Service for powering peripherals that use GPIO pins
in the global power domains:
- Active Fast
- Active Slow
- Main Slow
Signed-off-by: Rafal Dyla <rafal.dyla@nordicsemi.no>
Add crypto module test kconfig option
CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_TEST,
which is default n and hidden.
It is only available by developer for crypto module test.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
The previous NET_EVENT_SUPPLICANT_CMD_INT_EVENT is from
"enum net_event_supplicant_cmd" but the supplicant_send_wifi_mgmt_event()
has the event parameter as an "enum net_event_wifi_cmd" and those event
number spaces are different.
This meant that the wrong event value NET_EVENT_SUPPLICANT_CMD_INT_EVENT
maps to NET_EVENT_WIFI_CMD_TWT (from "enum net_event_wifi_cmd") which
fortunately did not cause issue in this case because the
supplicant_send_wifi_mgmt_event() has no handling for this TWT event value.
It is important we fix this as this can cause great confusion in the
future.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Uses imgtool directly to sign images instead of calling west sign,
this also removes the MCUBOOT_CMAKE_WEST_SIGN_PARAMS Kconfig option
as this has no effect
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a Kconfig which can be selected when building for firmware
updater mode to select if this is the application or the firmware
updater image that is being built
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Save information regarding SVD file in use in vendor-specific section
of the build info file.
Information is stored under Nordic section.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
When building with `MBEDTLS_PSA_CRYPTO_C` enabled, compile in the
PAKE (Password-authenticated key exchange) implementation.
Signed-off-by: Jordan Yates <jordan@embeint.com>
The new GRTC reading manner of the SYSCOUNTER uses hardware mechanism which
allows to keep it alive when any of CPUs is not sleeping. Otherwise
the SYSCOUNTER goes into sleep mode. Thus there is no
longer need to maintain the `CONFIG_NRF_GRTC_SLEEP_ALLOWED` symbol, however
if the user wants to have the SYSCOUNTER enabled all the time the
`CONFIG_NRF_GRTC_ALWAYS_ON` can be used instead.
The nrfx_grtc driver no longer provides the `wakeup-read-sleep` reading
manner.
Also setting the GRTC clock source is performed by the nrfx_grtc driver so
it has been removed from the `sys_clock_driver_init()` function.
Signed-off-by: Adam Kondraciuk <adam.kondraciuk@nordicsemi.no>
Using a separate workqueue causes issues without any special locking to
synchronize with networking threads e.g., interface being removed while
the workqueue is trying to synchronize with WPA supplicant.
It's easier to use the net_mgmt thread which is in better sync with
networking.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In case of error conditions post successfully sending the message, the
event is already freed but we attempt to free it again.
Rejig the labels to easily reflect thier purpose.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When an event is sent the receiver gets is asynchronously and hence is
responsible for free the event, the sender should only free in case of
error conditions i.e., unable to send.
Else, this causes a tough to debug double-free.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In case WPA supplicant disabled DPP, we need to compile out the
corresponding DPP code in Wi-Fi shell too.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
With the secure storage subsystem now providing an implementation of
the PSA ITS API, let Mbed TLS use it when it's enabled.
This allows the use of persistent keys in the PSA Crypto API.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add `OPENTHREAD_STORE_FRAME_COUNTER_AHEAD` Kconfig option
and set it to 100000, as after calculations it appears to
be a more suitable value.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
Enable Cortex R8 support, similar to Cortex-R5.
Signed-off-by: Krzysztof Sychla <ksychla@antmicro.com>
Signed-off-by: Marek Slowinski <mslowinski@antmicro.com>
Signed-off-by: Piotr Zierhoffer <pzierhoffer@antmicro.com>
Signed-off-by: Mateusz Hołenko <mholenko@antmicro.com>
The LVGL input callback does not use an instance specific name, so we
can only ever have one instance of this type. This issue was evident by
a build error, e.g., when using "zephyr,lvgl-keypad-input" nodes twice:
error: redefinition of '_input_callback__lvgl_keypad_process_event'
Signed-off-by: Gero Schwäricke <gero.schwaericke@posteo.de>
The security check case statements were in frequency band
setting checks. This is totally wrong and will cause compiler
warnings. Moving the checks to correct function.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
In order to be able to ifdef based on `CONFIG_RUST`, the config must be
defined in the main repo (because the rust module is optional). Add
this as a placeholder. If the module is not availabe, the symbol will
be present, and always disabled. The module will provide a full
definition for the Kconfig.
Signed-off-by: David Brown <david.brown@linaro.org>
By default, TFM enables hardware rollback protection, which requires a
security counter to be embedded in the image trailer. The default
behaviour of constructing this counter from the image version breaks the
TFM `boot_nv_security_counter_update` implementation once the version
number is greater than `0.0.1024`. As such, explicitly specify the
desired security counter value. As per the MCUboot docs, this does not
need to be incremented on every firmware update.
Signed-off-by: Jordan Yates <jordan@embeint.com>
For add_interface(), only add STA interface when hostapd enabled,
and the Soft-AP interface will be added in zephyr_hostapd_init().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
DVFS medlow oppoint should use trim entry index 2,
this needs to be updated in hal/hal_nordic.
Currently this is not possible because of time
constraints that is why this temporary patch
is applied. This is the only point where
new_f_trim_entry is used.
Signed-off-by: Lukasz Stepnicki <lukasz.stepnicki@nordicsemi.no>
This defines raspberrypi,pico-xosc along with a configurable startup
delay multiplier. On some boards, the XOSC takes longer to stabilize.
Signed-off-by: Xudong Zheng <7pkvm5aw@slicealias.com>
When we have coexistence of hostapd and wpa_supplicant,
wpa_msg has different implementation.
So to let them work together, we need to have common implementation
for wpa_msg and dispatch msgs for hostapd and wpa_supplicant.
So add register zephyr_hostap_ctrl_iface_msg_cb,
and judge if ctx is hostapd by the first integer where ctx points to.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Hostapd has TODO in hostapd_dpp_handle_config_obj,
to save DPP connector using wpa_msg.
AP DPP needs to use dpp_connector, dpp_netaccesskey and dpp_csign
in DPP Peer Discovery handshake in hostapd_dpp_rx_peer_disc_req.
So add AP DPP wpa_msg event handler to store these info.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add hostapd mgmt ops, some use same api as wpa_supplicant,
and DPP use different ops.
supplicant_dpp_dispatch use wpa_cli and hapd_dpp_dispatch use hostapd_cli.
