Skip to content

Commit 726656d

Browse files
Damian-Nordiccfriedt
Damian-Nordic
authored and
cfriedt
committed
net: openthread: Add crypto backend based on PSA API
OpenThread has lately got an option to provide a custom crypto backend that replaces the default, based on mbedTLS API. Implement a backend based on ARM PSA crypto API that is better suited for applications willing to take advantage of the ARM trust zone technology. Add Kconfig option: OPENTHREAD_CRYPTO_PSA_ENABLE which enables that backend. Also, another Kconfig option: OPENTHREAD_PLATFORM_KEY_REFERENCES_ENABLE, implied by the former, which enables usage of key references instead of literal keys in OpenThread. It will eventually allow OpenThread applications to keep sensitive data such as encryption keys in the secure storage, accessible from the secure world only. Signed-off-by: Damian Krolik <[email protected]>
1 parent 70a9bc0 commit 726656d

File tree

4 files changed

+442
-0
lines changed

4 files changed

+442
-0
lines changed

subsys/net/l2/openthread/Kconfig

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -306,4 +306,18 @@ config OPENTHREAD_MAC_SOFTWARE_CSMA_BACKOFF_ENABLE
306306
Set y to enable software CSMA backoff. The option can be disabled if
307307
the radio has hardware support for this feature (IEEE802154_HW_CSMA).
308308

309+
config OPENTHREAD_CRYPTO_PSA
310+
bool "Enable ARM PSA crypto API"
311+
depends on BUILD_WITH_TFM
312+
select OPENTHREAD_PLATFORM_KEY_REFERENCES_ENABLE
313+
help
314+
Enable crypto backend library implementation based on ARM PSA crypto
315+
API instead of the default, using mbedTLS.
316+
317+
config OPENTHREAD_PLATFORM_KEY_REFERENCES_ENABLE
318+
bool "Enable cryptographic key reference support"
319+
help
320+
Enable usage of cryptographic key references instead of literal keys
321+
This requires a crypto backend library that supports key references.
322+
309323
endif # NET_L2_OPENTHREAD

subsys/net/lib/openthread/platform/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ zephyr_library_sources(
1313

1414
zephyr_library_sources_ifdef(CONFIG_OPENTHREAD_DIAG diag.c)
1515
zephyr_library_sources_ifdef(CONFIG_OPENTHREAD_COPROCESSOR uart.c)
16+
zephyr_library_sources_ifdef(CONFIG_OPENTHREAD_CRYPTO_PSA crypto_psa.c)
1617
zephyr_library_sources_ifdef(CONFIG_OPENTHREAD_SHELL shell.c)
1718
zephyr_library_sources_ifdef(CONFIG_OPENTHREAD_EXTERNAL_HEAP memory.c)
1819
zephyr_library_sources_ifndef(CONFIG_LOG_BACKEND_SPINEL logging.c)

0 commit comments

Comments
 (0)