DNM: Testing out PSA init in PRE_KERNEL_1 ncs #2447
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Jan 24, 2025
NordicBuilder
added
manifest
manifest-zcbor
manifest-hal_ambiq
manifest-hal_wurthelektronik
manifest-hal_wch
manifest-mcuboot
manifest-hal_nordic
manifest-open-amp
manifest-hal_adi
manifest-nrf_hw_models
manifest-nanopb
manifest-hal_nxp
manifest-sof
manifest-hostap
manifest-hal_silabs
manifest-cmsis-dsp
manifest-hal_tdk
manifest-hal_intel
manifest-segger
manifest-nrf_wifi
manifest-hal_ethos_u
manifest-percepio
manifest-hal_infineon
manifest-hal_espressif
manifest-hal_st
manifest-tf-m-tests
labels
Allowed toolchains was not set in 'board' metadata causing those to not build and get filtered. Fixes #83792 Signed-off-by: Anas Nashif <anas.nashif@intel.com> (cherry picked from commit 1f48740)
… handling Move enabling of counter to the test instead of test setup. Test may be skipped in some configurations and in that case counter shall not be started so by moving setup to the test code allows skipping test before counter is started. Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no> (cherry picked from commit 1ee434a)
…e PM uart120 requires device runtime to be enable. Enable it for nrf54h20dk. When device runtime PM is used for interrupt driven and polling API then UART device is initially suspended. It means that RX is disabled. In order to enable RX device must be explicitly resumed using PM API. Test is enabling UART RX (uart_rx_enable) from counter callback (interrupt handler context). For fast instance on nrf54h20dk (uart120) it is not allowed because PM resume can only be called from the thread context. Because of that, test is skipped for uart120 and asynchronous API. Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no> (cherry picked from commit cc12f65)
Add check for MBO feature before including the source file. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 0953ea0)
Zephyr introduced postive feature flags to make advanced features conditional but the upstream has followed a negative feature flag for advanced features, and during upmerge these two weren't reconciled. Fix the build in case advanced features are disabled. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit d909634)
…ed features This feature is handy to free up some memory, so, make sure it always builds. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 7532e73)
Default is always disabled. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 819acf1)
Fixes build issue when WMM AC feature is disabled. Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no> (cherry picked from commit 2350b6b)
Remove the HCI command & event emulation layer for ECDH commands and events. This means that we always do the necessary operations in the host. The existing BT_ECC Kconfig option stays, but now gets automatically enabled when necessary (e.g. based on the BT_SMP option), which is why this commit removes so many explicit assignments in prj.conf files. Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com> (cherry picked from commit 09e86f3)
This option only exposes internal APIs, so there should be no need to allow applications to set an explicit value. Instead, users of the API should select it through Kconfig. Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com> (cherry picked from commit d3c8cb4)
Mention the removed prompt for BT_ECC in the migration guide, and also add a note about the removed HCI emulation layer to the release notes. Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com> (cherry picked from commit b3c6151)
-liblc3 added a library-internal path to zephyr_interface containing a file that collides with common.h required e.g. by Mbed TLS This commit fixes build-issues by making this include-folder PRIVATE to the named library liblc3 Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> (cherry picked from commit 2ca64a3)
-Mbed TLS requires common.h to build. The sample provides common.h in sample folder level but included the path to zephyr_interface. This commit changes the include to be sample-specific Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> (cherry picked from commit 627d2f9)
…rm_zeroize -Adding explicit include for mbedtls/platform_util.h to get acces to mbedtls_platform_zeroize in ITS. Somehow not visibile in Zephyr but it caused build issues in nRF Connect SDK. Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> (cherry picked from commit 202c2c4)
…he boards Bring the change that was already in place for the qemu_cortex_m3 board to all the other ones, since also nrf52840 had a similar problem (see issue #82812). Signed-off-by: Valerio Setti <vsetti@baylibre.com> (cherry picked from commit 9d0b124)
The BT Host module also uses import/export PSA functions alongside the generate one, so these PSA_WANT should be added as well. Previously it happened to work only because Mbed TLS is enabling IMPORT/EXPORT internally whenever GENERATE/DERIVE is set. However the same might not be true for all PSA Crypto providers. Signed-off-by: Valerio Setti <vsetti@baylibre.com> (cherry picked from commit 222f8d8)
…rver The unicast server does not need GATT caching and it was likely incorrectly added earlier as a dependency. Upstream PR #: 84232 Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
… updates -Update hostap to PR nrfconnect#76 which adds support for CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead of relying on legacy Mbed TLS ctr_drbg and entropy APIs. This change is in line with PSA crypto entropy changes in Zephyr happening with TinyCrypt deprecation and advancement of PSA crypto mechanisms -Remove defconfigs for currently sets the Kconfigs: -CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG -CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG Upstream PR #: 84517 Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
…endencies -PSA_WANT_ALG_CMAC must be set for PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 to be valid. This commit fixes this mismatch for hostap Upstream PR #: 84517 Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
…nfigurations
-Mbed TLS has come up with its own naming-convention with regards
to certain Mbed TLS configurations for TLS/DTLS and X.509. This
commit fixes a couple of them by depending on MBEDTLS_BUILTIN
which is set when Kconfig.tls-generic is used
1. Make MBEDTLS_PEM_CERTIFICATE_FORMAT depend on MBEDTLS_BUILTIN
The proper name for this functionaity is MBEDTL_PEM_PARSE_C and
MBEDTLS_PEM_WRITE_C
2. Make MBEDTLS_SERVER_NAME_INDICATION depend on MBEDTLS_BUILTIN
The proper name for this is MBEDTLS_SSL_SERVER_NAME_INDICATION
Upstream PR #: 84517
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
This is a follow-up to commit 12eee61. Explicitly enable "PSA_WANT_ALG_ECB_NO_PADDING" to select the AES ECB mode that it is used in CMAC operation. This is done because CMAC uses AES-ECB, so both AES and ECB must be explicitly enabled. Previously it worked because Mbed TLS is not currently performing any check internally on this and it's just enabling ECB automatically. Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no> (cherry picked from commit dff78b4)
There's no point building the sample for platforms that do not support networking, hence add netif dependency to reduce the CI execution scope. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> (cherry picked from commit 3df9b5f)
Non-secure variants for nRF7002 DK were removed from upstream in commit 10d4973. Revert these changes downstream, so that the NS variants are still available. Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
…en built-in in PSA" This reverts commit ac6d834. Temporarily revert an upstream change that leads to a Kconfig dependency loop with MBEDTLS_CIPHER_AES_ENABLED. This is supposed to be replaced with a better fix later. Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
This needs to be revisited but the newly added dependency on the entropy_generator doesn't work with nrf_security. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
This test cannot be executed with the SDFW Service Framework client started, so disable its initialization. Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
-This commit adds psa_init.c that contains a SYS_INIT to enforce early initialization of PSA crypto by calling psa_crypto_init() in PRE_KERNEL_1, before any other users (include entropy_psa_crypto). -This is separated from CONFIG_MBEDTLS_INIT which has a SYS_INIT that happens in POST_KERNEL and include initializing the Mbed TLS heap if this is enabled. -Removing unneeded doxygen @file entry for zephyr_init.c Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no> (Cherry-picked from commit 7b92773a7f71e17d21fe8c8f65aebe22ad2a115b)
frkv
force-pushed
the
psa_init_pre_kernel_ncs
branch
from
4982231 to
e94b82c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Built on top of pull/2411