -Changed platform defines generation using the macro kconfig_check_and_set_base_to_one to kconfig_check_and_set_base. This ensures defines are set to be used for cmakedefine without value for standard configurations in Mbed TLS config. PSA_WANT_ALG_XXX etc. are the only ones that need to use kconfig_check_and_set_base_to_one as it is using #define SOME_DEFINE 1 and have #if checks based on the value -Adding nrf_config.cmake used by PSA crypto generation -Removing all legacy TLS/DTLS and and platform defines from psa_crypto_config.cmake. These are moved to nrf_config.cmake NOTE: This will be renamed to psa_crypto_user_config.cmake in a later commit as this will have PSA_NEED_XXXX configurations only! -Minor adjustments to comments in psa_crypto_want_config.cmake -Auto-enable MBEDTLS_PSA_CRYPTO_CONFIG to legacy_crypto_config.h.template to favor using MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -Fix include-guards for psa_crypto_want_config.h so it fits for the coming rename of this file. We are now using the standardized definition PSA_CRYPTO_CONFIG_H found in Mbed TLS code and TF-M -Simplified the content of nrf-config.h.template. This now contains Platform, _ALT and TLS/DTS and X.509 and cipher-suites. Note: This addition adds a guard against enabling TLS/DTLS and X.509 in TF-M SPM and ARoT builds -The include guard in nrf-config.h.template is changed from MBEDTLS_CONFIG_PSA_H to MBEDTLS_CONFIG_FILE_H to reuse the guard found in Mbed TLS and TF-M .Removing legacy, platform and TLS/DTLS and X.509 configurations from psa_crypto_config.h.template. This is now provided by the generated nrf-config.h file -Changed the include-guard for psa_crypto_config.h.template to the standardized PSA_CRYPTO_USER_CONFIG_H used in TF-M and Mbed TLS. This file has PSA_NEED_XXXX and will be renamed to state that this is a PSA crypto user config file in a later commit Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit introduces using a standardized construct in TF-M to add configurations that gets loaded through a CMake file that is passed to TF-M build. -The configurations passed to TF-M is generated from config_extra.cmake.in which is passed with configure_file from Zephyr to inject static configurations that is necessary for building with/without TF-M and within TF-M's code as well as being compatible with nrf_security -config_extra.cmake will be generated with the following: -Static paths for folders relevant for TF-M and non TF-M build -nrfxlib folder -nrf_security root folder -Oberon PSA core module directory -Arm Mbed TLS module directory -PSA_CRYPTO_EXTERNAL_CORE, which is a signal that a PSA core external to TF-M is intended to be built -Static names to Mbed TLS (and PSA crypto) configurations, without full path that is used both inside and outside of TF-M -MBEDTLS_CONFIG_FILE -MBEDTLS_PSA_CRYPTO_CONFIG_FILE -MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -Paths to generated folders for configurations in two sets according to what is the usage: -PSA_CRYPTO_CONFIG_INTERFACE_PATH: Interface configurations used by ARoTs in TF-M image, and in Zephyr NS image in a TF-M enabled builds -PSA_CRYPTO_CONFIG_LIBRARY_PATH: Library configurations used by the actual build of crypto (TF-M crypto services in PRoT) or Mbed TLS and PSA core build in secure-only builds (no TF-M) -Additional state configurations relevant for external core build Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This adds use of the generated crypto_extra.cmake file used to pass -This is added both in TF-M and in Zephyr builds as it simplifies path-handling for both cases in nrf_security. -This commit removes versions of CMake variables for paths in both entry points to building nrf_security (nrf_security/CMakeLists.txt and nrf_security/tfm/CMakeLists.txt) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-tfm_plat_get_huk and tfm_plat_get_iak APIs have changed a parameter from size_t to psa_key_bits_t. This commit aligns the APIs with TF-M 2.1 Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Removing the Nordic-internal configuratio PSA_WANT_GENERATE_RANDOM for TFM_PARTITION_INITIAL_ATTESTATION, under the assumption that random generator is a default-enabled feature in a standard system Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-TF-M has no active support for out-of-tree builds of PSA core, and they have decided to place every PSA