diff --git a/lib/app_jwt/Kconfig b/lib/app_jwt/Kconfig index 0d227413d8d5..127c1de625e7 100644 --- a/lib/app_jwt/Kconfig +++ b/lib/app_jwt/Kconfig @@ -14,10 +14,18 @@ menuconfig APP_JWT # Needed to print integer values in JSON select CJSON_LIB select CBPRINTF_FP_SUPPORT + # Needed to use PSA and crypto + select PSA_SSF_CRYPTO_CLIENT + select PSA_WANT_PLATFORM_KEYS + select PSA_WANT_GENERATE_RANDOM select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT select PSA_WANT_ALG_ECDSA select PSA_WANT_ECC_SECP_R1_256 select PSA_WANT_ALG_SHA_256 + # Needed to use PSA services from secure core + select NRF_IRONSIDE_CALL + # Needed for device UUID + select NRF_IRONSIDE_BOOT_REPORT if APP_JWT diff --git a/lib/app_jwt/app_jwt.c b/lib/app_jwt/app_jwt.c index 1cd653229927..9762ed1a2dc8 100644 --- a/lib/app_jwt/app_jwt.c +++ b/lib/app_jwt/app_jwt.c @@ -15,7 +15,7 @@ #include #include -#include +#include #include #include @@ -636,6 +636,20 @@ static int jwt_signature_append(const char *const unsigned_jwt, const char *cons return err; } +static int device_info_get_uuid(uint8_t *uuid_bytes) +{ + int err = 0; + const struct ironside_boot_report *report; + + err = ironside_boot_report_get(&report); + + if (err == 0) { + memcpy(uuid_bytes, (void*)&report->device_info_uuid ,SECDOM_BOOT_REPORT_UUID_SIZE); + } + + return err; +} + int app_jwt_generate(struct app_jwt_data *const jwt) { if (jwt == NULL) { @@ -712,7 +726,7 @@ int app_jwt_get_uuid(char *uuid_buffer, const size_t uuid_buffer_size) uint8_t uuid_bytes[UUID_BINARY_BYTES_SZ]; - if (0 != ssf_device_info_get_uuid(uuid_bytes)) { + if (0 != device_info_get_uuid(uuid_bytes)) { /* Couldn't read data */ return -ENXIO; } diff --git a/samples/app_jwt/boards/nrf54h20dk_nrf54h20_cpuapp.conf b/samples/app_jwt/boards/nrf54h20dk_nrf54h20_cpuapp.conf index bcf4483efa01..28b9d01315f7 100644 --- a/samples/app_jwt/boards/nrf54h20dk_nrf54h20_cpuapp.conf +++ b/samples/app_jwt/boards/nrf54h20dk_nrf54h20_cpuapp.conf @@ -28,13 +28,3 @@ CONFIG_APP_JWT_PRINT_EXPORTED_PUBKEY_DER=y # Enable nordic security backend and PSA APIs CONFIG_NRF_SECURITY=y - -# Enable PSA crypto from SSF client -CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y - -# Enable Device Info service -CONFIG_SSF_DEVICE_INFO_SERVICE_ENABLED=y - -# Enable SUIT bundling -CONFIG_SUIT=y -CONFIG_ZCBOR_CANONICAL=y diff --git a/samples/app_jwt/prj.conf b/samples/app_jwt/prj.conf index 07292efbdfe8..f11b3f5f6318 100644 --- a/samples/app_jwt/prj.conf +++ b/samples/app_jwt/prj.conf @@ -13,19 +13,9 @@ CONFIG_APP_JWT_LOG_LEVEL_INF=y # Verify JWT signature after signing CONFIG_APP_JWT_VERIFY_SIGNATURE=y +# Requiered to use subsys nrf_security +CONFIG_NRF_SECURITY=y + # Optional : print the exported public key in DER format to logging terminal, # requieres CONFIG_APP_JWT_LOG_LEVEL_INF=y to be made visible. CONFIG_APP_JWT_PRINT_EXPORTED_PUBKEY_DER=y - -# Enable nordic security backend and PSA APIs -CONFIG_NRF_SECURITY=y - -# Enable PSA crypto from SSF client -CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y - -# Enable Device Info service -CONFIG_SSF_DEVICE_INFO_SERVICE_ENABLED=y - -# Enable SUIT bundling -CONFIG_SUIT=y -CONFIG_ZCBOR_CANONICAL=y diff --git a/samples/app_jwt/sample.yaml b/samples/app_jwt/sample.yaml index cc5148e1b6dc..9d510c86bb13 100644 --- a/samples/app_jwt/sample.yaml +++ b/samples/app_jwt/sample.yaml @@ -19,12 +19,5 @@ tests: - nrf54h20dk/nrf54h20/cpuapp extra_args: - EXTRA_CONF_FILE=uart_logging.conf - - SB_CONFIG_SUIT_ENVELOPE=y extra_configs: - CONFIG_LOG_BUFFER_SIZE=4098 - - CONFIG_SUIT=y - - CONFIG_ZCBOR=y - - CONFIG_ZCBOR_CANONICAL=y - - CONFIG_SUIT_ENVELOPE_TARGET="application" - - CONFIG_SUIT_ENVELOPE_TEMPLATE_FILENAME="app_envelope.yaml.jinja2" - - CONFIG_SUIT_LOCAL_ENVELOPE_GENERATE=y diff --git a/subsys/nrf_security/src/ssf_secdom/Kconfig b/subsys/nrf_security/src/ssf_secdom/Kconfig index 353e0a58432c..ea5a63812985 100644 --- a/subsys/nrf_security/src/ssf_secdom/Kconfig +++ b/subsys/nrf_security/src/ssf_secdom/Kconfig @@ -8,7 +8,7 @@ config PSA_SSF_CRYPTO_CLIENT bool prompt "PSA crypto provided through SSF" default y - depends on SSF_CLIENT || SOC_NRF54H20 + depends on SSF_CLIENT || SOC_NRF54H20 || SOC_NRF9280 select NRF_IRONSIDE_CALL if !SSF_CLIENT if PSA_SSF_CRYPTO_CLIENT diff --git a/west.yml b/west.yml index 62b0b74e17fd..572b6a2b5639 100644 --- a/west.yml +++ b/west.yml @@ -65,7 +65,7 @@ manifest: # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html - name: zephyr repo-path: sdk-zephyr - revision: 53824876e35648dc8c2d6fb99e3756e7cd4d779f + revision: pull/3208/head import: # In addition to the zephyr repository itself, NCS also # imports the contents of zephyr/west.yml at the above