Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DNM] Upmerge TF-M v2.1.0 Mbed TLS v3.6.0 #15

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
Open

[DNM] Upmerge TF-M v2.1.0 Mbed TLS v3.6.0 #15

wants to merge 25 commits into from
+41,845 −44,472

Conversation

frkv
Copy link
Contributor

@frkv frkv commented Sep 9, 2024

This rewrites the history for sdk-oberon-psa-core so it only includes the released (updated tags of the Oberon PSA core deliverables) with a smaller list of [nrf noups] at the top

The current version of Oberon PSA core is v1.3.0

For reviewers, the tree should contain the tags up to and including v1.3.0 with noup after that
The noups should be reviewed as normal

Note: There needs to be a snapshot created for sdk-oberon-psa-core to ensure we have a proper history for NCS 2.7.0

oberon-sk and others added 12 commits February 29, 2024 13:36
@oberon-sk
Update CHANGELOG.md
4369c94 
Update Release 1.2.1 link.
@cpfister
Release 1.2.2
d72a4ba
@cpfister
Update CHANGELOG.md
185d1d1
@oberon-sk
Update CHANGELOG.md
1077680 
Add missing change.
@cpfister
Release 1.2.3
6341da9
@cpfister
Release 1.3.0
8c74146
@frkv
[nrf noup] Remove duplicated legacy Mbed TLS header files
8853894 
-Remove legacy header files from oberon-psa-crypto that are duplicates
 of files from standard Mbed TLS distribution (modules/crypto/

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@Vge0rge @frkv
[nrf noup] Remove redefinition ECC_MAX_CURVE_BITS
676e65f 
-This removes the redefinition of the define
 PSA_VENDOR_ECC_MAX_CURVE_BITS which we allow to
 be set in our configuration file from nrf security.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@Vge0rge @frkv
[nrf noup] Add missing brainpool key sizes
57029f3 
The core doesn't include some brainpool key
sizes, this change adds these bit sizes:
160
192
224
256
320

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@Vge0rge @frkv
[nrf noup] Remove oberon_config.h inclusion
7248c60 
We don't use the file in our system, we use the
generated headers (nrf-config.h and nrf-config-user.h)
from nrf_security.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@Vge0rge @frkv
[nrf noup] Make Oberon PSA hash operation static
18dd07c 
The PSA driver for CryptoCell uses the PSA crypto driver
wrapper calls for the hash operation.

The Oberon context size therefore needs to be static.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@SebastianBoe @frkv
[nrf noup] Turn the repo into a Zephyr module
77f3bda 
Turn the repo into a Zephyr module so we can use the
ZEPHYR_bla_bla_MODULE_DIR CMake variable.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@NordicBuilder NordicBuilder mentioned this pull request Sep 9, 2024
Open
SebastianBoe and others added 13 commits September 10, 2024 10:32
@SebastianBoe @frkv
[nrf noup] Align build_info.h with Mbed TLS 3.6.1
89285d3 
-This updates the build_info.h to match with Mbed TLS v3.6.1 distribution
 and is done to ensure that legacy support and TLS/DTLS and X.509 support

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@vili-nordic @frkv
[nrf toup] Support builtin keys with CMAC KDF
050fc1f 
Patch to enable more key types for KDF.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@mswarowsky @frkv
[nrf noup] keys: Add plausibility checks for ECC keys
4e3141b 
Add checks for the key attributes, key sizes and a zero check
for ecc keys for importing keys.

Also a attribute check for psa_generate_key.

This was [nrf fromlist] and is now [nrf noup]

Upstream PR:oberon-psa-crypto-nrf/pull/15 (closed)

Ref: NCSDK-24820

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@Vge0rge @frkv
[nrf noup] library: psa_crypto_storage.c error
0a93307 
The psa_crypto_storage_store retuns DATA_INVALID for
all the error codes coming from psa_its_set.
This causes some issues for our testing infanstructure
since it doesn't follow the PSA spec recomendation
for return codes.

This was a [nrf fromlist] but it has become a [nrf noup]

Upstream PR: pull/14 (Closed)

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@stephen-nordic @frkv
[nrf noup] testspec: Add test spec to run crypto and TF-M tests
5724fe6 
Run crypto and TF-M tests on sdk-nrf downstream

Signed-off-by: Stephen Kingston <stephen.kingston@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@vili-nordic @frkv
[nrf noup] Adjust range for builtin keys
3907b92 
Opens the full range of vendor keys to be used via builtin key
mechanism.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
@vili-nordic @frkv
[nrf noup] Allow import and destroy of builtin keys
373f6dd 
Adds the capability of import and destroying persistent keys
that are "builtin" i.e. handled fully by PSA driver implementation.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@Vge0rge @frkv
[nrf toup] Add missing defined oberon_key_derivation.c
e71f27f 
In line 568 of this file we use this function when either of
these two defines are set:
defined(PSA_NEED_OBERON_TLS12_PRF) ||
defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS)

Add these two defines here as well to avoid a missing
function warning that we are getting.

Upstream PR: oberon-psa-crypto-nrf/pull/16

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@vili-nordic @frkv
[nrf noup] Don't ignore error code
58dbf90 
Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@frkv
[nrf noup] PSA key attribute ABI compliance
c3443d2 
Patch to make server and client attributes compatible.
Oberon will support this in the future.

Reworked from commit 5bfe42c
Reworded due to psa_core_key_attributes_t being removed in Mbed TLS 3.6.0

The psa_core_key_attributes_t declaration is now integrated into
psa_key_attributes_s and the macro PSA_CORE_KEY_ATTRIBUTES_INIT
has been replaced with PSA_KEY_ATTRIBUTES_INIT.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@frkv
[nrf noup] psa: Using simpler initialization for operation structs
0de74c2 
-This simplifies PSA crypto operation struct initialization to
 better tailor to the SSF use-case. This simplifies the initializers
 to only be empty brackets, assuming zero-initialized structs
 without the added complexities of writing every sub-type out.
 This is done to prevent compilation warnings for PSA crypto builds.

Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@frkv
[nrf noup]: Change attributes-type to pointer (was struct)
825a7fd 
-This comes from a change in Mbed TLS 3.6.0 where the attributes
 type has changed (was wrapped type before)

Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@frkv
[nrf noup]: fix mbedtls_psa_crypto_configure_entropy_sources symbol
b8dfab5 
-This is a [nrf noup] as we are using MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
 more actively then Oberon PSA core. This commit ensures we are only
 enabling mbedtls_psa_crypto_configure_entropy_sources when
 entropy/rng is not enabled by external sources

Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
@frkv frkv force-pushed the upmerge-TF-M-2.1-mbedtls-3.6 branch from 3bfc741 to b8dfab5 Compare September 10, 2024 08:45
@NordicBuilder NordicBuilder mentioned this pull request Sep 11, 2024
Open
@frkv frkv force-pushed the upmerge-TF-M-2.1-mbedtls-3.6 branch from 70b9836 to b8dfab5 Compare September 20, 2024 10:56
@NordicBuilder NordicBuilder mentioned this pull request Sep 23, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@frkv @oberon-sk @cpfister @Vge0rge @SebastianBoe @vili-nordic @mswarowsky @stephen-nordic