And use common DPP param parse.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
There are HCI drivers which reference the module-specific Kconfig symbols
which are auto-generated when the modules are present. Provide default
definitions for these symbols in case the modules are missing, so that
compliance checking doesn't stumble over seemingly non-existent Kconfig
options.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
This commit introduces the option to place the mbed TLS heap in a custom
memory section. The heap might be quite large depending on concurrent
TLS connections, thus it might be needed to place this manually
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
According to Mbed TLS changelog this feature was set default ON
since 3.1.0 release, so the build symbol is no more available.
This commit removes it from Zephyr.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The RADIO and RADIO_TIMER HAL modules will be required to
implement BLE support for STM32WB0 series.
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
Mbed TLS automatically sets PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_BASIC
whenever "_IMPORT || _EXPORT || _GENERATE || _DERIVE" operations
are set. Therefore we just set the proper actions where required.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add null termination of ssid and psk. If user pass ssid,
psk without null terminator it will add by default.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
For some systems, the display peripheral or GPU requires that buffers be
aligned on a boundary for optimal performance. We already align display
buffers using CONFIG_LV_ATTRIBUTE_MEM_ALIGN_SIZE, but some applications
will rely on the definition of LV_ATTRIBUTE_MEM_ALIGN. Provide this
definition so those buffers will be aligned as well.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Add condition for KConfig Renesas FSP hal module
Move the DUAL_BANK_MODE from SOC to flash driver KCONFIG
Signed-off-by: Duy Nguyen <duy.nguyen.xa@renesas.com>
Taking a cue from `nrfx/templates`, introduce this file so that it can
be overridden out-of-tree to add external nRF product definitions.
Signed-off-by: Grzegorz Swiderski <grzegorz.swiderski@nordicsemi.no>
Add new binding and a node to nrf54h20. Update Kconfig and nrfx_config
to include nrfx_tbm driver when node with that compatible is enabled.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
The default Max A-MPDU length is 8191 shown in the VHT Cap Info from
SAP's beacon/Assoc response, and this length is read from
hapd->iface->conf->vht_capab. It will lead to the AMPDU only contains
5 packets and the throughput is only 60Mbps for 1x1 HE case in 5GHz.
Change the default vht_capab to VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX
(1048575), and the throughput can be increased to 83Mbps.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Require the presence of the nrf-regtool package as well as its exact
version, failing the build whenever the required version is not found in
the system.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Adds support for settings/getting RTC time and using alarm/update feature.
The alarm option needs all fields to be set due to a hardware limitation.
RTC shares the same interrupt with the watchdog. Thus shared
interrupts must be enabled when WDT and RTC both need to trigger the ISR.
Signed-off-by: Andriy Gelman <andriy.gelman@gmail.com>
When build with the psa_crypto_driver, it will try to include common.h
of mbedtls, but actually include the common.h from hostap, and causes
build error of undefined symbol. Use zephyr_interface_library_named
to define hostap, and other modules needs to link the library of hostap
when wants to use the header file in /utils path, such as the common.h.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
WIFI_NM_WPA_SUPPLICANT_CRYPTO_MBEDTLS_PSA should not be by default
selected when WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT is selcted. Enable
PSA APIs if desired separately.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
Set WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT as the default crypto
configuration. The crypto ALT implementation contains the necessary
crypto operations and also allows the user to choose PSA or non PSA
crypto operation.
Signed-off-by: Vivekananda Uppunda <vivekananda.uppunda@nordicsemi.no>
This option switches support for multiple volumes on the physical drive. By
default (0), each logical drive number is bound to the same physical drive
number and only a first FAT volume found on the physical drive will be
mounted.
When this function is enabled (1), each logical drive number can be bound
to arbitrary physical drive and partition listed in the VolToPart[].
The VolToPart[] is expected to be provided by Zephyr application.
For example, 2 FAT partition on SD disk ("SD" index 3) in terms of Zephyr:
{3, 1} - mount point "/0:"
{3, 2} - mount point "/1:"
The mount points have to be numbered in this case.
Code example of mounting a second FATFS partition places on SD-card:
static FATFS fat_fs;
static struct fs_mount_t mp = {
.type = FS_FATFS,
.fs_data = &fat_fs,
.mnt_point = "/1:
};
/*
* 2 FAT partition on SD disk
* PARTITION.pd - Physical drive number. "SD" has index 3 in terms of
* Zephyr (see FF_VOLUME_STRS)
* PARTITION.pt - Partition (0:Auto detect, 1-4:Forced partition). So 1 for
* the first FATFS partition and 2 - for second.
*/
PARTITION VolToPart[FF_VOLUMES] = {
[0] = {3, 1}, /* "0:" ==> 1st partition on the pd#0 */
[1] = {3, 2}, /* "1:" ==> 2nd partition on the pd#0 */
[2] = {0, -1}, /* "2:" ==> 3rd partition on the pd#0 */
[3] = {0, -1},
[4] = {0, -1},
[5] = {0, -1},
[6] = {0, -1},
[7] = {0, -1},
};
fs_mount(&mp);
Signed-off-by: Grygorii Strashko <grygorii_strashko@epam.com>
The Kconfig option enables support for 64-bit LBA, which also allows
to enable GUID Partition Table (GPT) support.
Signed-off-by: Grygorii Strashko <grygorii_strashko@epam.com>
Issue:
Kconfig WIFI_AIROC should not depend on infineon SOC family selection
for the connection. See issue#77012 for details.
Fix:
- update modules/hal_infineon/Kconfig to be able enable
USE_INFINEON_ABSTRACTION_RTOS for non Infineon SOC family.
Signed-off-by: Nazar Palamar <nazar.palamar@infineon.com>
Link mode shows unknown when legacy (A or bg only) device connects to
APUT. Set the link mode to WIFI_2 when the host freq over 4000 and set
link mode to WIFI_3 when the host freq over 2000.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
Added new flag CONFIG_WIFI_NM_HOSTAPD_AP for hostapd support. Once this
flag is enabled, softAP will be setup by hostapd. Both wpa_supplicant
and hostapd uses same task and eloop.
Included necessary hostapd files when compiling wifi samples if
CONFIG_WIFI_NM_HOSTAPD_AP is enabled. Added hostapd support for all
softAP command of L2 wifi shell commands.
Signed-off-by: Hui Bai <hui.bai@nxp.com>
This is the bare minimum and includes the SoC, pinctrl, flash and
devicetree.
I had to include the flash driver that early because I couldn't make
Zephyr compile without flash driver nodes in the device tree.
