For sake of memory footprint it might be required to shrink
down the memory footprint as much as possible. Unfortunately Mbed TLS
PSA interface brings in some extra code for key management which makes
it larger than the TinyCrypt counterpart when it comes to p256-m
interfacing. For this reason it might be useful to directly access
the p256-m driver directly.
This commit adds this support and it also updates the corresponding
test in order to make use of this condition.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Ensure psa_crypto_init() is called during initialization when
Mbed TLS acts as a PSA crypto client. This will setup the PSA
crypto server for further calls.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add support for the CortexM optimized implementation of secp256r1
code. It supports:
- import & export
- key agreement
- sign & verify
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Adds an appropriate condition to the Kconfig as
the temperature driver is not supported for nRF54H20 devices yet.
Without this change, a build with NRF 802.15.4 libraries produces
Kconfig error.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
Clock_control is currently not supported on nRF54H20.
This commit adds new way of handling the hfclk targeted for nRF54H20.
This solution shall be replaced once the clock_control is supported
for nRF54H20.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
Make call to de-initialize disk in fatfs_unmount(). This will permit the
disk to be reinitialized when it is mounted with fatfs_mount().
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Channels owned by a child core shall also be included in the mask of
used channels (channels that cannot be allocated by the GPIOTE channel
allocator).
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add kconfig CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT to get more mbedtls
functionality for enterprise and DPP.
Split cmake sources related to hostap SME and crypto backend.
Default backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO use internal crypto
and some mbedtls apis.
Backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT use most mbedtls apis
and PSA apis, except some apis no longer supported in mbedtls 3.x,
or called in the middle of hostap and mbedtls.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
When the encoder button was pressed, it would send a LV_KEY_LEFT/RIGHT
instead of a LV_KEY_ENTER event.
This clears the enc_diff field, and set the key field to LV_KEY_ENTER
for button events.
Fixes#73529
Signed-off-by: Lorenz Clijnen <lorenz_reclame@outlook.be>
As of Mbed TLS 3.6 (which is the currently used version in Zephyr)
Blowfish, ARC4 and MD4 are no more supported so existing kconfigs
have no effect at all. Moreover they are not even used anywhere
in Zephyr.
This commit just removes them all and it also updates the migration
guide document.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The monolithic feature allows to link the binary blobs with
the application during the build.
Signed-off-by: Axel Le Bourhis <axel.lebourhis@nxp.com>
Signed-off-by: Yassine El Aissaoui <yassine.elaissaoui@nxp.com>
This change deprecates CONFIG_POSIX_SIGNAL in favour of
the plural CONFIG_POSIX_SIGNALS, which maps directly to the
name of the standard POSIX Option Group POSIX_SIGNALS.
Additionally, mark signals as experimental.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Zephyr's POSIX API is moving toward using the standard
nomenclature from IEEE 1003.1-2017 for as much as possible. In
particular, we want to have consistent naming between Zephyr's
POSIX API Kconfig options and the naming for POSIX Options and
Option Groups.
The Kconfig option CONFIG_PTHREAD_IPC has been (ab)used for a
very long time for a variety of different purposes. However,
the standard Option / feature test macro for POSIX Threads is,
intuitively _POSIX_THREADS. There is a corresponding sysconf()
key named _SC_POSIX_THREADS.
Annoyingly, the POSIX Option Group that corresponds to the
Option is POSIX_THREADS_BASE, which is a minor inconsistency
in the standard.
The _POSIX_THREADS Option already includes mutexes, condition
variables, and thread-specific storage (keys). So with this
change, we also deprecate the redundant Kconfig variables that
do not have a corresponding match in the standard.