core (and interface file) in a common folder that we will have problem to use directly, as it conflicts with changed files on our end or files provided by the Oberon PSA core. This commit likely will be adjusted at some later point, but it tries to control include-order towards our replacement files and our strategy of handling generated crypto configurations for the build of the PSA interface and the library containing crypto support -This commit relies on the CMake variable PSA_CRYPTO_EXTERNAL_CORE which is added as a [nrf noup] in TF-M -This commit adds external_core.cmake which handles the following: - Ensure includes happen right after TF-M creates library targets to ensure that include-order dependency is resolved for taking in out-of-tree include folder from nrf_security, generated config file folder, Oberon PSA core include folders and out-of-tree addition of Arm Mbed TLS distribution (include and library folder) - Ensure that the generated config files (configured in NCS) are propagated to the TF-M build and is used for every library that depends on either PSA interface or library version of these -This commit adds external_core_install.cmake which will be used instead of the TF-M install target for specific PSA interface files. -Adding lots of files from TF-M tree into nrf_security include folder. nrf_security/include is added early in the include order to override equivalently named files from Arm Mbed TLS distribution in the PSA interface usage Note: It is frustrating that TF-M is include order dependent, and parts of the work to fix this will go towards ensuring that this is not in effect in upstream TF-M code. The files copied here are unfortunate and is only done to accelerate TF-M 2.1 integration... Please see NCSDK-XXXXX for details on how to fix this in upstream TF-M ref: NCSDK-XXXXX Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This adjusts the out-of-tree file used for TF-M builds to adjust the PSA crypto APIs symbol names for crypto service build (prefixed with e.g. mbedcrypto__ to not collide with the PSA crypto APIs calls made from any other service and/or testing done from inside TF-M image. -This includes additions for PAKE APIs currently not supported in TF-M Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This resolves an issue transferring compiler-flags and linker-options aggregated from TF-M build into all libraries built by nrf_security. The libraries psa_crypto_config and psa_crypto_library_config was chosen as this would previously be used by the now removed mbedcrypto_common, but this has been erased. By setting the compiler- flags and linker-options to these targets we ensure that the right floating-point configurations are used when building and linking with crypto-libraries Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit adds usage of psa_crypto_config and psa_crypto_config_library and it is a major refactoring on the PSA core in build -Previously we have made choices on whether or not to build specific features dependent on CMake variables constructed by nrf_security (BUILD_INSIDE_TFM and/or COMPILE_PSA_APIS). These have been removed in favor of the standard signals that exists in Mbed TLS and TF-M (MBEDTLS_PSA_CRYPTO_SPM and MBEDTLS_PSA_CRYPTO_C). This commit tries to fix a technical debt issue of using multiple competing signals for the same meaning. From this commit on, the standard signals will be used in all cases. -Added early exit in PSA crypto core build in case MBEDTLS_PSA_CRYPTO_C is not set (meaning it doesn't need to be built) -Added an early exit in all PSA driver build in case MBEDTLS_PSA_CRYPTO_C is not set (meaning it doesn't build the PSA core and no drivers are needed) -Adding cmake/generate_configs.cmake that includes macros generate_mbedcrypto_interface_configs and generate_mbedcrypto_library_configs which is used to ensure -Adding macros to store/restore specific configurations that needs to be changed depending on whether you have an interface build or a library build (generated in two sets) -Removing Kconfig GENERATE_MBEDTLS_CFG_FILE as it is unsupported -Removing MBEDTLS_USER_CONFIG_FILE as we are now using MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE -Changing the default names for Mbed TLS config files according to the generated files named earlier in this commit-message -Removed all references to mbedcrypto_common which was used