Skip to content

Commit 2d61db9

Browse files
tomi-fontnashif
tomi-font
authored and
nashif
committed
mbedtls: introduce PSA-specific Kconfig file
It is meant specifically for configuration of the PSA crypto library. The underlying PSA configuration items are guarded by the condition that a PSA crypto provider must be present, which is the case when either TF-M is in use or MbedTLS's PSA core is built as part of the application image. Signed-off-by: Tomi Fontanilles <[email protected]>
1 parent bfe8020 commit 2d61db9

File tree

3 files changed

+7
-9
lines changed

3 files changed

+7
-9
lines changed

modules/mbedtls/Kconfig.tls-generic

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -494,8 +494,9 @@ config MBEDTLS_USE_PSA_CRYPTO
494494

495495
config MBEDTLS_LMS
496496
bool "Support LMS signature schemes"
497-
depends on MBEDTLS_PSA_CRYPTO_C
497+
depends on MBEDTLS_PSA_CRYPTO_CLIENT
498498
depends on MBEDTLS_HASH_SHA256_ENABLED
499+
select PSA_WANT_ALG_SHA_256
499500

500501
config MBEDTLS_SSL_DTLS_CONNECTION_ID
501502
bool "DTLS Connection ID extension"

modules/mbedtls/configs/config-tls-generic.h

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,6 @@
3535

3636
#if defined(CONFIG_MBEDTLS_LMS)
3737
#define MBEDTLS_LMS_C
38-
#define PSA_WANT_ALG_SHA_256 1
3938
#endif
4039

4140
#if defined(CONFIG_MBEDTLS_HAVE_TIME_DATE)
@@ -486,6 +485,10 @@
486485
#define MBEDTLS_FS_IO
487486
#endif
488487

488+
#endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
489+
490+
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
491+
#define MBEDTLS_PSA_CRYPTO_CLIENT
489492
#endif
490493

491494
#if defined(CONFIG_MBEDTLS_TLS_VERSION_1_2) && defined(CONFIG_MBEDTLS_PSA_CRYPTO_C)
@@ -496,18 +499,12 @@
496499
#define MBEDTLS_SSL_DTLS_CONNECTION_ID
497500
#endif
498501

499-
/* User config file */
500-
501502
#if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)
502503
#include CONFIG_MBEDTLS_USER_CONFIG_FILE
503504
#endif
504505

505506
#if defined(CONFIG_BUILD_WITH_TFM)
506507
#undef MBEDTLS_PSA_CRYPTO_C
507-
#endif /* CONFIG_BUILD_WITH_TFM */
508-
509-
#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
510-
#define MBEDTLS_PSA_CRYPTO_CLIENT
511508
#endif
512509

513510
#if defined(CONFIG_PSA_WANT_ALG_SHA_256)

subsys/net/l2/openthread/Kconfig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -322,7 +322,7 @@ config OPENTHREAD_MAC_SOFTWARE_CSMA_BACKOFF_ENABLE
322322

323323
config OPENTHREAD_CRYPTO_PSA
324324
bool "ARM PSA crypto API"
325-
depends on MBEDTLS_PSA_CRYPTO_C || BUILD_WITH_TFM
325+
depends on MBEDTLS_PSA_CRYPTO_CLIENT
326326
select OPENTHREAD_PLATFORM_KEY_REF if !OPENTHREAD_COPROCESSOR_RCP
327327
imply OPENTHREAD_PLATFORM_KEYS_EXPORTABLE_ENABLE
328328
help

0 commit comments

Comments
 (0)