Signed-off-by: Michael Zimmermann <michael.zimmermann@grandcentrix.net>
This commit just moves some code around. For sake of cleanliness
a new file is added to hold the entropy parsing functions
for Mbed TLS.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is meant to be used only for tests on platforms where CSPRNG
sources are not available. It should not be used in production.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Improve the description of both MBEDTLS_PSA_CRYPTO_LEGACY_RNG and
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG kconfig symbols.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
- Slightly improve the name of this kconfig adding the suffix
_POLL in order to highlight that this adds a callback
function used to poll data.
- Description was also updated to point out that this symbols
might not only use the (secure) entropy driver, but also
generic number generators, some of which are not really
secure.
- The symbol was move from Kconfig to Kconfig.tls-generic because
this is where MBEDTLS_ENTROPY_C is located and since
MBEDTLS_ENTROPY_HARDWARE_ALT depends on the former (it only
makes sense if the entropy module is also enabled), we add
also the "depends on".
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
ENABLED suffix does not really makes much sense for a kconfig
so it should be removed. Also other MBEDTLS symbols were recently
updated accordingly.
Moreover having it named exactly the same way as in Mbed TLS
symplifies the understanding of what this kconfig is doing.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Enable the `MBEDTLS_PEM_WRITE_C` mbedtls configuration option when
`CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT` is selected.
Signed-off-by: Simone Orru <simone.orru@secomind.com>
Initial commit for entropy support on RA8
- drivers: entropy: implementation for TRNG driver of RA8x1
- dts: arm: add device node for trng of RA8x1
- boards: arm: enable support zephyr_entropy for ek_ra8m1 and
update board documentation
Signed-off-by: The Nguyen <the.nguyen.yf@renesas.com>
Signed-off-by: Duy Phuong Hoang. Nguyen <duy.nguyen.xa@renesas.com>
The nRF9280 is a SiP (System-in-Package) consisting of the nRF9230 SoC
and additional components such as PMIC and others. Additionally,
the nRF9230 contains several CPUs, similarly to the nRF54h20 SoC.
Update nrfx glue, and add necessary Kconfig and initialization code
to allow building for nRF9280 targets: CPU, Radio and PPR cores.
The nRF9280 is used for all user build targets and Kconfigs,
whereas the nRF9230 is used as the build target for the MDK.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Co-authored-by: Andreas Moltumyr <andreas.moltumyr@nordicsemi.no>
MCUX ehci controller driver support cache maintenance if
USB_DEVICE_CONFIG_BUFFER_PROPERTY_CACHEABLE is enabled.
Enable USB_DEVICE_CONFIG_BUFFER_PROPERTY_CACHEABLE if
CONFIG_UDC_BUF_FORCE_NOCACHE is false and CONFIG_NOCACHE_MEMORY
is true.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.
A real application can set certificates at runtime too.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
First commit to support serial driver running on r_sci_uart for Renesas
RA devices.
Signed-off-by: The Nguyen <the.nguyen.yf@renesas.com>
Signed-off-by: Duy Phuong Hoang. Nguyen <duy.nguyen.xa@renesas.com>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Now retained_mem driver can utilize nrfx_ram_ctrl helper
for nRF devices. It provides abstraction over various RAM retention
peripherals like POWER, VMC or MEMCONF.
Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
Allows RTT inizialization function to either init Cntrol Block always
or initialize only after checking it it's not already initialized by
another program, typically by a bootloader.
Signed-off-by: Giancarlo Stasi <giancarlo.stasi.co@gmail.com>
Allows optionally placing Segger RTT data either in a specific
linker section that is located at RAM start, or in a specific linker
section defined by a memory region in DTS, as third and fourth
alternative to the DTCM section or the default data section.
This is useful to share the fixed address for different programs,
typically bootloader and application, and have seamless logging.
Signed-off-by: Giancarlo Stasi <giancarlo.stasi.co@gmail.com>
User can assign callback function to local domain dvfs handler
and get notification when scaling process is finished for
particular domain.
Reworked usage of DVFS_SERV_HDL_FREQ_CHANGE_IN_PROGRESS_BIT_POS
which was not initialized properly.
Signed-off-by: Lukasz Stepnicki <lukasz.stepnicki@nordicsemi.no>
Wi-Fi shell now uses _sta/_ap APIs to getch specific inteface types, so,
by default register as a Station.
This needs more work to handle multiple modes and mode switching.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
This is required since NRF_FUN_POS (pinctrl) has changed its position
from 17 to 18 (a value hardcoded in the nrf-regtool as well).
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Remove the duplicate `USE_STM32_HAL_RAMCFG` Kconfig symbol definition
from Kconfig.stm32, which was introduced by accident in PR #66181,
commit 6ed002ddae.
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
1. Support USB-C drivers TCPC, PPC, and VBUS with UTCPD H/W IP
2. UTCPD is interconnected with Timer-triggered EADC for updating
VBUS/VCONN voltage periodically
Signed-off-by: Chun-Chieh Li <ccli8@nuvoton.com>
Remove the ‘HAS_MCUX_ACMP’ Kconfig, and also remove it from
driver and soc Kconfig files. It is not needed since we already
depend on 'ACMP' enabled in the dt file, the 'HAS_MCUX_ACMP'
kconfig is a relic of the past before devicetree was stable.
Signed-off-by: Anke Xiao <anke.xiao@nxp.com>
Add a void *user_data pointer to the input callback structure. This is
useful for driver to get back the driver data structure and avoid
defining wrapper functions.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Packets are routed between OT and Zephyr net stacks.
For IPv4 these packets are managed by NAT64 by default.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
Changes the ramp-up time from 1000us to 550us
on nRF54H20.
The time must fit inside general preconditions ramp up.
The hfclk time can be adjsuted this way because
the current solution is not precise until
the clock_control is available.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
WIFI_REASON_DISCONN_UNSPECIFIED is 1, when disconnect reason is 0,
wpas_to_wifi_mgmt_disconn_status return the
WIFI_REASON_DISCONN_UNSPECIFIED and print error log "Disconnection
request failed (1)"
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
It looks like nrf-regtool depends on the
https://pypi.org/project/devicetree/ Python package, which contains an
old copy (https://github.com/zephyrproject-rtos/python-devicetree) of
the in-tree devicetree package.
Because no major changes have happened in the devicetree scripts, this
likely went unnoticed. However, realized today that such old package is
not able to parse bindings with multiple buses (e.g. in I3C, where we
have `bus: [i3c, i2c]`).
