Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DONT REVIEW]entropy: Add PSA rng as the entropy provider for the nrf54h20 #17200

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[DONT REVIEW]entropy: Add PSA rng as the entropy provider for the nrf54h20 #17200

wants to merge 6 commits into from
+81 −20

Conversation

Vge0rge
Copy link
Contributor

@Vge0rge Vge0rge commented Sep 5, 2024

No description provided.

@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Sep 5, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Sep 5, 2024
edited
Loading

The following west manifest projects have been modified in this Pull Request:

Name Old Revision New Revision Diff
zephyr nrfconnect/sdk-zephyr@015b317 nrfconnect/sdk-zephyr#2008 nrfconnect/sdk-zephyr#2008/files

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Sep 5, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 35

Inputs:

Sources:

sdk-nrf: PR head: 1a81cacc90c15dfc27d77f73bf17f789dddb8f3b
zephyr: PR head: 0b1e91ca4c2d9605003f7a4cbca05e9719d48645

more details

sdk-nrf:

PR head: 1a81cacc90c15dfc27d77f73bf17f789dddb8f3b
merge base: a07804cccb31616bff75ffb0fcfb81febdbdc016
target head (main): a07804cccb31616bff75ffb0fcfb81febdbdc016
Diff

zephyr:

PR head: 0b1e91ca4c2d9605003f7a4cbca05e9719d48645
merge base: 015b317bc3242161f731a14a76333ad6c5d7f47d
target head (main): 3440378f9918e9ccdfbe6b08edcf0de593f0f0bd
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (19) 
applications
│  ├── matter_bridge
│  │  ├── sysbuild
│  │  │  ├── ipc_radio
│  │  │  │  ├── boards
│  │  │  │  │  │ nrf54h20dk_nrf54h20_cpurad.conf
samples
│  ├── suit
│  │  ├── flash_companion
│  │  │  ├── boards
│  │  │  │  │ nrf54h20dk_nrf54h20_cpuapp.overlay
│  │  ├── smp_transfer
│  │  │  ├── sysbuild
│  │  │  │  │ nrf54h20dk_nrf54h20_memory_map.dtsi
subsys
│  ├── CMakeLists.txt
│  ├── nrf_security
│  │  ├── CMakeLists.txt
│  │  ├── Kconfig
│  │  ├── Kconfig.psa
│  │  ├── include
│  │  │  │ ssf_crypto_config_empty.h
│  │  ├── src
│  │  │  ├── drivers
│  │  │  │  │ Kconfig
│  │  │  ├── ssf_secdom
│  │  │  │  │ Kconfig
west.yml
zephyr
│  ├── boards
│  │  ├── nordic
│  │  │  ├── nrf54h20dk
│  │  │  │  ├── nrf54h20dk_nrf54h20_cpuapp.dts
│  │  │  │  │ nrf54h20dk_nrf54h20_cpurad.dts
│  ├── drivers
│  │  ├── entropy
│  │  │  │ Kconfig.psa_crypto
│  ├── soc
│  │  ├── nordic
│  │  │  ├── nrf54h
│  │  │  │  │ Kconfig
│  ├── tests
│  │  ├── crypto
│  │  │  ├── mbedtls
│  │  │  │  │ testcase.yaml
│  │  │  ├── mbedtls_psa
│  │  │  │  │ testcase.yaml
│  │  │  ├── secp256r1
│  │  │  │  │ testcase.yaml
│  │  ├── subsys
│  │  │  ├── portability
│  │  │  │  ├── cmsis_rtos_v2
│  │  │  │  │  │ prj.conf

Outputs:

Toolchain

Version: b44b7a08c9
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:b44b7a08c9_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
    • sdk-nrf test count: 1680
    • sdk-zephyr test count: 6293
  • ❌ Integration tests
    • ✅ test-sdk-audio
    • ❌ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_cloud
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ❌ test-fw-nrfconnect-rs
    • ✅ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread
    • ✅ test-sdk-find-my
    • ✅ test-sdk-sidewalk
    • ❌ test-low-level
    • ❌ test-sdk-dfu
    • ⚠️ test-sdk-dfu
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-zigbee
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-wifi

Note: This message is automatically posted and updated by the CI

@Vge0rge Vge0rge marked this pull request as ready for review September 24, 2024 10:48
@Vge0rge Vge0rge requested review from a team as code owners September 24, 2024 10:48
@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publishing GitHub Action.