to transfer information both to PSA crypto interface and library build. This is now handled by psa_crypto_config and psa_crypto_library_config Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Creating named library: oberon_psa_core -Creating libraries for PSA crypto drivers: -cracen_psa_driver -oberon_psa_driver (nrf_cc3xx and nrf_cc3xx_platform are skipped as these come pre-built and are only linked in to the new oberon_psa_core library) -Make all drivers reference the new target psa_crypto_library_config both for include-folders and for configurations -Make oberon_psa_core link to every PSA crypto driver -Make all warning-disablement private to the relevant drivers -Adding NRF_RNG entropy driver to oberon_psa_core (was ${mbedcrypto_target} -Removing CONFIG_NRF_SECURITY_LEGACY_AND_PSA as it is now possible to configure both PSA crypto and at the same time enable legacy configurations by enabling by setting MBEDTLS_LEGACY_CRYPTO_C -Making PSA crypto driver CMake only relevant for PSA crypto drivers instead of doing this as well as legacy support -Fix coding standard in all driver CMake logic -Move interrupts.c addition for CRACEN internal to the sxsymcrypt runtime -Simplified oberon_psa_driver and cracen_psa_driver CMake logic so it has a unified look-and-feel and don't infer e.g. TF-M builds -Made PSA_CRYPTO_DRIVER_CRACEN default enabled Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This removes a dependency for MBEDTLS_CIPHER_C if TLS is enabled Now only MBEDTLS_MD_C is a legacy dependency for this module Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Some out-of-tree files from Mbed TLS have been kept in nrf_security to get around issues with compiler warnings for unused functions and symbols and to remove unnecessary code when nrf_oberon is in use and is providing the Mbed TLS legacy support. This commit removes unused files (changed earlier) as well as finally removing aes.c and aes_oberon.c from the build as these are no longer needed. We now use Mbed TLS sources for most use-cases... Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Add support for threading in PSA core to align with Mbed TLS 3.6.0 Mbed TLS 3.6.0 requires 3 mutex-symbols being globally accessible: - mbedtls_threading_key_slot_mutex - mbedtls_threading_psa_globaldata_mutex - mbedtls_threading_psa_rngdata_mutex Note: This is not used when CryptoCell is enabled, which has a different solution for threading support available in platform integration files found in nrfxlib. Note: This commit will likely be replaced with a implementation upstream, but is added here temporarily Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Enabling CONFIG_MBEDTLS_SSL_CLI_C for psa_tls sample This seems required to be set after Mbed TLS 3.6.0... Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit contains coding-standard fixes for CMake. This doesn't change any functionality Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Ensure MBEDTLS_THREADING_C is enabled when either CC3XX_BACKEND or PSA core is enabled. Enabling this will only happen when the core is built in secure-only builds. TF-M circumvents threading in its build -Ensure MBEDTLS_THREADING_ALT is set -Ensure MBEDTLS_BASE64_C is enabled always to simplify adding support for PEM (parse and write -Adding Kconfig MBEDTLS_OID_C so it can be generated in nrf-config.h both when building PSA centric and with MBEDTLS_LEGACY_CRYPTO_C enabled -Enabling MBEDTLS_ASN1_WRITE_C/MBEDTLS_ASN1_PARSE_C additionally when MBEDTLS_USE_PSA_CRYPTO is set for X.509 support -Remove MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT depending on !BUILD_WITH_TFM -Remove default enablement of MBEDTLS_LEGACY_CRYPTO_C when BUILD_WITH_TFM is set -Ensure all legacy configurations aren't built when PSA crypto is used (using the Zephyr Kconfig PSA_CRYPTO_CLIENT to test) -Resolve PSA_WANT_ALG_XXXX and PSA_WANT_KEY_TYPE_XXXX from all enabled legacy crypto configurations Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-The current upmerge deprecated <zephyr/net/buf.h> and replaces it with <zephyr/net_buf.h>. This change is on HCI, DTM, WIFI, RPC bluetooth and applications (to mention a few) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Suit overrides for MBEDTLS_PSA_CRYPTO and MBEDTLS_ZEPHYR_ENTROPY was missing the Kconfig type and was giving warnings Signed-off-by: Frank Audun Kvamtrø <[email protected]>

