-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do Not Review: Upmerge TF-M v2.1.0 Mbed TLS v3.6.0 (only for testing) #17229
Open
frkv
wants to merge
104
commits into
nrfconnect:main
Choose a base branch
from
frkv:upmerge-TF-M-2.1-mbedtls-3.6
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+5,576
−32,155
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frkv
requested review from
Vge0rge,
stephen-nordic,
magnev,
tomchy,
ahasztag,
hakonfam,
alstrzebonski,
MarekPieta,
kapi-no,
tejlmand,
a team,
oyvindronningstad,
rlubos,
lemrey,
anangl,
krish2718,
sachinthegreen and
rado17
as code owners
September 9, 2024 08:16
github-actions
bot
added
doc-required
PR must not be merged without tech writer approval.
changelog-entry-required
Update changelog before merge. Remove label if entry is not needed or already added.
labels
Sep 9, 2024
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:more detailsGithub labels
List of changed files detected by CI (0)
Outputs:ToolchainVersion: Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
September 9, 2024 13:29
9e9e629
to
2b7911e
Compare
frkv
requested review from
carlescufi,
a team,
grochu,
maje-emb,
wentong-li and
bama-nordic
as code owners
September 9, 2024 13:29
fixup! crypto: Cleaning up PSA driver and core CMake logic -This improves include paths (putting things closer to where they are generated/imported -This ensures that legacy-world gets access to the include folders for nrf_cc3xx_platform and oberon imported libs without depending on PSA core build -This removes some return-guards which may be considered to be added on again (to resolve a CMake/linking issue) (fixup of commit fc0112a) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Adding threading support for PSA core (fixup of commit 0667ab2= Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit adds nrf_security_add_zephyr_options_library which adds includes from the zephyr_interface without PSA crypto interface configurations (include-folder addition where nrf-crypto.h is added) -Moving calls to nrf_security_add_zephyr_options closer to where the libraries are built (cleanup) -Made Oberon, CRACEN and core use nrf_security_add_zephyr_options_library Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: PSA core: Add psa_crypto_config and psa_crypto_library_config (fixup of commit cbf737a) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
until post-Breathe era becomes a reality. Ref: nrfconnect#17251 Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
…ackend fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This enables MBEDTLS_PSA_CRYPTO_KEY_ENCODES_OWNER to allow for NORDIC_SECURITY_BACKEND being used as a configuration when building with TF-M (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This commit ensures that md/pk etc. is not added when building inside TF-M. There is a define called MBEDTLS_PSA_CRYPTO_SPM that is used as a signal that the SPM partition is going to be buitl, but unfortunately this configuration is too vague in our current build (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Adding threading support for PSA core -This resolves an issue with CRACEN builds where trying to get a proper link to kernel involves using kernel library by full path to avoid issues in build. -Make includes local for nrf_security_mutexes/events -Establish nrf_security_utils library to localize the issue and to try to find a better way to resolve this in the future Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Fix legacy API support for TLS/DTLS and X.509 -This commit is unfortunate, but it is required as there is no cleanliness to legacy symbols in non SPM targets in TF-M. This commit can be changed with a properly supported BUILD_INSIDE_TFM or similar signal (fixup of commit da97260) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Cleaning up PSA driver and core CMake logic -This commit resolves some path-issue with HUK library where APIs internal to PSA crypto is required to be accessible in PSA crypto interface scope. Exposing the CRACEN API towards NCS libraries is currently unavoidable. (fixup of commit fc0112a) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
This is requires because sample documentation uses the table-from-sample-yaml directive. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Zephyr has increased usage of :zephyr:code-sample:, also some have changed their name. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Redirects are now validated against all available documents within a docset, so we cannot have random redirects to external docsets. Delete entries which were crossing boundaries, these will need to be handled manually somewhere else. Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Fix ieee802154/802154_rpmsg path in CMake and sysbuild conf. Signed-off-by: Dawid Przybylo <dawid.przybylo@nordicsemi.no>
Align the usage of net_buf_put/get to use k_fifo_put/get as recommended per Zephyr upstream. Signed-off-by: Dominik Chat <dominik.chat@nordicsemi.no>
fixup! tf-m: Add support for building PSA core externally -This adds include for /nrf/include/tfm which has a file used for builtin key support. This is using the same mechanism as other types of paths passed to TF-M (fixup of commit 96a5924) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Adding threading support for PSA core -This commit ensures the appropriate linking from nrf-security_utils to libraries in tf-M related to low-level OS integration like the addition of __assert.h and the debvug log used whe asserts happen -This commit also moves nrf_security_utils into private scope for mbedcrypto-base and cracen PSA crypto library Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This fixes build warnings for certain samples for BLE Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: legacy: Enable more PSA core/crypto awareness -This commit enabled MBEDTLS_WANT_KEY_TYPE_AES for any cipher-usge (by select) -This commit resolves PSA_WANT_ALG_ECB_NO_PADDING when MBEDTLS_CMAC_C is set -The changes is made to conform with check_config.h (fixup of commit 39f2cbc) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Cleaning up PSA driver and core CMake logic -This commit changes link dependency on nrf_cc3xx_core_imported towards psa_crypto_config (was _config_library) to prevent propagation of multiple sets of configs -Same also done for mbedcrypto-oberon_mbedtls_imported Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-Changed z_reserve_fd => zvfs_reserve_fd -Changed z-free_fd => zvfs_free-fd -Changed z_finalize_fd => zvfs_finalize-fd -Bonus points: fixed comments referencing the non-existent APIs, as well Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-One of the structures in this file was using K_THREAD_STACK_MEMBER which didn't exists. Added a define to point to K_KERNEL_STACK_MEMBER in the header-file to resolve some build issues Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Aligned the Softdevice controller with the BT_CTLR_CRYPTO_SUPPORT Kconfig from upstream. Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
September 19, 2024 12:10
e72767c
to
2a4811c
Compare
-This enables two missing configurations for this test: CONFIG_MBEDTLS_SHA256_C CONFIG_MBEDTLS-LEGACY_CRYPTO_C Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
-This commit allows unused functions for Oberon PSA crypto driver Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: legacy: Enable more PSA core/crypto awareness -Resolving PSA_WANT_ALG_STREAM_CIPHER if MBEDTLS_CHACHA20_C is set (fixup of commit 39f2cbc) Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
fixup! crypto: Cleaning up PSA driver and core CMake logic -PRIVATE doesn't work for target_sources Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
September 19, 2024 13:45
b2770fd
to
301add1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
ble mesh
Label for ble mesh PRbot. Add this if PR is related to ble mesh and you need to get review.
DNM
doc-required
PR must not be merged without tech writer approval.
manifest
manifest-hostap
manifest-matter
manifest-mbedtls
manifest-mcuboot
manifest-memfault-firmware-sdk
manifest-nrfxlib
manifest-oberon-psa-crypto
manifest-tf-m-tests
manifest-trusted-firmware-m
manifest-zephyr
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current state: Do not merge, Do not review
This pull request adds support for TF-M 2.1.0 and Mbed TLS 3.6.0.
Missing:
The Do not Review statement will be removed once related repositories are synchronized)