Skip to content

Commit a6b51f1

Browse files
de-nordicrlubos
de-nordic
authored and
rlubos
committed
[nrf noup] zephyr: sdk-nrf specific overrides on PSA Kconfigs
Select proper configuration and disable mbedTLS selection, as we are using NRF Security enabled Oberon. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 4bcddc1)
1 parent 19d25e4 commit a6b51f1

File tree

2 files changed

+7
-5
lines changed

2 files changed

+7
-5
lines changed

boot/bootutil/zephyr/CMakeLists.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ if(CONFIG_BOOT_USE_PSA_CRYPTO)
4040
)
4141
endif()
4242

43-
if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO)
43+
if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_NRF_SECURITY)
4444
zephyr_link_libraries(mbedTLS)
4545
endif()
4646
endif()

boot/zephyr/Kconfig

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,7 @@ config BOOT_ED25519_PSA_DEPENDENCIES
8383
select PSA_WANT_ALG_SHA_256
8484
select PSA_WANT_ALG_SHA_512
8585
select PSA_WANT_ALG_PURE_EDDSA
86-
# Seems that upstream mbedTLS does not have TE
87-
#select PSA_WANT_ECC_TWISTED_EDWARDS_255
86+
select PSA_WANT_ECC_TWISTED_EDWARDS_255
8887
select PSA_WANT_ECC_MONTGOMERY_255
8988
select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
9089
help
@@ -208,7 +207,8 @@ choice BOOT_SIGNATURE_TYPE
208207

209208
config BOOT_SIGNATURE_TYPE_NONE
210209
bool "No signature; use only hash check"
211-
select BOOT_USE_TINYCRYPT
210+
select BOOT_USE_TINYCRYPT if !SOC_SERIES_NRF54LX
211+
select BOOT_USE_PSA_CRYPTO if SOC_SERIES_NRF54LX
212212
select BOOT_IMG_HASH_ALG_SHA256_ALLOW
213213

214214
config BOOT_SIGNATURE_TYPE_RSA
@@ -282,6 +282,7 @@ config BOOT_SIGNATURE_TYPE_PURE
282282

283283
choice BOOT_ED25519_IMPLEMENTATION
284284
prompt "Ecdsa implementation"
285+
default BOOT_ED25519_PSA if NRF_SECURITY
285286
default BOOT_ED25519_TINYCRYPT
286287

287288
config BOOT_ED25519_TINYCRYPT
@@ -302,7 +303,7 @@ config BOOT_ED25519_MBEDTLS
302303

303304
config BOOT_ED25519_PSA
304305
bool "Use PSA crypto"
305-
select MBEDTLS
306+
depends on NRF_SECURITY
306307
select BOOT_USE_PSA_CRYPTO
307308
select PSA_CRYPTO_CLIENT
308309
select PSA_CRYPTO_C
@@ -372,6 +373,7 @@ config MBEDTLS_CFG_FILE
372373
# is used, but the fact is that Mbed TLS' ASN1 parse module is used
373374
# also when TinyCrypt is used as crypto backend.
374375
default "mcuboot-mbedtls-cfg.h" if BOOT_USE_TINYCRYPT
376+
default "config-tls-generic.h" if NRF_SECURITY && (MBEDTLS_BUILTIN || BOOT_USE_PSA_CRYPTO)
375377
default "mcuboot-mbedtls-cfg.h" if BOOT_USE_MBEDTLS && !MBEDTLS_BUILTIN
376378

377379
config BOOT_HW_KEY

0 commit comments

Comments
 (0)