This is now part of the Zephyr upstream. Signed-off-by: Chaitanya Tata <[email protected]>

Now that nRF70 support is upstream, switch to upstream hostap. Signed-off-by: Chaitanya Tata <[email protected]>

Upstream driver namespace is renamed from nrf700x -> nrf70. Signed-off-by: Chaitanya Tata <[email protected]>

nRF70 EK shields are now upstreamed. Signed-off-by: Chaitanya Tata <[email protected]>

nRF70 now uses upstream Zephyr WPA supplicant. Signed-off-by: Chaitanya Tata <[email protected]>

Migrate to using Zephyr upstream. Signed-off-by: Chaitanya Tata <[email protected]>

This board is upstreamed to Zephyr. Signed-off-by: Chaitanya Tata <[email protected]>

nRF70 driver is the primary user for kernel heap and already sets a higher value which is typical, but for some configurations e.g., scan-only we need to set it to lower value to optimize memory, so, enable the option to ignore minimum mandated value from driver and instead use the value from the sample. Signed-off-by: Chaitanya Tata <[email protected]>

nRF70 upstream driver now needs more heap, not sure about the cause, but without this OOM messages during boot are seen. Signed-off-by: Chaitanya Tata <[email protected]>

Document changes that affect customer samples or applications. Signed-off-by: Chaitanya Tata <[email protected]>

Update Drivers, Wi-Fi protocols and documentation with notes about upstream migration. Signed-off-by: Chaitanya Tata <[email protected]>

With latest upstream, scan only mode now only works with nRF7000. Signed-off-by: Chaitanya Tata <[email protected]>

These are still unsupported in nRF70 upstream. Signed-off-by: Chaitanya Tata <[email protected]>

Remove the driver header dependency and inline the structures for now, this needs to be properly fixed in the future where nRF70 driver should have public headers. Signed-off-by: Chaitanya Tata <[email protected]>

With the upstream nRF70 driver, the co-ex is not auto-enabled based on the DTS, this was implemented improperly, now user has to explicitly choose to enable co-existence. Signed-off-by: Chaitanya Tata <[email protected]>

Almost all matter samples rely on PM which needs EXT_FLASH support for nRF70 which isn't supported yet, so, Quarnatine them for now. Signed-off-by: Chaitanya Tata <[email protected]>

Thingy is not supported yet for nRF70 companion chips. Signed-off-by: Chaitanya Tata <[email protected]>

Though these platforms are excluded for Wi-Fi tags, twister still fails as this is still part of integration platforms, remove it to fix the twister. Signed-off-by: Chaitanya Tata <[email protected]>

In latest nrfxlib this tag is removed, so, remove the reference to fix the doc build. Signed-off-by: Chaitanya Tata <[email protected]>

As of now the raw mode is couple with system mode which is unsupported for nRF7000, so, remove them. Signed-off-by: Chaitanya Tata <[email protected]>

Shutdown sample assumes default nRF70 mode is scan and doesn't support any other mode. With the migration to upstream scan only is limited to nRF7000 shield, so, remove other combinations. Also, add nRF7000 with 5340 as this was the main usecase for testing this sample. Signed-off-by: Chaitanya Tata <[email protected]>

These overflows are only happening in the CI, locally the same twister command works fine, quarantine them for now, and investigate later. Signed-off-by: Chaitanya Tata <[email protected]>

Removes some Kconfig options that have been added to zephyr Signed-off-by: Jamie McCrae <[email protected]>