While a proper solution is discussed, inject `PYTHONPATH` with the
in-tree library.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Rename `MBEDTLS_PSA_CRYPTO_RND_SOURCE`->`MBEDTLS_PSA_CRYPTO_RNG_SOURCE`
as all other options use `RNG` for random number generator instead of
`RND` for random number.
Signed-off-by: Jordan Yates <jordan@embeint.com>
When multicast packet is forwarded to the OpenThread stack it has to
have its "multicast loop" flag enabled to be processed by the stack
itself instead of only propagating it further.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
As of v2.1.0 TF-M has updated to CMSIS v6 and switched from hosting
the sources to depending on the upstream repository, cloning it at
build time.
To prevent a download from happening during the build, CMSIS v6 sources
are pushed to Zephyr's fork of TF-M and the `CMSIS_PATH` CMake variable
is set to point to them.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Make it depend on MBEDTLS_PSA_P256M_DRIVER_ENABLED instead of
selecting it.
This fixes the build of
tests/crypto/secp256r1/crypto.secp256r1.p256-m_raw on filtered-out
platforms since PR #75441 (83cd9f5a01).
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Fix builds with `CONFIG_TFM_MCUBOOT_IMAGE_NUMBER=1`. The merged binary
should be signed with the same argumements as a secure build, not a
non-secure build, except with a different layout file generated by the
TF-M build system.
Fixes#68345.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Currently, the NFCT pins cannot be used as GPIOs on the nRF54L15 MCU
because the Nordic HAL for this MCU uses the new upcoming `NRF_CONFIG_`
style configuration settings for this MCU.
To support all nRF5x MCUs, the old configuration is still required
because Nordic didn't update their MDK entirely to the new style.
Signed-off-by: Stefan Schwendeler <Stefan.Schwendeler@husqvarnagroup.com>
In function nrfs_backend_send_work tx_data buffer was
used in function ipc_service_send instead of
data_to_send. This is fixed and also tx_data and rx_data
are moved to coresponding functions preventing such
issues in future.
Signed-off-by: Lukasz Stepnicki <lukasz.stepnicki@nordicsemi.no>
Added definition MCUX_SDK_SAI_ALLOW_NULL_FIFO_WATERMARK
to fix timeout fault on the I2S_Speed test
using MIMXRT1170_evk/mimxrt1176/cm7.
Signed-off-by: Emilio Benavente <emilio.benavente@nxp.com>
WPA supplicant as a network manager monitors interface events and
registers to the Wi-Fi NM module, so, adding a check for NM type before
registering the interface is wrong.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Instead of silently `#undef`ing PSA_CRYPTO_C when TF-M is in use,
enforce that rule at the Kconfig level.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Adding a semicolon after the do-while loop in the LV_DEV_INIT()
macro also supports multiple instantiation.
Signed-off-by: Stephan Linz <linz@li-pro.net>
We only need the interface to be administratively up, the operationl
status is managed by the WPA supplicant.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Incremental builds for TF-M are not picked up by Zephyr linking stage.
Code changes to tf-m repository results in a rebuild of TF-M and thus
an updated tfm_s.hex (and other files).
tfm_s.hex is merged together with the zephyr hex to form a final merged
hex file for flashing. This is done as a post-build command, however
such as step cannot take extra dependencies. The Zephyr target can have
extra dependencies, however that will only ensure the dependency is
brought up-to-date when Zephyr re-link, not re-linking Zephyr when the
dependency changes.
Therefore an object dependency is placed on the interface.c file for
Zephyr TF-M interface implementation, which ensures the tfm_api library
is brought up-to-date whenever TF-M rebuilds, and this update again
ensures the Zephyr itself is re-linked whenever TF-M rebuilds.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add initial support for the Cortex-M85 Core which is an implementation
of the Armv8.1-M mainline architecture.
The support is based on the Cortex-M55 support that already exists in
Zephyr.
Signed-off-by: Duy Nguyen <duy.nguyen.xa@renesas.com>
In device init phase, it will call _mbedtls_init before malloc_prepare
as mbedtls has higher priority defined in SYS_INIT..
_mbedtls_init() will call psa_crypto_init() and malloc buffer,
but z_malloc_heap is not initialized, which will cause device hang.
Should call malloc_prepare() before _mbedtls_init to fix this issue,
so decrease the priority of mbedtls to default 40.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
This patch adds a kconfig option `LV_Z_MEMORY_POOL_CUSTOM_SECTION`
which allows to place the buffer the memory pool is backed by into a
section with the label ".lvgl_heap".
Resolves issue: #66494.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Removes the wrapper code of the kscan based pointer input device. It was
implemented during the transitioning phase until all intree drivers were
converted to the input subsystem.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Use select_network instead of enable_network, then can trigger sta
connection mutiple times. Also update the configuration in
add_interface().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Split wifi interface into station mode and soft-AP mode, as there may be
station and soft-AP two interfaces that work concurrently.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
The following heap-related Kconfigs shared by the picolibc &
minimal libc have been deprecated for more than 2 releases,
remove them and update the Kconfigs accordingly:
- `CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE`
- `CONFIG_MINIMAL_LIBC_REALLOCARRAY`
Cleanup the handling to support the deprecated malloc arena
size configuration values.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Both Clang [1] and (recently) GCC [2] support this flag to enable
additional codesize optimizations beyond -Os, possibly at the expense of
performance.
This tradeoff is worthwhile for some (and, Clang's -Oz seems to be
closer to GCC's -Os currently), so add a new abstraction for this flag
so users can select it as appropriate.
[1] https://clang.llvm.org/docs/CommandGuide/clang.html#cmdoption-O0
[2] https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-Oz
Signed-off-by: Jonathon Penix <jpenix@quicinc.com>
TF-M is a PSA API provider alternative to Mbed TLS one. As
a consequence when CONFIG_BUILD_WITH_TFM is set
CONFIG_PSA_CRYPTO_CLIENT should be set as well.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
udc_mcux_ehci is based on the MCUX USB controller driver
(usb_device_ehci.c); udc_mcux_ip3511 is based on the
MCUX USB controller driver (usb_device_lpcip3511.c);
add related Kconfig and CMake; include the usb_phy.h path in
modules/hal_nxp/usb/CMakeLists.txt because udc_mcux.c use it;
add related macros to usb_device_config.h;
update CMakeLists for udc_mcux_ehci and udc_mcux_ip3511.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Use zephyr_blobs_verify to check the blob file is valid
or not.
The function zephyr_blobs_verify will check if the file
exists. And it checks if the file is valid.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add Kconfig.nxp to support NXP Bluetooth Chipset.
