Skip to content

Commit

Permalink
[nrfconnect] Switch to PSA Crypto API
Browse files Browse the repository at this point in the history 
Enabled PSA Crypto API by default in nrfconnect platform
  • Loading branch information
@ArekBalysNordic
ArekBalysNordic committed Mar 11, 2024
1 parent 2c31cd8 commit 8bf8c25
Show file tree
Hide file tree
Showing 7 changed files with 285 additions and 203 deletions.
4 changes: 3 additions & 1 deletion config/nrfconnect/chip-module/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,15 @@ if (CONFIG_ARM)
matter_add_cflags(--specs=nosys.specs)
endif()

if (CONFIG_NORDIC_SECURITY_BACKEND)
if (CONFIG_NRF_SECURITY)
zephyr_include_directories($<TARGET_PROPERTY:mbedtls_external,INTERFACE_INCLUDE_DIRECTORIES>)
zephyr_include_directories($<TARGET_PROPERTY:mbedcrypto_common,INTERFACE_INCLUDE_DIRECTORIES>)
if(TARGET platform_cc3xx)
zephyr_include_directories($<TARGET_PROPERTY:platform_cc3xx,INTERFACE_INCLUDE_DIRECTORIES>)
endif()
matter_add_flags(-DMBEDTLS_CONFIG_FILE=<nrf-config.h>)
matter_add_flags(-DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=<nrf-psa-crypto-want-config.h>)
matter_add_flags(-DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE=<nrf-psa-crypto-config.h>)
elseif(CONFIG_MBEDTLS)
zephyr_include_directories($<TARGET_PROPERTY:mbedTLS,INTERFACE_INCLUDE_DIRECTORIES>)
zephyr_compile_definitions($<TARGET_PROPERTY:mbedTLS,INTERFACE_COMPILE_DEFINITIONS>)
Expand Down
16 changes: 16 additions & 0 deletions config/nrfconnect/chip-module/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -286,4 +286,20 @@ config CHIP_ENABLE_READ_CLIENT
This config can be disabled for device types that do not require Read Client functionality.
Disabling this config can save flash and RAM space.

config CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
bool "Operational keys migration feature"
depends on CHIP_CRYPTO_PSA
help
Enables migration of the operational keys stored in the persistent storage to the PSA ITS secure storage.
Enable this feature while updating the firmware of in-field devices that run Mbed TLS cryptography backend
to the firmware based on PSA Crypto API.

config CHIP_FACTORY_RESET_ON_KEY_MIGRATION_FAILURE
bool "Perform factory reset if the operational key migration failed"
default y
depends on CHIP_MIGRATE_OPERATIONAL_KEYS_TO_ITS
help
Allow device to perform factory reset if the operational key for Fabric has not been migrated
properly to PSA ITS storage.

endif # CHIP
Loading

0 comments on commit 8bf8c25

Please sign in to comment.