- CONFIG_PTHREAD_IPC
- CONFIG_PTHREAD
- CONFIG_PTHREAD_COND
- CONFIG_PTHREAD_MUTEX
- CONFIG_PTHREAD_KEY
Additionally, create Kconfig variables for those configurables
which we are lacking:
- CONFIG_POSIX_THREADS_EXT
- CONFIG_POSIX_THREAD_ATTR_STACKSIZE
- CONFIG_POSIX_THREAD_ATTR_STACKADDR
- CONFIG_POSIX_THREAD_PRIORITY_SCHEDULING
- CONFIG_POSIX_THREAD_PRIO_INHERIT
- CONFIG_POSIX_THREAD_PRIO_PROTECT
- CONFIG_POSIX_THREAD_SAFE_FUNCTIONS
Some Kconfig variables were renamed to more properly match the spec:
- CONFIG_MAX_PTHREAD_COUNT -> CONFIG_POSIX_THREAD_THREADS_MAX
- CONFIG_MAX_PTHREAD_KEY_COUNT -> CONFIG_POSIX_THREAD_KEYS_MAX
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_MAX_FDS option does not correspond to any standard
POSIX option. It was used to define the size of the file
descriptor table, which is by no means exclusively used by
POSIX (also net, fs, ...).
POSIX_MAX_FDS is being deprecated in order to ensure that
Zephyr's POSIX Kconfig variables correspond to those defined in
the specification, as of IEEE 1003.1-2017. Namely,
POSIX_OPEN_MAX. CONFIG_POSIX_MAX_OPEN_FILES is being deprecated
for the same reason.
To mitigate any possible layering violations, that option is
not user selectable. It tracks the newly added
CONFIG_ZVFS_OPEN_MAX option, which is native to Zephyr.
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_DEVICE_IO
Similarly, with this deprecation, we introduce the following
Kconfig options that map directly to standard POSIX Options by
simply removing "CONFIG":
* CONFIG_POSIX_OPEN_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options.
* CONFIG_POSIX_DEVICE_IO_ALIAS_CLOSE
* CONFIG_POSIX_DEVICE_IO_ALIAS_OPEN
* CONFIG_POSIX_DEVICE_IO_ALIAS_READ
* CONFIG_POSIX_DEVICE_IO_ALIAS_WRITE
Gate open(), close(), read(), and write() via the
CONFIG_POSIX_DEVICE_IO Kconfig option and move
implementations into device_io.c, to be conformant with the
spec.
Lastly, stage function names for upcoming ZVFS work, to be
completed as part of the LTSv3 Roadmap (e.g. zvfs_open(), ..).
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_CLOCK option does not correspond to any standard
option. It was used to active features of several distinct
POSIX Options and Option Groups, which complicated API and
application configuration as a result.
POSIX_CLOCK is being deprecated in order to ensure that Zephyr's
POSIX Kconfig variables correspond to those defined in the
specification, as of IEEE 1003.1-2017.
Additionally, CONFIG_TIMER is being deprecated because it does
not match the corresponding POSIX Option (_POSIX_TIMERS).
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_TIMERS
Similarly, we introduce the following Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_POSIX_CLOCK_SELECTION
* CONFIG_POSIX_CPUTIME
* CONFIG_POSIX_DELAYTIMER_MAX
* CONFIG_POSIX_MONOTONIC_CLOCK
* CONFIG_POSIX_TIMEOUTS
* CONFIG_POSIX_TIMER_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options that map directly to
standard POSIX Option Groups by simply removing "CONFIG_":
* CONFIG_POSIX_MULTI_PROCESS - sleep()
Similarly, in order to maintain parity with the current feature
set, we introduce the following additional Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_XSI_SINGLE_PROCESS - gettimeofday()
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Add missing call to LV_MEM_CUSTOM_FREE when closing a file to prevent
memory from leaking.
Resolves issue #73148.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With TF-M updated to 2.1.0 it now makes the signature type default
to EC-P256 for the mps2/an521/cpu0/ns board.
So far Zephyr had only supported and assumed that it was RSA-3072.
This brings support for other signature types, and changes the global
default to EC-P256.
The switch from RSA-3072 to EC-P256 reduces the flash usage by ~3.3KB
while having a negligible impact on RAM usage (increase of ~70 bytes)
when compiling the tfm_psa_test sample on mps2/an521/cpu0/ns and
nrf9160dk/nrf9160/ns without explicit optimizations.
The TFM_KEY_FILE_{S,NS} Kconfig options are moved inside an
`if TFM_BL2` as they are only used if MCUboot is included in TF-M.