Current only NXP IW612 Chipset (BT_NXP_NW612) has
been supported.
Add modules/hal_nxp/bt_controller/CMakeLists.txt to
determine whether any firmware is selected, and
check whether the firmware exists.
If the firmware exists, copy the firmware to the
temporary folder ${ZEPHYR_BINARY_DIR}/include/
generated/bt_nxp_ctlr_fw.h. OR, raise a fatal error.
In file hci_nxp_setup.c, includes the temporary file
bt_nxp_ctlr_fw.h.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add proper PSA_WANT kconfigs for TLS sockets and RSA key exchanges
when CONFIG_PSA_CRYPTO_CLIENT is set.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
For sake of memory footprint it might be required to shrink
down the memory footprint as much as possible. Unfortunately Mbed TLS
PSA interface brings in some extra code for key management which makes
it larger than the TinyCrypt counterpart when it comes to p256-m
interfacing. For this reason it might be useful to directly access
the p256-m driver directly.
This commit adds this support and it also updates the corresponding
test in order to make use of this condition.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Ensure psa_crypto_init() is called during initialization when
Mbed TLS acts as a PSA crypto client. This will setup the PSA
crypto server for further calls.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add support for the CortexM optimized implementation of secp256r1
code. It supports:
- import & export
- key agreement
- sign & verify
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Adds an appropriate condition to the Kconfig as
the temperature driver is not supported for nRF54H20 devices yet.
Without this change, a build with NRF 802.15.4 libraries produces
Kconfig error.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
Clock_control is currently not supported on nRF54H20.
This commit adds new way of handling the hfclk targeted for nRF54H20.
This solution shall be replaced once the clock_control is supported
for nRF54H20.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
Make call to de-initialize disk in fatfs_unmount(). This will permit the
disk to be reinitialized when it is mounted with fatfs_mount().
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Channels owned by a child core shall also be included in the mask of
used channels (channels that cannot be allocated by the GPIOTE channel
allocator).
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Remove CONFIG_NO_PBKDF2 and CONFIG_NO_CONFIG_BLOBS definition
and let them be decided in kconfig.
CONFIG_NO_PBKDF2 is default y when crypto backend is
WIFI_NM_WPA_SUPPLICANT_CRYPTO_NONE.
CONFIG_NO_CONFIG_BLOBS is default y when both DPP and enterprise disable.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add Platform Secure Architecture support support to use
HW acceleration, which needs to be called under PSA driver wrapper
in mbedtls 3.x.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Add kconfig CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT to get more mbedtls
functionality for enterprise and DPP.
Split cmake sources related to hostap SME and crypto backend.
Default backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO use internal crypto
and some mbedtls apis.
Backend CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ALT use most mbedtls apis
and PSA apis, except some apis no longer supported in mbedtls 3.x,
or called in the middle of hostap and mbedtls.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
When the encoder button was pressed, it would send a LV_KEY_LEFT/RIGHT
instead of a LV_KEY_ENTER event.
This clears the enc_diff field, and set the key field to LV_KEY_ENTER
for button events.
Fixes#73529
Signed-off-by: Lorenz Clijnen <lorenz_reclame@outlook.be>
As of Mbed TLS 3.6 (which is the currently used version in Zephyr)
Blowfish, ARC4 and MD4 are no more supported so existing kconfigs
have no effect at all. Moreover they are not even used anywhere
in Zephyr.
This commit just removes them all and it also updates the migration
guide document.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The monolithic feature allows to link the binary blobs with
the application during the build.
Signed-off-by: Axel Le Bourhis <axel.lebourhis@nxp.com>
Signed-off-by: Yassine El Aissaoui <yassine.elaissaoui@nxp.com>
This change deprecates CONFIG_POSIX_SIGNAL in favour of
the plural CONFIG_POSIX_SIGNALS, which maps directly to the
name of the standard POSIX Option Group POSIX_SIGNALS.
Additionally, mark signals as experimental.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Zephyr's POSIX API is moving toward using the standard
nomenclature from IEEE 1003.1-2017 for as much as possible. In
particular, we want to have consistent naming between Zephyr's
POSIX API Kconfig options and the naming for POSIX Options and
Option Groups.
The Kconfig option CONFIG_PTHREAD_IPC has been (ab)used for a
very long time for a variety of different purposes. However,
the standard Option / feature test macro for POSIX Threads is,
intuitively _POSIX_THREADS. There is a corresponding sysconf()
key named _SC_POSIX_THREADS.
Annoyingly, the POSIX Option Group that corresponds to the
Option is POSIX_THREADS_BASE, which is a minor inconsistency
in the standard.
The _POSIX_THREADS Option already includes mutexes, condition
variables, and thread-specific storage (keys). So with this
change, we also deprecate the redundant Kconfig variables that
do not have a corresponding match in the standard.
- CONFIG_PTHREAD_IPC
- CONFIG_PTHREAD
- CONFIG_PTHREAD_COND
- CONFIG_PTHREAD_MUTEX
- CONFIG_PTHREAD_KEY
Additionally, create Kconfig variables for those configurables
which we are lacking:
- CONFIG_POSIX_THREADS_EXT
- CONFIG_POSIX_THREAD_ATTR_STACKSIZE
- CONFIG_POSIX_THREAD_ATTR_STACKADDR
- CONFIG_POSIX_THREAD_PRIORITY_SCHEDULING
- CONFIG_POSIX_THREAD_PRIO_INHERIT
- CONFIG_POSIX_THREAD_PRIO_PROTECT
- CONFIG_POSIX_THREAD_SAFE_FUNCTIONS
Some Kconfig variables were renamed to more properly match the spec:
- CONFIG_MAX_PTHREAD_COUNT -> CONFIG_POSIX_THREAD_THREADS_MAX
- CONFIG_MAX_PTHREAD_KEY_COUNT -> CONFIG_POSIX_THREAD_KEYS_MAX
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_MAX_FDS option does not correspond to any standard
POSIX option. It was used to define the size of the file
descriptor table, which is by no means exclusively used by
POSIX (also net, fs, ...).
POSIX_MAX_FDS is being deprecated in order to ensure that
Zephyr's POSIX Kconfig variables correspond to those defined in
the specification, as of IEEE 1003.1-2017. Namely,
POSIX_OPEN_MAX. CONFIG_POSIX_MAX_OPEN_FILES is being deprecated
for the same reason.
To mitigate any possible layering violations, that option is
not user selectable. It tracks the newly added
CONFIG_ZVFS_OPEN_MAX option, which is native to Zephyr.
