Do Not Review: Upmerge TF-M v2.1.0 Mbed TLS v3.6.0 (only for testing) #17229
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frkv
requested review from
Vge0rge,
stephen-nordic,
magnev,
tomchy,
ahasztag,
hakonfam,
alstrzebonski,
MarekPieta,
kapi-no,
tejlmand,
a team,
oyvindronningstad,
rlubos,
lemrey,
anangl,
krish2718,
sachinthegreen and
rado17
as code owners
github-actions
bot
added
doc-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:more detailsGithub labels
List of changed files detected by CI (0)Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
9e9e629
to
2b7911e
Compare
frkv
requested review from
carlescufi,
a team,
grochu,
maje-emb,
wentong-li and
bama-nordic
as code owners
When sysbuild Wi-Fi needs to be enabled explicitly to avoid build issues. Signed-off-by: Chaitanya Tata <[email protected]>
fixup! crypto: Adding threading support for PSA core Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-Fixes issues booting TF-M Signed-off-by: Frank Audun Kvamtrø <[email protected]>
This will be re-enabled when sdl2 is added to toolchain. Signed-off-by: Thomas Stilwell <[email protected]>
-Fixes issues on nRF54L15 devices (uses CRACEN) Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Added this sample scenario to quarantine. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Bjarki Arge Andreasen <[email protected]>
Fix build error by including missing file mbedtls_config.h. Signed-off-by: Simen S. Røstad <[email protected]>
Enable WIFI_NRF70 only for Wi-Fi builds Signed-off-by: Simen S. Røstad <[email protected]>
-Setting the flag was missing Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-Added regression trying to fix tfm_hello_Word. This commmit fixes it Signed-off-by: Frank Audun Kvamtrø <[email protected]>
The flash_thread is using a colliding name when registering with the log module LOG_MODULE_REGISTER(flash, LOG_LEVEL_INF). Update name to flash_thd to avoid naming collision. Signed-off-by: Bjarki Arge Andreasen <[email protected]>
The write struct member has been removed in bt_gatt_subscribe_params. Replace it by another struct member 'subscribe'. Signed-off-by: Lang Xie <[email protected]> Signed-off-by: Bjarki Arge Andreasen <[email protected]>
Update the nrf7002 in the thingy91x board to match upstream dts model. Additionally add COEX model of nrf700x for use with for example cpunet. Signed-off-by: Bjarki Arge Andreasen <[email protected]>
Ignore the min heap requirements for Wi-Fi and update the nrf9151/ns overlay to properly reference the wifi wlan0 node. Signed-off-by: Pete Skeggs <[email protected]> Signed-off-by: Bjarki Arge Andreasen <[email protected]>
Signal that we knowingly are setting the heap size smaller than sum of min heaps. Signed-off-by: Bjarki Arge Andreasen <[email protected]>
-This enabled md_ext.c for nRF54H20 (CPUAPP/CPURAD) to ensuce psa_can_do_hash and psa_can_do_cipher is available Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Quarantine net.lib.wifi_credentials_backend_psa temporarily to be fixed after upmerge. Signed-off-by: Bjarki Arge Andreasen <[email protected]>
Static RAM usage is exceeding the `RAM` region at build time. Decrease the number of RX buffers to fix this. Signed-off-by: Ravi Dondaputi <[email protected]>
-This adds Kconfis that can be used to signal that legacy MD/CIPHER functionality must be used even though MBEDTLS_PSA_CRYPTO_CLIENT is set. This is done to allow TF-M miminmal configuration to work (as it doesn't enable anything other than RNG). The real solution is to port to use PSA crypto APIs, so these configurations can be removed Signed-off-by: Frank Audun Kvamtrø <[email protected]>
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
0ec6c42
to
5421337
Compare
The builtin keys are used in different ways for the nRF54L15 and the nRF9160 and nRF5340 devices. The L15 devices don't use the default TFM builtin key loader but they implement their own function to load the builtin keys. The configuration MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is necessary for all the platforms though sinc the PSA core will not include basic builtin key functionality without it. Signed-off-by: Georgios Vasilakis <[email protected]>
Enable MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for the nRF54L15 since it is always required in order to use the HUKs. This is relevant to the non-TFM target of L15. Signed-off-by: Georgios Vasilakis <[email protected]>
Allow to import a ECC public key even when the algorithm is not set. This is allowed in the other drivers and we observed that some TLS tests don't set the algorithm. Signed-off-by: Georgios Vasilakis <[email protected]>
Remove the test case for Oberon PSA on nRF54L15 since it is not fully suppoted. In nRF54L15 the random driver for Cracen has dependencies on other functionality of the Cracen driver which means that you are forced to enable more driver features in order to get random. Enabling features in Cracen automatically disable the equivalent features in Oberon. Since this case requires random from Cracen most of the Oberon functionality of Oberon will be disabled anyway so we disable it here. Signed-off-by: Georgios Vasilakis <[email protected]>
With a more relevant name Signed-off-by: Georgios Vasilakis <[email protected]>
These will be moved later to the Zephyr file: modules/mbedtls/Kconfig.psa.nordic Placing them here now to minimize the changes in the upmerge Zephyr PR. Signed-off-by: Georgios Vasilakis <[email protected]>
No funtional change here, just fixes spacing issues causing compliance failures in nrf_security and TFM. Signed-off-by: Georgios Vasilakis <[email protected]>
Vge0rge
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
c6ffa89
to
b0be16e
Compare
|
This pull request has been marked as stale because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 7 days. Note, that you can always re-open a closed pull request at any time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current state: Do not merge, Do not review
This pull request adds support for TF-M 2.1.0 and Mbed TLS 3.6.0.
Missing:
The Do not Review statement will be removed once related repositories are synchronized)