DNM: PSA crypto init generic in POST_KERNEL (any device using nrf_security) #20254
+1,851
−5,071
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frkv
requested review from
a team,
trantanen,
tokangas,
stephen-nordic,
magnev,
carlescufi,
Frodevan,
adamkondraciuk,
wentong-li,
bama-nordic and
gmarull
as code owners
This test is not really useful in NCS context (checking if the nRF Wi-Fi driver can be built successfully is done by other tests and samples), and it requires the hal_atmel module to be pulled in (because the WINC1500 driver requires two header files that are located in that module). And the module weights ~87 MB, so it's not reasonable to pull it in just for this one test. Signed-off-by: Andrzej Głąbek <[email protected]>
Fixes an issue with stream writer by providing the size of the partition Signed-off-by: Jamie McCrae <[email protected]>
Change posix names to zsock in nrf_cloud lib. Signed-off-by: Maximilian Deubel <[email protected]>
Some sdk-zephyr tests and samples reports issues due to RAM overflow issues. Refers: NCSDK-31667 NCSDK-31671 Signed-off-by: Katarzyna Giądła <[email protected]>
Applications `applications.nrf_desktop.zrelease` and `applications.nrf_desktop.zdebug` report RAM overflow. Therefore, applications on listed platforms are moved to quaratine. Refers: NCSDK-31675 Signed-off-by: Katarzyna Giądła <[email protected]>
PSA requires large stacks, especially on 54. Signed-off-by: Sean Madigan <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Test configurations with secure_storage should be move to quarantine due to issues on native_sim platform. Signed-off-by: Katarzyna Giądła <[email protected]>
Clang is not available in our toolchain, therefore test kernel.common.toolchain will fail. Signed-off-by: Katarzyna Giądła <[email protected]>
`nanopb_BUILD_RUNTIME` is not an option to be passed to nanopb, but rather a cmake one, so set it to off in the proper way. The previous invalid form was not working as intended and only by chance not causing any problems. With a correction that was applied in the nanopb module (removal of leading space before the first -I directive passed to nanopb), this behavior changed and because of that the generation could not be performed correctly. Signed-off-by: Andrzej Głąbek <[email protected]>
Use zsock_addrinfo to avoid dependency on the POSIX subsystem. Remove CONFIG_POSIX_API from provisioning tests. Signed-off-by: Juha Ylinen <[email protected]>
... because this causes conflicting types compilation errors in library files it uses. Signed-off-by: Andrzej Głąbek <[email protected]>
Test scenarios `shell.device_filter` and `init.check_init_priorities` should be fixed in Zephyr first. Signed-off-by: Katarzyna Giądła <[email protected]>
-Ensuring psa_crypto_init is called before PSA crypto APIs are used in case the subsystem is not calling psa_crypto_init() -Also adds a kernel panic if there is a failure to initialize Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-Changing default y for nrf_security to use DT_HAS_ZEPHYR_PSA_CRYPTO_RNG_ENABLED instead of depending on ENTROPY_PSA_CRYPTO_RNG. Doing this avoids a dependency loop on ENTROPY_GENERATOR Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-This commit is only used to enact testing. The dependency for PR nrfconnect#2464 to the previous commit is inherent, but we would like to have a commit that is pickable in the upmerge Signed-off-by: Frank Audun Kvamtrø <[email protected]>
This is required by PSA in NCS, so make sure it is selected NRF_SECURITY_ENABLER. Signed-off-by: Sean Madigan <[email protected]>
-Enabling ENTROPY_GENERATOR for BT_HOST_CRYPTO_PRNG and BT_ECC as a workaround of having ENTROPY_GENERATOR in sample/tests Also the heap size required for bsim is larger than on actual target, reason unknown. Signed-off-by: Sean Madigan <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
The NRF_RNG_ENTROPY_DRIVER provides entropy though the PSA APIs. This is used to seed/reseed the Oberon PSA random drivers (CTR_DRBG/HMAC_DRBG). Before this was only used to allow enabling this PSA driver with the devices which use the DT label 'rng'. We extend that now to allow this driver to be used with the fake entropy node which uses the DT label 'prng'. This is needed to unblock development until real RNG is enabled for all the needed applications/samples. In practice this means that when 'prng' is enabled a device can generate random numbers with the psa_generate_random call. Signed-off-by: Georgios Vasilakis <[email protected]>
-Adding CONFIG_MBEDTLS_FORCE_LEGACY_MD for cc3xx/oberon legacy psa_tls to avoid that MBEDTLS_MD_SOME_PSA is getting set Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-Fixes issues with nRF54H20 and nRF5340dk in upmerge. This can be seen as a workaround -Adjusting board-files for central_uart and peripheral_uart for nRF5340 and nRFH20 cpuapp Signed-off-by: Frank Audun Kvamtrø <[email protected]>
-HKDF reports errors when MBEDTLS_MD_SOME_PSA is set. Setting this configuration to avoid trying to resolve with PSA APIs. This configurations and these tests to be removed with more standardization on PSA crypto Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Increased stack sizes to prevent the stack overflows. Jira: NCSDK-31374 Signed-off-by: Mateusz Kapala <[email protected]>
frkv
force-pushed
the
psa_crypto_init_generic
branch
from
44c7427 to
91acdd9
Compare
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:sidewalk: PR head: 8d39cc8eaaa3a58005259a4d6b02dbcec8755adb more detailssidewalk:
trusted-firmware-m:
sdk-nrf:
mcuboot:
nrfxlib:
find-my:
mbedtls:
zcbor:
hostap:
zephyr:
Github labels
List of changed files detected by CI (12825)File list hidden for private repositories. Outputs:ToolchainVersion: 342151af73 Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
|
You can find the documentation preview for this PR at this link. Note: This comment is automatically posted by the Documentation Publish GitHub Action. |
Memory footprint analysis revealed the following potential issuesapplications.nrf_desktop.zdebug.uart.kmu_provision[nrf54l15dk/nrf54l15/cpuapp]: RAM size increased by 6844[B] in comparison to the main[a3b7e57] branch. - link (cc: @MarekPieta) Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-20254/3) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Just for test
Just for testing. Changes will be taken in #19720 if this works
test_low_level: PR-1765
test_rs: PR-1483
test_fem: PR-1483
test_ble_mesh: ble_mesh_upmerge_test
test_crypto: PR-750
test_suit_dfu: PR-450
test_tfm: PR-194
test_secdom_samples_public: NCSDK-NONE_upmerge_jan2025
test_audio: PR-294
test_wifi: sdk-nrf-pr-19720