-There are breakages in Mbed TLS 3.6.0 addition for legacy configured crypto support. This commit temporarily disable these in favor of focussing on PSA crypto support. Note: This commit may be reverted before the upmerge (with Mbed TLS 3.6.0) is taken in... Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This removes MBEDTLS_CIPHER_MODE_CFB and MBEDTLS_CIPHER_MODE_OFB which is no longer actively supported in nRF Connect SDK Signed-off-by: Frank Audun Kvamtrø <[email protected]>

Add unidiff dependency to requirenments-fixed.txt and add it to the compliance.yml job "Install python dependencies" Signed-off-by: Bjarki Arge Andreasen <[email protected]>

-The upmerge brings in a deprecation of const z_arch_esf_t in favor of struct arch_esf. This commit fixes this for applications, samples and tests in the following domain: -fatal_error library -ipc_radio application -Audio application -Matter diagnostics (used by multiple samples) -fprotect tests -hw_unique_key tests -Audio tests Signed-off-by: Frank Audun Kvamtrø <[email protected]>

Update cryptography from v42.0.5 to v43.0.1 Signed-off-by: Bjarki Arge Andreasen <[email protected]>

The net_buf_put/get is deprecated, align to recommended API. Signed-off-by: Dominik Chat <[email protected]>

The nrf7002eb is now part of sdk-zephyr. Remove out-of-tree shield. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

nrf700x_nrf54h20dk has been replaced by the nrf7002eb and nrf7002eb_interposer_p1 shields along with the nrf70-wifi snippet. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

nrf700x_nrf54h15dk has been replaced by the nrf7002eb and nrf7002eb_interposer_p1 shields along with the nrf70-wifi snippet. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

nrf700x_nrf54l15pdk has been replaced by the nrf7002eb and nrf7002eb_interposer_p1 shields along with the nrf70-wifi snippet. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

Updates the path to the autoconf file as this has changed in Zephyr Signed-off-by: Jamie McCrae <[email protected]>

Add the nrf7002eb_interposer_p1 shield which is connected to P1. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

This snippet is used for nrf54h20 and nrf54l15 boards which are ressource constrained on the cpuapp core, requiring reallocation of sram, rram, and custom kconfig settings to fit the wifi driver onto the cpuapp core. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

Since the addition of sphinx-autobuild support in Zephyr, the ZEPHYR_BUILD variable in conf.py requires knowledge of the HTML build dir from the environment, using DOCS_HTML_DIR. Ref: Zephyr 2e99de80472b80f36303ff85c8ed5d54dfe73ef4 Signed-off-by: Gerard Marull-Paretas <[email protected]> Signed-off-by: Bjarki Arge Andreasen <[email protected]>

