This commit just moves some code around. For sake of cleanliness
a new file is added to hold the entropy parsing functions
for Mbed TLS.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is meant to be used only for tests on platforms where CSPRNG
sources are not available. It should not be used in production.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Improve the description of both MBEDTLS_PSA_CRYPTO_LEGACY_RNG and
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG kconfig symbols.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
- Slightly improve the name of this kconfig adding the suffix
_POLL in order to highlight that this adds a callback
function used to poll data.
- Description was also updated to point out that this symbols
might not only use the (secure) entropy driver, but also
generic number generators, some of which are not really
secure.
- The symbol was move from Kconfig to Kconfig.tls-generic because
this is where MBEDTLS_ENTROPY_C is located and since
MBEDTLS_ENTROPY_HARDWARE_ALT depends on the former (it only
makes sense if the entropy module is also enabled), we add
also the "depends on".
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
ENABLED suffix does not really makes much sense for a kconfig
so it should be removed. Also other MBEDTLS symbols were recently
updated accordingly.
Moreover having it named exactly the same way as in Mbed TLS
symplifies the understanding of what this kconfig is doing.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Enable the `MBEDTLS_PEM_WRITE_C` mbedtls configuration option when
`CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT` is selected.
Signed-off-by: Simone Orru <simone.orru@secomind.com>
Initial commit for entropy support on RA8
- drivers: entropy: implementation for TRNG driver of RA8x1
- dts: arm: add device node for trng of RA8x1
- boards: arm: enable support zephyr_entropy for ek_ra8m1 and
update board documentation
Signed-off-by: The Nguyen <the.nguyen.yf@renesas.com>
Signed-off-by: Duy Phuong Hoang. Nguyen <duy.nguyen.xa@renesas.com>
The nRF9280 is a SiP (System-in-Package) consisting of the nRF9230 SoC
and additional components such as PMIC and others. Additionally,
the nRF9230 contains several CPUs, similarly to the nRF54h20 SoC.
Update nrfx glue, and add necessary Kconfig and initialization code
to allow building for nRF9280 targets: CPU, Radio and PPR cores.
The nRF9280 is used for all user build targets and Kconfigs,
whereas the nRF9230 is used as the build target for the MDK.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Co-authored-by: Andreas Moltumyr <andreas.moltumyr@nordicsemi.no>
MCUX ehci controller driver support cache maintenance if
USB_DEVICE_CONFIG_BUFFER_PROPERTY_CACHEABLE is enabled.
Enable USB_DEVICE_CONFIG_BUFFER_PROPERTY_CACHEABLE if
CONFIG_UDC_BUF_FORCE_NOCACHE is false and CONFIG_NOCACHE_MEMORY
is true.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
For Enterprise crypto MbedTLS needs more heap either separate pool or
libc heap, based on experiments 55000 was arrived for a successful
WPA2-EAP-TLS association.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Add basic WPA2 EAP-TLS support.
Also, add test infrasturcture esp. the certification handling,
non-certificate credentials are take as runtime input and certificated
are build time input for testing.
A real application can set certificates at runtime too.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
First commit to support serial driver running on r_sci_uart for Renesas
RA devices.
Signed-off-by: The Nguyen <the.nguyen.yf@renesas.com>
Signed-off-by: Duy Phuong Hoang. Nguyen <duy.nguyen.xa@renesas.com>
In order to mitigate side channel attacks, even if the PWE is found the WPA
supplicant goes through full iterations, but in some low-resource systems
this can be intensive, so, add an option to exit early.
Note that this is highly insecure and shouldn't be used in production
Signed-off-by: Gang Li <gang.li_1@nxp.com>
This should be configurable by applications in case a full CLI interface
to the WPA supplicant is needed.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Now retained_mem driver can utilize nrfx_ram_ctrl helper
for nRF devices. It provides abstraction over various RAM retention
peripherals like POWER, VMC or MEMCONF.
Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no>
Allows RTT inizialization function to either init Cntrol Block always
or initialize only after checking it it's not already initialized by
another program, typically by a bootloader.
Signed-off-by: Giancarlo Stasi <giancarlo.stasi.co@gmail.com>
Allows optionally placing Segger RTT data either in a specific
linker section that is located at RAM start, or in a specific linker
section defined by a memory region in DTS, as third and fourth
alternative to the DTCM section or the default data section.
This is useful to share the fixed address for different programs,
typically bootloader and application, and have seamless logging.
Signed-off-by: Giancarlo Stasi <giancarlo.stasi.co@gmail.com>
User can assign callback function to local domain dvfs handler
and get notification when scaling process is finished for
particular domain.
Reworked usage of DVFS_SERV_HDL_FREQ_CHANGE_IN_PROGRESS_BIT_POS
which was not initialized properly.
Signed-off-by: Lukasz Stepnicki <lukasz.stepnicki@nordicsemi.no>
Wi-Fi shell now uses _sta/_ap APIs to getch specific inteface types, so,
by default register as a Station.
This needs more work to handle multiple modes and mode switching.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
This is required since NRF_FUN_POS (pinctrl) has changed its position
from 17 to 18 (a value hardcoded in the nrf-regtool as well).
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Remove the duplicate `USE_STM32_HAL_RAMCFG` Kconfig symbol definition
from Kconfig.stm32, which was introduced by accident in PR #66181,
commit 6ed002ddae.
Signed-off-by: Mathieu Choplain <mathieu.choplain@st.com>
1. Support USB-C drivers TCPC, PPC, and VBUS with UTCPD H/W IP
2. UTCPD is interconnected with Timer-triggered EADC for updating
VBUS/VCONN voltage periodically
Signed-off-by: Chun-Chieh Li <ccli8@nuvoton.com>
Remove the ‘HAS_MCUX_ACMP’ Kconfig, and also remove it from
driver and soc Kconfig files. It is not needed since we already
depend on 'ACMP' enabled in the dt file, the 'HAS_MCUX_ACMP'
kconfig is a relic of the past before devicetree was stable.
Signed-off-by: Anke Xiao <anke.xiao@nxp.com>
Add a void *user_data pointer to the input callback structure. This is
useful for driver to get back the driver data structure and avoid
defining wrapper functions.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Packets are routed between OT and Zephyr net stacks.
For IPv4 these packets are managed by NAT64 by default.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
Changes the ramp-up time from 1000us to 550us
on nRF54H20.
The time must fit inside general preconditions ramp up.
The hfclk time can be adjsuted this way because
the current solution is not precise until
the clock_control is available.
Signed-off-by: Piotr Koziar <piotr.koziar@nordicsemi.no>
WIFI_REASON_DISCONN_UNSPECIFIED is 1, when disconnect reason is 0,
wpas_to_wifi_mgmt_disconn_status return the
WIFI_REASON_DISCONN_UNSPECIFIED and print error log "Disconnection
request failed (1)"
Signed-off-by: Gaofeng Zhang <gaofeng.zhang@nxp.com>
It looks like nrf-regtool depends on the
https://pypi.org/project/devicetree/ Python package, which contains an
old copy (https://github.com/zephyrproject-rtos/python-devicetree) of
the in-tree devicetree package.
Because no major changes have happened in the devicetree scripts, this
likely went unnoticed. However, realized today that such old package is
not able to parse bindings with multiple buses (e.g. in I3C, where we
have `bus: [i3c, i2c]`).
While a proper solution is discussed, inject `PYTHONPATH` with the
in-tree library.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Rename `MBEDTLS_PSA_CRYPTO_RND_SOURCE`->`MBEDTLS_PSA_CRYPTO_RNG_SOURCE`
as all other options use `RNG` for random number generator instead of
`RND` for random number.
