soc: silabs: Add symbol for Mbed TLS builtin keys

This is temporarily added to zephyr-silabs while awaiting the
merge of the feature upstream.

Add a new Kconfig symbol MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS to wrap the
Mbed TLS configuration option with the same name. Built-in key
support enables platforms implementing
mbedtls_psa_platform_get_builtin_key() to use keys derived from a
hardware unique key or stored in a secure element.

Upstream-status: pr <zephyrproject-rtos/zephyr#95636>
Signed-off-by: Aksel Skauge Mellbye <[email protected]>

Author: asmellby

modules/hal_silabs/simplicity_sdk/inc/sl_mbedtls_config_zephyr.h

@@ -5,6 +5,10 @@
 #ifndef SL_MBEDTLS_CONFIG_ZEPHYR_H
 #define SL_MBEDTLS_CONFIG_ZEPHYR_H
 
+#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+#define MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+#endif
+
 #include "sli_mbedtls_omnipresent.h"
 
 /* Legacy mbed TLS ALT APIs are not accelerated in Zephyr

soc/silabs/silabs_s2/Kconfig

@@ -24,5 +24,14 @@ config MBEDTLS_USER_CONFIG_FILE
 	default "sl_mbedtls_config_zephyr.h" \
 		if (PSA_CRYPTO_DRIVER_SILABS_HSE || PSA_CRYPTO_DRIVER_SILABS_VSE)
 
+config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+	bool "Built-in key support in PSA Crypto core"
+	help
+	  Enable support for platform built-in keys in PSA Crypto. Built-in keys
+	  are typically derived from a hardware unique key or stored in a secure
+	  element. Mbed TLS uses key IDs from MBEDTLS_PSA_KEY_ID_BUILTIN_MIN to
+	  MBEDTLS_PSA_KEY_ID_BUILTIN_MAX for built-in keys. The platform must
+	  implement mbedtls_psa_platform_get_builtin_key().
+
 endif
 endif