-This commit removes selection of PSA_WANT_KEY_TYPE_RSA_KEY_PAIR for TF-M tests as this is no longer a Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This adds a dummy OTP element in include/tfm/platform_otp_ids.h which is a file that is only used when TFM_PROFILE_TYPE_MINIMAL is set. It was added as TF-M 2.1 references this directly in the psa_api.c file. Note that calling to retrieve the LCS will always report "TFM_PLAT_ERR_UNSUPPORTED" as dummy_otp.c is enabled in this case. This commit is only fixing a build issue Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Cleaning up PSA driver and core CMake logic -This fixes missing link to nrfx.h in CRACEN PSA crypto library (fixup of commit eccaa21) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Removing a compilationg warning Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! tf-m: Add support for building PSA core externally -This commit changes to install the PSA crypto interface config files to the TF-M install target, for use by Zephyr when TF-M is enabled -This commit prevents the interface-config (required for main app and NS image build in TF-M) from being enabled in any library build by using generator expressions in nrf_security_add_zephyr_options to filter out of the list that gets retrofitted into nrf_security libraries -This commit removes unneeded duplications of includes for ${mbedcrypto_target} which is already available in mbedcrypto_Base (fixup of commit 6791e0a) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Adding threading support for PSA core -This commit changes from threading/CMakeLists.txt to threading/threading.cmake to ensure that include can be used instead of add_subdirectory. This is necessary to keep the variables used to pass to build the mbedcrypto lib working inside and outside -Added support for the faux no threading suppport mode by reusing the nrf_security_mutexes.h API -Adding init/free to nrf_security_mutexes.h APIs Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-TF-M renames the mbedcrypto target and previously it was also needed to rename mbedx509 and mbedtls (TLS/DTLS library). TF-M no longer builds this so we can use the standard names instead of keeping the aforementioned targets as CMake variables -Changing ${mbedx509_target} => mbedx509 -Changing ${mbedtls_target} => mbedtls Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit moves some TLS-dependent APIs into ${mbedcrypto_target} as they are required for PSA to legacy conversions e.g. using psa_util.c APIs. Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Cleaning up PSA driver and core CMake logic -This improves include paths (putting things closer to where they are generated/imported -This ensures that legacy-world gets access to the include folders for nrf_cc3xx_platform and oberon imported libs without depending on PSA core build -This removes some return-guards which may be considered to be added on again (to resolve a CMake/linking issue) (fixup of commit fc0112a) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Adding threading support for PSA core (fixup of commit 0667ab2= Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit adds nrf_security_add_zephyr_options_library which adds includes from the zephyr_interface without PSA crypto interface configurations (include-folder addition where nrf-crypto.h is added) -Moving calls to nrf_security_add_zephyr_options closer to where the libraries are built (cleanup) -Made Oberon, CRACEN and core use nrf_security_add_zephyr_options_library Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: PSA core: Add psa_crypto_config and psa_crypto_library_config (fixup of commit cbf737a) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

until post-Breathe era becomes a reality. Ref: nrfconnect#17251 Signed-off-by: Gerard Marull-Paretas <[email protected]>

…ackend fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This enables MBEDTLS_PSA_CRYPTO_KEY_ENCODES_OWNER to allow for NORDIC_SECURITY_BACKEND being used as a configuration when building with TF-M (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This commit ensures that md/pk etc. is not added when building inside TF-M. There is a define called MBEDTLS_PSA_CRYPTO_SPM that is used as a signal that the SPM partition is going to be buitl, but unfortunately this configuration is too vague in our current build (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Adding threading support for PSA core -This resolves an issue with CRACEN builds where trying to get a proper link to kernel involves using kernel library by full path to avoid issues in build. -Make includes local for nrf_security_mutexes/events -Establish nrf_security_utils library to localize the issue and to try to find a better way to resolve this in the future Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This commit is unfortunate, but it is required as there is no cleanliness to legacy symbols in non SPM targets in TF-M. This commit can be changed with a properly supported BUILD_INSIDE_TFM or similar signal (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Cleaning up PSA driver and core CMake logic -This commit resolves some path-issue with HUK library where APIs internal to PSA crypto is required to be accessible in PSA crypto interface scope. Exposing the CRACEN API towards NCS libraries is currently unavoidable. (fixup of commit fc0112a) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

This is requires because sample documentation uses the table-from-sample-yaml directive. Signed-off-by: Gerard Marull-Paretas <[email protected]>

Zephyr has increased usage of :zephyr:code-sample:, also some have changed their name. Signed-off-by: Gerard Marull-Paretas <[email protected]>

Redirects are now validated against all available documents within a docset, so we cannot have random redirects to external docsets. Delete entries which were crossing boundaries, these will need to be handled manually somewhere else. Signed-off-by: Gerard Marull-Paretas <[email protected]>

Fix ieee802154/802154_rpmsg path in CMake and sysbuild conf. Signed-off-by: Dawid Przybylo <[email protected]>