Signed-off-by: Jordan Yates <jordan@embeint.com>
When multicast packet is forwarded to the OpenThread stack it has to
have its "multicast loop" flag enabled to be processed by the stack
itself instead of only propagating it further.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
As of v2.1.0 TF-M has updated to CMSIS v6 and switched from hosting
the sources to depending on the upstream repository, cloning it at
build time.
To prevent a download from happening during the build, CMSIS v6 sources
are pushed to Zephyr's fork of TF-M and the `CMSIS_PATH` CMake variable
is set to point to them.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Make it depend on MBEDTLS_PSA_P256M_DRIVER_ENABLED instead of
selecting it.
This fixes the build of
tests/crypto/secp256r1/crypto.secp256r1.p256-m_raw on filtered-out
platforms since PR #75441 (83cd9f5a01).
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Fix builds with `CONFIG_TFM_MCUBOOT_IMAGE_NUMBER=1`. The merged binary
should be signed with the same argumements as a secure build, not a
non-secure build, except with a different layout file generated by the
TF-M build system.
Fixes#68345.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Currently, the NFCT pins cannot be used as GPIOs on the nRF54L15 MCU
because the Nordic HAL for this MCU uses the new upcoming `NRF_CONFIG_`
style configuration settings for this MCU.
To support all nRF5x MCUs, the old configuration is still required
because Nordic didn't update their MDK entirely to the new style.
Signed-off-by: Stefan Schwendeler <Stefan.Schwendeler@husqvarnagroup.com>
In function nrfs_backend_send_work tx_data buffer was
used in function ipc_service_send instead of
data_to_send. This is fixed and also tx_data and rx_data
are moved to coresponding functions preventing such
issues in future.
Signed-off-by: Lukasz Stepnicki <lukasz.stepnicki@nordicsemi.no>
Added definition MCUX_SDK_SAI_ALLOW_NULL_FIFO_WATERMARK
to fix timeout fault on the I2S_Speed test
using MIMXRT1170_evk/mimxrt1176/cm7.
Signed-off-by: Emilio Benavente <emilio.benavente@nxp.com>
WPA supplicant as a network manager monitors interface events and
registers to the Wi-Fi NM module, so, adding a check for NM type before
registering the interface is wrong.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Instead of silently `#undef`ing PSA_CRYPTO_C when TF-M is in use,
enforce that rule at the Kconfig level.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Adding a semicolon after the do-while loop in the LV_DEV_INIT()
macro also supports multiple instantiation.
Signed-off-by: Stephan Linz <linz@li-pro.net>
We only need the interface to be administratively up, the operationl
status is managed by the WPA supplicant.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Due to recent changes to hostap, the stack usage is increased, so,
increase the stack size to fix SoF.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Fixes build issues when Wi-Fi security is enabled for default
implementation, the alternative implementation is managed separately,
and doesn't need these.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Incremental builds for TF-M are not picked up by Zephyr linking stage.
Code changes to tf-m repository results in a rebuild of TF-M and thus
an updated tfm_s.hex (and other files).
tfm_s.hex is merged together with the zephyr hex to form a final merged
hex file for flashing. This is done as a post-build command, however
such as step cannot take extra dependencies. The Zephyr target can have
extra dependencies, however that will only ensure the dependency is
brought up-to-date when Zephyr re-link, not re-linking Zephyr when the
dependency changes.
Therefore an object dependency is placed on the interface.c file for
Zephyr TF-M interface implementation, which ensures the tfm_api library
is brought up-to-date whenever TF-M rebuilds, and this update again
ensures the Zephyr itself is re-linked whenever TF-M rebuilds.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add initial support for the Cortex-M85 Core which is an implementation
of the Armv8.1-M mainline architecture.
The support is based on the Cortex-M55 support that already exists in
Zephyr.
Signed-off-by: Duy Nguyen <duy.nguyen.xa@renesas.com>
In device init phase, it will call _mbedtls_init before malloc_prepare
as mbedtls has higher priority defined in SYS_INIT..