@Vge0rge Vge0rge force-pushed the 54h20_psa_rng branch 7 times, most recently from 114059e to 6ed58b2 Compare September 27, 2024 12:24
@Vge0rge Vge0rge requested a review from a team as a code owner October 1, 2024 07:43
@Vge0rge Vge0rge requested a review from a team as a code owner October 1, 2024 12:40
tomi-font
tomi-font requested changes Oct 3, 2024
View reviewed changes
Copy link
Contributor

@tomi-font tomi-font left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again in this PR you have a commit that is later reverted (nrf_security: Enabled by default for nRF54H20)?

subsys/nrf_security/Kconfig Show resolved Hide resolved
subsys/nrf_security/Kconfig
@@ -30,6 +30,12 @@ config NORDIC_SECURITY_BACKEND
Note that this will enable nrf_oberon by default. Multiple backends is
not supported.

config PSA_SSF_CRYPTO_CLIENT
bool
prompt "PSA crypto provided through SSF"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Define what SSF stands for?

subsys/nrf_security/CMakeLists.txt Outdated
@@ -102,8 +102,29 @@ endif()

set(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG True)

if(CONFIG_PSA_SSF_CRYPTO_CLIENT AND NOT CONFIG_NRF_SECURITY)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So CONFIG_PSA_SSF_CRYPTO_CLIENT is independent from CONFIG_NRF_SECURITY but still using some of its CMake logic? I'm wondering if this can potentially cause some issues...

@endre-nordic endre-nordic added this to the 2.8.0 milestone Oct 18, 2024
@frkv frkv self-requested a review October 18, 2024 08:08
frkv
frkv requested changes Oct 18, 2024
View reviewed changes
Copy link
Contributor

@frkv frkv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are lots of complex additions in this PR that seem to be tailored towards a special case without PSA crypto which is the default enabled and default supported in nRF54H20 devices

@Vge0rge Vge0rge force-pushed the 54h20_psa_rng branch 4 times, most recently from b8fb7cd to 7e9300c Compare October 21, 2024 10:32
@Vge0rge Vge0rge requested a review from a team as a code owner October 21, 2024 17:22
@Vge0rge
Copy link
Contributor Author

Vge0rge commented Oct 23, 2024

Closing this as this PR is doing the same functionality #17819

@Vge0rge Vge0rge closed this Oct 23, 2024
@Vge0rge Vge0rge removed this from the 2.8.0 milestone Oct 24, 2024
@Vge0rge
Copy link
Contributor Author

Vge0rge commented Oct 24, 2024

Reopening to check something on CI

@Vge0rge Vge0rge reopened this Oct 24, 2024
@Vge0rge Vge0rge changed the title entropy: Add PSA rng as the entropy provider for the nrf54h20 [DONT REVIEW]entropy: Add PSA rng as the entropy provider for the nrf54h20 Oct 24, 2024
@tomi-font tomi-font requested review from tomi-font and removed request for tomi-font October 24, 2024 11:38
Vge0rge and others added 6 commits November 1, 2024 10:14
@Vge0rge @tomi-font
nrf_security: Make PSA drivers depend on PSA core
96d4709 
Make all PSA drivers depend on the OBERON_PSA_CORE
since we cannot use the drivers without it.

Signed-off-by: Georgios Vasilakis <[email protected]>
@Vge0rge @tomi-font
manifest: Bring Zephyr with PSA RNG for NRF54H20
4051ac9 
Brings Zephyr changes which automatically enable
the PSA crypto as the entropy generator for Zephyr.

Signed-off-by: Georgios Vasilakis <[email protected]>
@Vge0rge @tomi-font
nrf_security: Make PSA SSF client independent
a90741d 
Add configuration to allow enabling the SSF PSA client
when nrf_security is not enabled.
This is particularly useful for the applications that only
want to use the PSA rng and no other crypto. Enabling
nrf_security in these applications will result to an
increased application footprint and configuration complexity
without any reason.

This configuration provides the PSA implementation
from the secure domain through the SSF client and
it has no configurability yet. So there is no need
to enforce NRF_SECURITY with this configuration.

Signed-off-by: Georgios Vasilakis <[email protected]>
@Vge0rge @tomi-font
application: matter_bridge: Add overlay for 54h20
137ba4b 
Add overlay to reduce the footprint of the matter_bridge
application.

Signed-off-by: Georgios Vasilakis <[email protected]>
@Vge0rge @tomi-font
samples: suit: flash_compantion: Remove prng
f08c004 
Remove prng dts node since this is removed from the
nrf54h20 board file.

Signed-off-by: Georgios Vasilakis <[email protected]>
@tomi-font
samples: suit: smp_transfer: recovery: fix compilation
1a81cac 
The changes to enable PSA RNG on 54H20 made
sample.suit.smp_transfer.recovery overflow ROM on recovery_hci_ipc.
Slightly increase the size of the cpurad_recovery_partition so that
everything fits.

Signed-off-by: Tomi Fontanilles <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frkv frkv frkv requested changes

@tomi-font tomi-font tomi-font requested changes

@endre-nordic endre-nordic endre-nordic approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-zephyr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Vge0rge @NordicBuilder @frkv @endre-nordic @tomi-font