[nrf noup] zephyr: sdk-nrf specific overrides on PSA Kconfigs

Select proper configuration and disable mbedTLS selection,
as we are using NRF Security enabled Oberon.

Signed-off-by: Dominik Ermel <[email protected]>

Author: de-nordic

boot/bootutil/zephyr/CMakeLists.txt

@@ -40,7 +40,7 @@ if(CONFIG_BOOT_USE_PSA_CRYPTO)
   )
 endif()
 
-if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO)
+if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_NRF_SECURITY)
   zephyr_link_libraries(mbedTLS)
 endif()
 endif()

boot/zephyr/Kconfig

@@ -89,8 +89,7 @@ config BOOT_ED25519_PSA_DEPENDENCIES
 	select PSA_WANT_ALG_SHA_256
 	select PSA_WANT_ALG_SHA_512
 	select PSA_WANT_ALG_PURE_EDDSA
-	# Seems that upstream mbedTLS does not have TE
-	#select PSA_WANT_ECC_TWISTED_EDWARDS_255
+	select PSA_WANT_ECC_TWISTED_EDWARDS_255
 	select PSA_WANT_ECC_MONTGOMERY_255
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
 	help
@@ -285,6 +284,7 @@ config BOOT_SIGNATURE_TYPE_PURE
 
 choice BOOT_ED25519_IMPLEMENTATION
 	prompt "Ecdsa implementation"
+	default BOOT_ED25519_PSA if NRF_SECURITY
 	default BOOT_ED25519_TINYCRYPT
 
 config BOOT_ED25519_TINYCRYPT
@@ -305,7 +305,7 @@ config BOOT_ED25519_MBEDTLS
 
 config BOOT_ED25519_PSA
 	bool "Use PSA crypto"
-	select MBEDTLS
+	depends on NRF_SECURITY
 	select BOOT_USE_PSA_CRYPTO
 	select PSA_CRYPTO_CLIENT
 	select PSA_CRYPTO_C
@@ -370,11 +370,11 @@ config MCUBOOT_CLEANUP_RAM
 	help
 	  Sets contents of memory to 0 before jumping to application.
 
-if MBEDTLS
+if MBEDTLS || NRF_SECURITY
 
 config MBEDTLS_CFG_FILE
 	default "config-tls-generic.h" if MBEDTLS_BUILTIN || BOOT_USE_PSA_CRYPTO
-	default "mcuboot-mbedtls-cfg.h" if BOOT_USE_MBEDTLS
+	default "mcuboot-mbedtls-cfg.h" if BOOT_USE_MBEDTLS && !NRF_SECURITY
 
 endif