_mbedtls_init() will call psa_crypto_init() and malloc buffer,
but z_malloc_heap is not initialized, which will cause device hang.
Should call malloc_prepare() before _mbedtls_init to fix this issue,
so decrease the priority of mbedtls to default 40.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
This patch adds a kconfig option `LV_Z_MEMORY_POOL_CUSTOM_SECTION`
which allows to place the buffer the memory pool is backed by into a
section with the label ".lvgl_heap".
Resolves issue: #66494.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Removes the wrapper code of the kscan based pointer input device. It was
implemented during the transitioning phase until all intree drivers were
converted to the input subsystem.
Signed-off-by: Fabian Blatz <fabianblatz@gmail.com>
Use select_network instead of enable_network, then can trigger sta
connection mutiple times. Also update the configuration in
add_interface().
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Split wifi interface into station mode and soft-AP mode, as there may be
station and soft-AP two interfaces that work concurrently.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
The following heap-related Kconfigs shared by the picolibc &
minimal libc have been deprecated for more than 2 releases,
remove them and update the Kconfigs accordingly:
- `CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE`
- `CONFIG_MINIMAL_LIBC_REALLOCARRAY`
Cleanup the handling to support the deprecated malloc arena
size configuration values.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Both Clang [1] and (recently) GCC [2] support this flag to enable
additional codesize optimizations beyond -Os, possibly at the expense of
performance.
This tradeoff is worthwhile for some (and, Clang's -Oz seems to be
closer to GCC's -Os currently), so add a new abstraction for this flag
so users can select it as appropriate.
[1] https://clang.llvm.org/docs/CommandGuide/clang.html#cmdoption-O0
[2] https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-Oz
Signed-off-by: Jonathon Penix <jpenix@quicinc.com>
TF-M is a PSA API provider alternative to Mbed TLS one. As
a consequence when CONFIG_BUILD_WITH_TFM is set
CONFIG_PSA_CRYPTO_CLIENT should be set as well.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
udc_mcux_ehci is based on the MCUX USB controller driver
(usb_device_ehci.c); udc_mcux_ip3511 is based on the
MCUX USB controller driver (usb_device_lpcip3511.c);
add related Kconfig and CMake; include the usb_phy.h path in
modules/hal_nxp/usb/CMakeLists.txt because udc_mcux.c use it;
add related macros to usb_device_config.h;
update CMakeLists for udc_mcux_ehci and udc_mcux_ip3511.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Use zephyr_blobs_verify to check the blob file is valid
or not.
The function zephyr_blobs_verify will check if the file
exists. And it checks if the file is valid.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add Kconfig.nxp to support NXP Bluetooth Chipset.
Current only NXP IW612 Chipset (BT_NXP_NW612) has
been supported.
Add modules/hal_nxp/bt_controller/CMakeLists.txt to
determine whether any firmware is selected, and
check whether the firmware exists.
If the firmware exists, copy the firmware to the
temporary folder ${ZEPHYR_BINARY_DIR}/include/
generated/bt_nxp_ctlr_fw.h. OR, raise a fatal error.
In file hci_nxp_setup.c, includes the temporary file
bt_nxp_ctlr_fw.h.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add proper PSA_WANT kconfigs for TLS sockets and RSA key exchanges
when CONFIG_PSA_CRYPTO_CLIENT is set.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
For sake of memory footprint it might be required to shrink
down the memory footprint as much as possible. Unfortunately Mbed TLS
PSA interface brings in some extra code for key management which makes
it larger than the TinyCrypt counterpart when it comes to p256-m
interfacing. For this reason it might be useful to directly access
the p256-m driver directly.
This commit adds this support and it also updates the corresponding
test in order to make use of this condition.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Ensure psa_crypto_init() is called during initialization when
Mbed TLS acts as a PSA crypto client. This will setup the PSA
crypto server for further calls.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add support for the CortexM optimized implementation of secp256r1
code. It supports:
- import & export
- key agreement
- sign & verify
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