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_DEVICE_IO
Similarly, with this deprecation, we introduce the following
Kconfig options that map directly to standard POSIX Options by
simply removing "CONFIG":
* CONFIG_POSIX_OPEN_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options.
* CONFIG_POSIX_DEVICE_IO_ALIAS_CLOSE
* CONFIG_POSIX_DEVICE_IO_ALIAS_OPEN
* CONFIG_POSIX_DEVICE_IO_ALIAS_READ
* CONFIG_POSIX_DEVICE_IO_ALIAS_WRITE
Gate open(), close(), read(), and write() via the
CONFIG_POSIX_DEVICE_IO Kconfig option and move
implementations into device_io.c, to be conformant with the
spec.
Lastly, stage function names for upcoming ZVFS work, to be
completed as part of the LTSv3 Roadmap (e.g. zvfs_open(), ..).
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The POSIX_CLOCK option does not correspond to any standard
option. It was used to active features of several distinct
POSIX Options and Option Groups, which complicated API and
application configuration as a result.
POSIX_CLOCK is being deprecated in order to ensure that Zephyr's
POSIX Kconfig variables correspond to those defined in the
specification, as of IEEE 1003.1-2017.
Additionally, CONFIG_TIMER is being deprecated because it does
not match the corresponding POSIX Option (_POSIX_TIMERS).
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_TIMERS
Similarly, we introduce the following Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_POSIX_CLOCK_SELECTION
* CONFIG_POSIX_CPUTIME
* CONFIG_POSIX_DELAYTIMER_MAX
* CONFIG_POSIX_MONOTONIC_CLOCK
* CONFIG_POSIX_TIMEOUTS
* CONFIG_POSIX_TIMER_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options that map directly to
standard POSIX Option Groups by simply removing "CONFIG_":
* CONFIG_POSIX_MULTI_PROCESS - sleep()
Similarly, in order to maintain parity with the current feature
set, we introduce the following additional Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_XSI_SINGLE_PROCESS - gettimeofday()
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Add missing call to LV_MEM_CUSTOM_FREE when closing a file to prevent
memory from leaking.
Resolves issue #73148.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With TF-M updated to 2.1.0 it now makes the signature type default
to EC-P256 for the mps2/an521/cpu0/ns board.
So far Zephyr had only supported and assumed that it was RSA-3072.
This brings support for other signature types, and changes the global
default to EC-P256.
The switch from RSA-3072 to EC-P256 reduces the flash usage by ~3.3KB
while having a negligible impact on RAM usage (increase of ~70 bytes)
when compiling the tfm_psa_test sample on mps2/an521/cpu0/ns and
nrf9160dk/nrf9160/ns without explicit optimizations.
The TFM_KEY_FILE_{S,NS} Kconfig options are moved inside an
`if TFM_BL2` as they are only used if MCUboot is included in TF-M.
The TF-M CMake variables MCUBOOT_KEY_{S,NS} are now set so that it's
possible to use signing keys located elsewhere than the default
location.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Restore the check that was introduced in
cd8d4ccad5 and removed in
cac7f4058f, rather than checking only
CONFIG_TFM_PSA_TEST_INITIAL_ATTESTATION in the tfm_psa_test sample.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Define and pass down PSA_ARCH_TESTS_PATH only in the sample that
needs it (tfm_psa_test).
Otherwise, it provokes a CMake warning because the variable does not
get used in TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This reverts commit 33786b55ab.
Reverting it because the upstream PR has been abandoned, and
this extra CMake variable is causing the warning
"Manually-specified variables were not used by the project".
As of now the version warning doesn't come up.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Permanently disable the revision checks made in the tf-m-tests
repository that were introduced with TF-M 2.1.0.
They fail because the expected upstream tags are not found in Zephyr's
tf-m-tests.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This commit aligns the GRTC driver to changes introduced in
hal_nordic. Some of the features regarding GRTC sleep/wakeup
functionality has been modified and moved out to the nrfx
driver's code.
Signed-off-by: Adam Kondraciuk <adam.kondraciuk@nordicsemi.no>
On SoC like nrf54h20 GPIOTE channels are split between cores. They
are reserved at compile time in devicetree. We need to ensure that
dynamically allocated channels are used only from pool assigned to
the given core. This is done using NRFX_GPIOTE130_CHANNELS_USED mask
which contains data from the device tree.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
https://github.com/zephyrproject-rtos/zephyr/pull/70541 has an
issue where if the screen has been rotated, values calculated if
invert-x or invert-y are set will be overwritten.
This breaks the adafruit_2_8_tft_touch_v2 touchscreen as the
display is rotated by 90 degrees but uses invert-x and invert-y.
This change makes the invert-x and invert-y options independent
of screen rotation.
Signed-off-by: Glenn Andrews <glenn.andrews.42@gmail.com>
Some Ambiq Apollox Blue SOC (e.g. Apollo3 Blue) uses internal designed
BLEIF module which is different from the general IOM module for SPI
transceiver. The called HAL API will also be independent. This driver is
implemented for the BLEIF module usage scenarios.
Signed-off-by: Aaron Ye <aye@ambiq.com>
Fixing a bug where wrong instance was enabled when SPIS137 was supposed
to be used.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Added NXP_FW_LOADER for NXP platforms.
Added NXP_RF_IMU for NXP platforms.
Added MONOLITHIC Flags for NXP platforms.
