Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch to PSA crypto #311

Merged
merged 1 commit into from
Dec 21, 2023
Merged

Switch to PSA crypto #311

merged 1 commit into from
Dec 21, 2023

Conversation

ArekBalysNordic
Copy link
Contributor

@ArekBalysNordic ArekBalysNordic commented Jul 31, 2023
edited
Loading

Draft PR with PSA Crypto enabled within Matter and OpenThread.

  • Selected OpenThread security PSA Crypto background
  • Switched to PSAOperationalKeystore when CHIP_CRYPTO_PSA is enabled
  • Changed definitions from CONFIG_NORDIC_SECURITY_BACKEND to
    CONFIG_NRF_SECURITY to avoid using MBEDTLS Legacy.

WARNING: PSA Crypto is selected to y by default!

@NordicBuilder NordicBuilder mentioned this pull request Jul 31, 2023
Closed
LuDuda
LuDuda reviewed Jul 31, 2023
View reviewed changes
config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
src/app/server/Server.h Outdated Show resolved Hide resolved
Damian-Nordic
Damian-Nordic approved these changes Aug 1, 2023
View reviewed changes
Copy link
Contributor

@Damian-Nordic Damian-Nordic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you maybe checked what is the flash increase after switching to PSA in the current form?

config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
@ArekBalysNordic
Copy link
Contributor Author

Have you maybe checked what is the flash increase after switching to PSA in the current form?

@Damian-Nordic
With Joiner disabled and PSA Crypto enabled we have 20 kB less Flash occupancy in comparison to MbedTLS Legacy. But for now, RAM usage increased ~14 kB - This is to be verified regarding MbedTLS HEAP size.

@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 2 times, most recently from 0818474 to 8cacd33 Compare August 3, 2023 07:32
@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 2 times, most recently from c9df48f to 76ad65a Compare August 3, 2023 10:44
@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 2 times, most recently from b0ff91b to 8f0fc40 Compare December 4, 2023 10:31
Damian-Nordic
Damian-Nordic reviewed Dec 4, 2023
View reviewed changes
src/platform/Zephyr/PlatformManagerImpl.cpp Outdated Show resolved Hide resolved
src/platform/nrfconnect/CHIPPlatformConfig.h Outdated Show resolved Hide resolved
config/nrfconnect/chip-module/CMakeLists.txt Outdated Show resolved Hide resolved
config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 2 times, most recently from b7fc181 to 38ecf7e Compare December 4, 2023 10:44
@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 4 times, most recently from d6a150f to 64dc85a Compare December 12, 2023 11:50
@ArekBalysNordic ArekBalysNordic marked this pull request as ready for review December 12, 2023 15:08
@NordicBuilder NordicBuilder mentioned this pull request Dec 12, 2023
Merged
@ArekBalysNordic ArekBalysNordic force-pushed the switch_to_psa branch 4 times, most recently from b392f8c to 571de91 Compare December 19, 2023 08:28
kkasperczyk-no
kkasperczyk-no reviewed Dec 19, 2023
View reviewed changes
config/nrfconnect/chip-module/Kconfig.defaults Outdated Show resolved Hide resolved
config/zephyr/Kconfig Outdated Show resolved Hide resolved
@ArekBalysNordic
Copy link
Contributor Author

@kkasperczyk-no @Damian-Nordic I've removed the experimental from the CHIP_CRYPTO_PSA kconfig. Please look at the newest version of the commit once again.

@ArekBalysNordic
[nrf noup] Add PSA crypto usage and enable by default.
ff434dc 
- PSA Crypto API can be disabled by setting
the CONFIG_CHIP_CRYPTO_PSA config to "n".

- Selected OpenThread security PSA Crypto background

- Enabled required PSA_WANT configs

- Extended maximum PSA key slots to fit Matter requirements.
@ArekBalysNordic ArekBalysNordic merged commit f185cba into nrfconnect:master Dec 21, 2023
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Damian-Nordic Damian-Nordic Damian-Nordic approved these changes

@kkasperczyk-no kkasperczyk-no kkasperczyk-no approved these changes

@LuDuda LuDuda Awaiting requested review from LuDuda

@markaj-nordic markaj-nordic Awaiting requested review from markaj-nordic

Assignees
No one assigned
Labels
app config crypto nrf connect platform zephyr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ArekBalysNordic @LuDuda @kkasperczyk-no @Damian-Nordic