Align the usage of net_buf_put/get to use k_fifo_put/get as recommended per Zephyr upstream. Signed-off-by: Dominik Chat <[email protected]>

fixup! tf-m: Add support for building PSA core externally -This adds include for /nrf/include/tfm which has a file used for builtin key support. This is using the same mechanism as other types of paths passed to TF-M (fixup of commit 96a5924) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Adding threading support for PSA core -This commit ensures the appropriate linking from nrf-security_utils to libraries in tf-M related to low-level OS integration like the addition of __assert.h and the debvug log used whe asserts happen -This commit also moves nrf_security_utils into private scope for mbedcrypto-base and cracen PSA crypto library Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This fixes build warnings for certain samples for BLE Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: legacy: Enable more PSA core/crypto awareness -This commit enabled MBEDTLS_WANT_KEY_TYPE_AES for any cipher-usge (by select) -This commit resolves PSA_WANT_ALG_ECB_NO_PADDING when MBEDTLS_CMAC_C is set -The changes is made to conform with check_config.h (fixup of commit 39f2cbc) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Cleaning up PSA driver and core CMake logic -This commit changes link dependency on nrf_cc3xx_core_imported towards psa_crypto_config (was _config_library) to prevent propagation of multiple sets of configs -Same also done for mbedcrypto-oberon_mbedtls_imported Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-Changed z_reserve_fd => zvfs_reserve_fd -Changed z-free_fd => zvfs_free-fd -Changed z_finalize_fd => zvfs_finalize-fd -Bonus points: fixed comments referencing the non-existent APIs, as well Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-One of the structures in this file was using K_THREAD_STACK_MEMBER which didn't exists. Added a define to point to K_KERNEL_STACK_MEMBER in the header-file to resolve some build issues Signed-off-by: Frank Audun Kvamtrø <[email protected]>

Aligned the Softdevice controller with the BT_CTLR_CRYPTO_SUPPORT Kconfig from upstream. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

-This enables two missing configurations for this test: CONFIG_MBEDTLS_SHA256_C CONFIG_MBEDTLS-LEGACY_CRYPTO_C Signed-off-by: Frank Audun Kvamtrø <[email protected]>

-This commit allows unused functions for Oberon PSA crypto driver Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: legacy: Enable more PSA core/crypto awareness -Resolving PSA_WANT_ALG_STREAM_CIPHER if MBEDTLS_CHACHA20_C is set (fixup of commit 39f2cbc) Signed-off-by: Frank Audun Kvamtrø <[email protected]>

fixup! crypto: Cleaning up PSA driver and core CMake logic -PRIVATE doesn't work for target_sources Signed-off-by: Frank Audun Kvamtrø <[email protected]>

`CONFIG_SPI_NOR_IDLE_IN_DPD` doesn't exist anymore. `CONFIG_PM_DEVICE_RUNTIME` enables its previous behavior, which is now tunable with `CONFIG_SPI_NOR_ACTIVE_DWELL_MS`. Signed-off-by: Tomi Fontanilles <[email protected]>

Remove the `noreturn` attribute from functions because functions they call (e.g. `nrf_regulators_system_off()`) miss it. Signed-off-by: Tomi Fontanilles <[email protected]>

Add block_cipher.c to fix undefined references to functions in there. Signed-off-by: Tomi Fontanilles <[email protected]>

Make it select PSA_WANT_ALG_HMAC as the latter is a requirement of the former. Signed-off-by: Tomi Fontanilles <[email protected]>

With the default-enabled Mbed TLS Kconfig options having been reduced in Zephyr, it's now necessary to manually enable them. Signed-off-by: Tomi Fontanilles <[email protected]>

in-polling-rate has been renamed in-polling-period-us, adapt nrf overlays to reflect this. Signed-off-by: Bjarki Arge Andreasen <[email protected]>

Add usbd descriptions to the usbd configs in usb_init_next_usbd_init() Signed-off-by: Bjarki Arge Andreasen <[email protected]>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sdk-nrf-upmerge #16860

sdk-nrf-upmerge #16860

Commits on Sep 19, 2024

sdk-nrf-upmerge #16860

Are you sure you want to change the base?

sdk-nrf-upmerge #16860

Commits on Sep 19, 2024