Signed-off-by: Axel Le Bourhis <axel.lebourhis@nxp.com>
- Add initial version of CYW920829M2EVK-02 board
- [drivers: clock_control] Make it possible to set up both iho and imo
clocks instead of just one or the other
Signed-off-by: Sreeram Tatapudi <sreeram.praveen@infineon.com>
This definition is no longer supported by the nrfx_gpiote driver (since
nrfx 3.2.0, reserved channels need to be defined per GPIOTE instance),
so remove it to not mislead users.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
By default PSA crypto library copies all the buffers that are passed
in into the heap before further processing them. This is required
when the PSA crypto library is on the secure side and it accepts
buffers from a non-secure code. However this case in Zephyr
is already handled by TF-M, so when the PSA crypto library is
built (CONFIG_MBEDTLS_PSA_CRYPTO_C) then it will be on the
non-secure side. Therefore this malloc copy is useless and
it consumes heap memory. Setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
at Mbed TLS build time helps in removing this mechanism and
it saves heap memory.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Instead of selecting legacy MBEDTLS symbols, use corresponding
PSA_WANT ones when possible (note: some legacy symbols do not
have a PSA correspondance).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add "sha3.c" source file that was previously missing from
CMakeLists.txt and that has been added in MbedTLS 3.6 release.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Using MBEDTLS_PSA_CRYPTO_CLIENT to guard all PSA_WANT symbols is
not completely correct because:
1. the prefix MBEDTLS suggests that it's something related to
MbedTLS, while actually PSA APIs can be provided also
by other implementations (ex: TFM)
2. there might applications which are willing to use PSA APIs
without using MbedTLS at all. For example computing an hash
can be as simple as writing psa_hash_compute() and, if the
PSA function is provided thorugh TFM, then MbedTLS is not
required at all
Therefore this commit:
- moves MBEDTLS_PSA_CRYPTO_CLIENT to Kconfig.tls-generic since
that symbol belongs to MbedTLS
- adds a new symbol named PSA_CRYPTO_CLIENT as a generic way
to state that there is "some" PSA crypto API provider
- let MBEDTLS_PSA_CRYPTO_CLIENT automatically select
PSA_CRYPTO_CLIENT, since the former is an implementation of
the latter.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Now that support for all PSA_WANT symbols is in place, we can
enable MBEDTLS_USE_PSA_CRYPTO when MBEDTLS_PSA_CRYPTO_C is
enabled as well.
Note: this commit also moves USE_PSA_CRYPTO out of CRYPTO_C
dependency in config-tls-generic.h because TLS/DTLS/X509 modules
of MbedTLS can rely on *any* implementation of PSA crypto APIs
not only the MbedTLS one. TFM is for example an alternative
to this.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Since PSA has several different symbols defined and since it's
better to keep them aligned with the current MbedTLS release,
a python script is used to generate both:
- Kconfig.psa
- config-psa-generic.h
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Adding a Kconfig and a header file to control which PSA features
are to be used from MbedTLS:
- new kconfig symbols are placed in a separate header file
(Kconfig.psa) and are guarded by MBEDTLS_PSA_CRYPTO_CLIENT. The
reason for this is that TLS/X509 can either rely on PSA functions
provided by MbedTLS (when MBEDTLS_PSA_CRYPTO_C is defined) or
TFM (when BUILD_WITH_TFM is selected). Therefore we could
not make these new Kconfigs depending on MBEDTLS_PSA_CRYPTO_C.
- by default all PSA symbols are enabled, but they can be
disabled by respective Kconfigs in order to reduce the image
size.
- the new header file (config-psa-generic.h) mimics what
config-tls-generic.h does for MbedTLS builtin symbols: it
enables a build symbol for every Kconfig one. The name is
kept identical in the 2 cases (a part from the initial CONFIG_
in order to simplify the mechanism).
- MBEDTLS_PSA_CRYPTO_CONFIG is finally enabled whenever there
is any PSA crypto provider (either MBEDTLS_PSA_CRYPTO_C or
TFM)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
It made the build of
`samples/tfm_integration/tfm_psa_test/sample.tfm.psa_test_crypto`
break since the update of Mbed TLS to 3.6.0 (#71118), apparently because
`${ZEPHYR_BASE}` wasn't set, and the include doesn't seem to be needed.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add new Microchip MEC chips using the new MEC5 HAL and
add a HAL version of a legacy chip named MECH172x.
Signed-off-by: Scott Worley <scott.worley@microchip.com>
Fix undefined reference to mbedtls_pk_ecc_xxx functions following update
to latest mbedtls version.
Signed-off-by: Joel Guittet <joelguittet@gmail.com>
The new kconfig options intend to represent a final
nRF54L product, let's handle them appropriately.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
- Do not set CONFIG_MBEDTLS_ZEPHYR_ENTROPY in
tests/crypto/mbedtls because this can cause test failure on
real devices in which test thread do not have access to
drivers.
- make MBEDTLS_PSA_CRYPTO_RND_SOURCE depending on
MBEDTLS_PSA_CRYPTO_C because it only makes sense when the
latter is defined
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Two Kconfig symbols were tied to a board-specific DT nodelabel - namely
the `NRFX_UARTE_CONFIG_RX_CACHE_ENABLED` and `UART_<n>_RX_CACHE_SIZE`
were tied to `shared_ram3x_region` - but this is not necessary.
That DT node is where the UARTE driver RX/TX cache buffers are placed
in the default nRF54H20 DK memory map, but on another board, they could
be located somewhere else.
The exact memory sub-regions used for this purpose are indicated using
the `memory-regions` property on each UARTE instance, which should be
generic enough already, so let's use that instead.
Signed-off-by: Grzegorz Swiderski <grzegorz.swiderski@nordicsemi.no>
It is meant specifically for configuration of the PSA crypto library.
The underlying PSA configuration items are guarded by the condition
that a PSA crypto provider must be present, which is the case when
either TF-M is in use or MbedTLS's PSA core is built as part of
the application image.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The HAS_MCUX_CSI (as well as all the HAS_MCUX_XXX) config was obsolete
and has been replaced by the DT_HAS_NXP_IMX_CSI_ENABLED (i.e.
DT_HAS_XXX_ENABLED). Drop it as well as all the dependencies on it.
Signed-off-by: Phi Bang Nguyen <phibang.nguyen@nxp.com>
The network CPU must be requested explicitly by the 802.15.4 driver for
the sharing mechanism to work correctly.
Signed-off-by: Jędrzej Ciupis <jedrzej.ciupis@nordicsemi.no>
MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO are 2 different
things and the former should not automatically enable the
latter. The reson is that the user might want the MbedTLS
PSA crypto toolbox to be built, but at the same time he/she
does not want TLS/DTLS (and other intermediate modules such
as PK, MD and Cipher) to use PSA APIs.
For this reason this commit introduces a new Kconfig option
named CONFIG_MBEDTLS_USE_PSA_CRYPTO to enable the corresponding
build symbol. By default USE_PSA_CRYPTO is disabled. It is
only explicilty enabled in tests/samples that were previously
setting CRYPTO_C (since in those cases USE_PSA was set).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
PICOLIBC misses the dirent.h header which is required
to emulate ITS (internal trusted storage) in PSA APIs.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a choice to select between legacy modules
(i.e. ENTROPY + CTR_DRBG/HMAC_DRBG) and CSPRNG as random generators
for PSA_CRYPTO_C.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to
enable PSA_WANT_ALG_SHA_256. This allows to use PSA functions to
compute SHA256 hashes. When PSA is provided by TFM this allows also
to remove legacy mbedtls_sha256() support and therefore reduce
footprint for the NS side.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Include `psa_crypto_ffdh.c` when compiling MbedTLS with PSA support, as
`MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY` references the included
functions.
