diff --git a/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt b/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt index d26957d88b2b..d13ee5b0c99c 100644 --- a/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt +++ b/subsys/nrf_security/src/ssf_secdom/CMakeLists.txt @@ -7,4 +7,5 @@ target_sources(${mbedcrypto_target} PRIVATE ${CMAKE_CURRENT_LIST_DIR}/ssf_crypto.c + ${CMAKE_CURRENT_LIST_DIR}/ssf_psa_core_compatibility.c ) diff --git a/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c b/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c new file mode 100644 index 000000000000..1f5c314a2cac --- /dev/null +++ b/subsys/nrf_security/src/ssf_secdom/ssf_psa_core_compatibility.c @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2025 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + */ + +#include + +/* This define exists in the psa_crypto.c file, I kept the same + * name here so that it can be searched the same way. + * In the psa_crypto.c file this define is the concatenation of + * PSA_CRYPTO_SUBSYSTEM_DRIVER_WRAPPERS_INITIALIZED (=0x1)| + * PSA_CRYPTO_SUBSYSTEM_KEY_SLOTS_INITIALIZED (=0x2)| + * PSA_CRYPTO_SUBSYSTEM_TRANSACTION_INITIALIZED (=0x4) + * Just for conformity I kept the same value here. + */ +#define PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED (0x7) + +/* This function is declared in psa_crypto_core.h */ +int psa_can_do_hash(psa_algorithm_t hash_alg) +{ + (void)hash_alg; + /* No initialization is needed when SSF is used, so just return the + * expected value here. + */ + return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED; +} + +/* This function is declared in psa_crypto_core.h */ +int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg) +{ + (void)key_type; + (void)cipher_alg; + /* No initialization is needed when SSF is used, so just return the + * expected value here. + */ + return PSA_CRYPTO_SUBSYSTEM_ALL_INITIALISED; +} diff --git a/subsys/sdfw_services/Kconfig b/subsys/sdfw_services/Kconfig index 8247209ddec8..57b3982c80a7 100644 --- a/subsys/sdfw_services/Kconfig +++ b/subsys/sdfw_services/Kconfig @@ -38,6 +38,11 @@ config SSF_CLIENT_SYS_INIT bool "Start SDFW Service Framework client on boot" default y +config SSF_CLIENT_SYS_INIT_PRIORITY + int + default 47 + depends on SSF_CLIENT_SYS_INIT + config SSF_CLIENT_REGISTERED_LISTENERS_MAX int "Maximum number of simultaneous registered listeners" default 1 diff --git a/subsys/sdfw_services/os/ssf_client_zephyr.c b/subsys/sdfw_services/os/ssf_client_zephyr.c index 4d1f30cc7e32..10bd8627fa29 100644 --- a/subsys/sdfw_services/os/ssf_client_zephyr.c +++ b/subsys/sdfw_services/os/ssf_client_zephyr.c @@ -45,10 +45,25 @@ void ssf_client_sem_give(struct ssf_client_sem *sem) } #if CONFIG_SSF_CLIENT_SYS_INIT + +#ifdef CONFIG_IPC_SERVICE_REG_BACKEND_PRIORITY +BUILD_ASSERT(CONFIG_SSF_CLIENT_SYS_INIT_PRIORITY > CONFIG_IPC_SERVICE_REG_BACKEND_PRIORITY, + "SSF_CLIENT_SYS_INIT_PRIORITY must be higher than IPC_SERVICE_REG_BACKEND_PRIORITY"); +#endif + +#ifdef CONFIG_NRF_802154_SER_RADIO_INIT_PRIO +BUILD_ASSERT(CONFIG_SSF_CLIENT_SYS_INIT_PRIORITY < CONFIG_NRF_802154_SER_RADIO_INIT_PRIO, + "SSF_CLIENT_SYS_INIT_PRIORITY must be lower than NRF_802154_SER_RADIO_INIT_PRIO"); +#endif + +BUILD_ASSERT( + CONFIG_SSF_CLIENT_SYS_INIT_PRIORITY > CONFIG_KERNEL_INIT_PRIORITY_DEFAULT, + "SSF_CLIENT_SYS_INIT_PRIORITY must be higher than the IPC ICMSG initialization priority"); + static int client_init(void) { return ssf_client_init(); } -SYS_INIT(client_init, POST_KERNEL, CONFIG_APPLICATION_INIT_PRIORITY); +SYS_INIT(client_init, POST_KERNEL, CONFIG_SSF_CLIENT_SYS_INIT_PRIORITY); #endif