secure_storage: re-add MbedTLS backend

JordanYates · JordanYates · commit d00adcb1e889 · 2025-02-17T21:47:40.000+10:00
Re-add the option to use the MbedTLS ITS backend on posix. This backend is much simpler to setup than the Zephyr backends in a testing environment. This was previously removed in: zephyrproject-rtos#82319 Signed-off-by: Jordan Yates <jordan@embeint.com>
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
@@ -486,6 +486,11 @@
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 #endif
 
+#if defined(CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS)
+#define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_FS_IO
+#endif
+
 #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
 
 #if defined(CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS)
diff --git a/samples/psa/its/Kconfig b/samples/psa/its/Kconfig
@@ -0,0 +1,10 @@
+# Copyright (c) 2025 Embeint Inc
+# SPDX-License-Identifier: Apache-2.0
+
+# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here
+choice SECURE_STORAGE_ITS_IMPLEMENTATION
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM
+endchoice
+
+source "Kconfig.zephyr"
diff --git a/subsys/secure_storage/Kconfig b/subsys/secure_storage/Kconfig
@@ -27,6 +27,12 @@ source "subsys/logging/Kconfig.template.log_config"
 choice SECURE_STORAGE_ITS_IMPLEMENTATION
 	prompt "Internal Trusted Storage (ITS) API implementation"
 
+config SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS
+	bool "MbedTLS ITS implementation"
+	depends on ARCH_POSIX
+	help
+	  Use MbedTLS's implementation of the ITS API.
+
 config SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
 	bool "Zephyr's ITS implementation"
 	select SECURE_STORAGE_ITS_TRANSFORM_MODULE
diff --git a/tests/bsim/bluetooth/mesh/overlay_ss.conf b/tests/bsim/bluetooth/mesh/overlay_ss.conf
@@ -1 +1,2 @@
 CONFIG_SECURE_STORAGE=y
+CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y
diff --git a/tests/subsys/secure_storage/psa/crypto/Kconfig b/tests/subsys/secure_storage/psa/crypto/Kconfig
@@ -0,0 +1,11 @@
+# Copyright (c) 2025 Embeint Inc
+# SPDX-License-Identifier: Apache-2.0
+
+# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here
+# as it implements `psa_ps_*` and not the underlying `secure_storage_its_*`.
+choice SECURE_STORAGE_ITS_IMPLEMENTATION
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM
+endchoice
+
+source "Kconfig.zephyr"
diff --git a/tests/subsys/secure_storage/psa/its/Kconfig b/tests/subsys/secure_storage/psa/its/Kconfig
@@ -0,0 +1,10 @@
+# Copyright (c) 2025 Embeint Inc
+# SPDX-License-Identifier: Apache-2.0
+
+# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here
+choice SECURE_STORAGE_ITS_IMPLEMENTATION
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM
+endchoice
+
+source "Kconfig.zephyr"

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`	`1`	`CONFIG_SECURE_STORAGE=y`
	`2`	`+CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y`