Signed-off-by: Jordan Yates <jordan@embeint.com>
The wpas_to_wifi_mgmt_diconn_status() was missing "s" char,
so name it to wpas_to_wifi_mgmt_disconn_status() as that is
more descriptive.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Handle scan results event in order to avoid warning print
for unhandled event. The event is not used for anything atm,
this just prevents unknown event printout.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Support BSSID configuration while setting up the network information
as part of the connect command processing.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Channel 14 in JP is still allowed (though OFDM is disabled), this wasn't
handled by operating class 81, so, add 82 to the list.
We still need to full implement regulatory support in the WPA
supplicant but that is handled in separate fix.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This makes it readable and also scalable for upcoming extension of
operating classes.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Do not enable hash algorithms except SHA-256 by default.
This unnecessarily inflates the final code size even if not all the
enabled hash algorithms are actually used.
SHA-256 is (for now) kept enabled by default because many configurations
across the code base assume that there is some hash algorithm
available without needing to enable it.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This fixes the compilation of entropy_psa_crypto.c that failed
when trying to include the MbedTLS configuration.
Inherit the needed include folders and definitions from tfm_api.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This fixes NS compilation on certain app/board combinations
where TF-M is used but CONFIG_MBEDTLS was not set to y.
With the update to MbedTLS 3.6.0, the compilation failed in
(at least) interface/src/tfm_crypto_api.c when trying to
include MbedTLS configuration file because the MbedTLS Kconfigs
were not defined due to CONFIG_MBEDTLS being n (and the default
MbedTLS configuration file not being found).
TF-M's dependency on MbedTLS is pretty much a given.
This change ensures that the configuration for MbedTLS
is properly defined at all times when TF-M is in use.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The configuration file was not passed down to tfm_api, which
made the compilation of (at least) interface/src/tfm_crypto_api.c
fail when updating MbedTLS to 3.6.0.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
When building with TF-M (CONFIG_BUILD_WITH_TFM),
force MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
so that no NS code tries to act like the MbedTLS core
is built on this side.
This fixes compilation errors in (at least)
interface/src/tfm_crypto_api.c after the
update of MbedTLS to 3.6.0.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With MbedTLS updated to 3.6.0 the RSA module does not
depend on PK anymore. However, it is now dependent on ASN1.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This service receives fragmented data (usually firmware images) and
stores them in the slot1_partition in the flash.
Also update CMakeLists.txt in loramac-node module to be able to use
FragDecoder.c
Signed-off-by: Martin Jäger <martin@libre.solar>
This patch fixes two issues in the coordinate handling of the
`zephyr,lvgl-pointer-input` compatible:
- If the swap-xy flag is set the coordinates need to be swapped even
before the sync event is received.
- The coordinates are stored into an additional variable instead of the
pending_event. This is done to prevent the double inversion for touch
release events.
Resolves issue #70539.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Silence harmless version warning for users that have tagged TF-M.
TF-M creates a very noisy warning when you tag it:
CMake Warning at cmake/version.cmake:28 (message):
Actual TF-M version is not available from Git repository. Settled to
v2.0.0
Call Stack (most recent call first):
CMakeLists.txt:22 (include)
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Add Kconfig-to-nrfx symbol redefinitions so that TWIS instances
found on nRF54H20 and nRF54L15 devices are supported.
Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
SEGGER RTT module supports to use CCM for output data. This add the
necessary Kconfig option (choice).
Signed-off-by: Caspar Friedrich <c.s.w.friedrich@gmail.com>
This definition is used in nrfx header files, so it shouldn't be added
using `zephyr_library_compile_definitions()`. This would cause the GRTC
driver to fail the build when CONFIG_NRF_GRTC_START_SYSCOUNTER=y.
Signed-off-by: Grzegorz Swiderski <grzegorz.swiderski@nordicsemi.no>
DT nodes and compatible had been renamed and Kconfig option was relying
on the names that do not exists.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Iterate over all instances to get the information about extended
feature support in SPIM driver.
Signed-off-by: Krzysztof Chruściński <krzysztof.chruscinski@nordicsemi.no>
Adds the missing stubs for DMA2D kconfig symbol to fix the Kconfig warning
produced by checkpatch.
Resolves#70859
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Removing dependency on cyhal in airoc wifi driver.
It need to build airoc wifi driver with different than
PSoC 6 Soc like STM32
Signed-off-by: Nazar Palamar <nazar.palamar@infineon.com>
Add Kconfig-to-nrfx symbol redefinitions so that PWM instances
found on nRF54H20 and nRF54L15 devices are supported.
Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
Add nrfx_grtc related entries that were introduced in nrfx 3.4.0,
especially NRFX_GRTC_CONFIG_AUTOSTART that should be by default
set to 1.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Comment out mbedtls symbols that do not have a proper Kconfig
setting. Future commits will need to add relevant support in mbedtls
side to provided needed symbols so that they can be used in hostap
and uncomment these.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
To cater for different needs add an configuration options for WPA
supplicant network selection (scan results sorting). The default is
still left unchanged.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If user selects a band, then we should restrict scanning channels to
that band, but using freq_list will only filter the results.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure to copy LEN -1 bytes to the destination, to
accommodate the terminating null byte.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Even if the interface is not in connected state, allow disconnect to be
accepted, this behaviour regressed when the mode check was introduced
and if not connected then SSID will be NULL.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If MbedTLS uses its own heap which is a static heap (not libc heap),
then WPA supplicant heap usage will come down, so, reduce 8K (minimum
MbedTLS heap for Wi-Fi) from the libc heap size.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Free the deep copied data of the association response event.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Using a macro here that can potentially limit the interface name
compared to add can lead to issues, so, to mimic what we do in add, use
the sizeof with a boundary check.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
These were missed earlier, and if event send fails, no point in waiting
for the state to change.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Due to AP-MLME being in the host and expensive computation WPA3 is not
working reliably, so, for now this is being disabled.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
SAP mode adds more functionality that increases the heap usage, based on
experiments, 40000 works well to avoid startup failures.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Now that TX status buffer is allocated on heap by Zephyr driver, free
the buffer once its processed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
For WPA_SUPP_CRYPTO_LEGACY, MBEDTLS_PKCS5_C is needed.
Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add missing MBEDTLS_PK_C dependcy for legacy crypto.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Key management for SAP should be retrieved from the network block rather
than using the per-interface global structure.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
