Forbid usage of NRF_IRONSIDE in mbedtls and secure storage #96915
+3
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zephyrbot
added
area: Secure Storage
Vge0rge
changed the title
The NRF_IRONSIDE is a provider of PSA services (including storage) so it cannot be used along with the secure storage subsystem which provides PSA storage APIs. Signed-off-by: Georgios Vasilakis <[email protected]>
The NRF_IRONSIDE provides PSA crypto APIs the same way that the TF-M does. Take that into account in the MBEDTLS configuration configuration. Signed-off-by: Georgios Vasilakis <[email protected]>
Vge0rge
force-pushed
the
sec_storage_iron
branch
from
6e7d507 to
76cff73
Compare
zephyrbot
requested review from
ceolin,
d3zd3z,
ithinuel,
valeriosetti and
wearyzen
Vge0rge
changed the title
|
SebastianBoe
approved these changes
Oct 2, 2025
|
Adding DNM because I see some breakages on the CI that I need to investigate. |
tomi-font
reviewed
Oct 3, 2025
| bool | ||
| default y | ||
| depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C | ||
| depends on BUILD_WITH_TFM || MBEDTLS_PSA_CRYPTO_C || NRF_IRONSIDE |
There was a problem hiding this comment.
@valeriosetti with your PR #96415 maybe we could make this Kconfig option just depend on PSA_CRYPTO_PROVIDER (or PSA_CRYPTO)?
| config MBEDTLS_PSA_CRYPTO_C | ||
| bool "Platform Security Architecture cryptography API" | ||
| depends on !BUILD_WITH_TFM | ||
| depends on !NRF_IRONSIDE |
There was a problem hiding this comment.
commit message typos
The NRF_IRONSIDE provides PSA crypto APIs the same way that
theTF-M does. Take that into account in the MBEDTLSconfiguration
configuration.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The NRF_IRONSIDE is a provider of PSA services (including storage and storage) so it cannot be used along with the secure storage subsystem which provides PSA storage APIs or the mbedtls PSA implementation.