The TF-M CMake variables MCUBOOT_KEY_{S,NS} are now set so that it's
possible to use signing keys located elsewhere than the default
location.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Restore the check that was introduced in
cd8d4ccad5 and removed in
cac7f4058f, rather than checking only
CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION in the tfm_psa_test sample.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Define and pass down PSA_ARCH_TESTS_PATH only in the sample that
needs it (tfm_psa_test).
Otherwise, it provokes a CMake warning because the variable does not
get used in TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 33786b55ab.
Reverting it because the upstream PR has been abandoned, and
this extra CMake variable is causing the warning
"Manually-specified variables were not used by the project".
As of now the version warning doesn't come up.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Permanently disable the revision checks made in the tf-m-tests
repository that were introduced with TF-M 2.1.0.
They fail because the expected upstream tags are not found in Zephyr's
tf-m-tests.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This commit aligns the GRTC driver to changes introduced in
hal_nordic. Some of the features regarding GRTC sleep/wakeup
functionality has been modified and moved out to the nrfx
driver's code.
Signed-off-by: Adam Kondraciuk <adam.kondraciuk@nordicsemi.no>
On SoC like nrf54h20 GPIOTE channels are split between cores. They
are reserved at compile time in devicetree. We need to ensure that
dynamically allocated channels are used only from pool assigned to
the given core. This is done using NRFX_GPIOTE130_CHANNELS_USED mask
which contains data from the device tree.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
https://github.com/zephyrproject-rtos/zephyr/pull/70541 has an
issue where if the screen has been rotated, values calculated if
invert-x or invert-y are set will be overwritten.
This breaks the adafruit_2_8_tft_touch_v2 touchscreen as the
display is rotated by 90 degrees but uses invert-x and invert-y.
This change makes the invert-x and invert-y options independent
of screen rotation.
Signed-off-by: Glenn Andrews <glenn.andrews.42@gmail.com>
Some Ambiq Apollox Blue SOC (e.g. Apollo3 Blue) uses internal designed
BLEIF module which is different from the general IOM module for SPI
transceiver. The called HAL API will also be independent. This driver is
implemented for the BLEIF module usage scenarios.
Signed-off-by: Aaron Ye <aye@ambiq.com>
Fixing a bug where wrong instance was enabled when SPIS137 was supposed
to be used.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Added NXP_FW_LOADER for NXP platforms.
Added NXP_RF_IMU for NXP platforms.
Added MONOLITHIC Flags for NXP platforms.
Signed-off-by: Axel Le Bourhis <axel.lebourhis@nxp.com>
- Add initial version of CYW920829M2EVK-02 board
- [drivers: clock_control] Make it possible to set up both iho and imo
clocks instead of just one or the other
Signed-off-by: Sreeram Tatapudi <sreeram.praveen@infineon.com>
This definition is no longer supported by the nrfx_gpiote driver (since
nrfx 3.2.0, reserved channels need to be defined per GPIOTE instance),
so remove it to not mislead users.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
By default PSA crypto library copies all the buffers that are passed
in into the heap before further processing them. This is required
when the PSA crypto library is on the secure side and it accepts
buffers from a non-secure code. However this case in Zephyr
is already handled by TF-M, so when the PSA crypto library is
built (CONFIG_MBEDTLS_PSA_CRYPTO_C) then it will be on the
non-secure side. Therefore this malloc copy is useless and
it consumes heap memory. Setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
at Mbed TLS build time helps in removing this mechanism and
it saves heap memory.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Instead of selecting legacy MBEDTLS symbols, use corresponding
PSA_WANT ones when possible (note: some legacy symbols do not
have a PSA correspondance).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add "sha3.c" source file that was previously missing from
CMakeLists.txt and that has been added in MbedTLS 3.6 release.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:
1. the prefix MBEDTLS suggests that it's something related to
MbedTLS, while actually PSA APIs can be provided also
by other implementations (ex: TFM)
2. there might applications which are willing to use PSA APIs
without using MbedTLS at all. For example computing an hash
can be as simple as writing psa_hash_compute() and, if the
PSA function is provided thorugh TFM, then MbedTLS is not
required at all
Therefore this commit:
- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
that symbol belongs to MbedTLS
- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
to state that there is "some" PSA crypto API provider
- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
PSA_CRYPTO_CLIENT, since the former is an implementation of
the latter.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Valerio Setti