Explicitly enable CONFIG_ENTROPY_GENERATOR instead of relying on the
build system's defaults.
This:
- Makes sure the filtering works properly between entropy_driver and
entropy_not_secure test scenarios for the samples.
- Helps with TF-M builds in certain scenarios where key generation (via
`psa_generate_key()`) would fail due to the RNG functionality being
disabled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Explicitly set the TF-M profile to not rely on the build system defaults
which might differ.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Now that `SECURE_STORAGE` does not `select` dependencies, they need to
be enabled explicitly by the tests.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Add MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG to the list of
test Kconfigs. Typical use case of this:
- the platform has "zephyr,entropy" defined in the devicetree which means
that CSPRNG_AVAILABLE is set;
- for some reason the board actually does not have any entropy driver
enabled (ex: ENTROPY_BT_HCI is disabled in nrf5340bsim when BT is _not_
enabled in the build);
- since TEST_RANDOM_GENERATOR is enabled then also TEST_CSPRNG_GENERATOR
would be;
- unfortunately the call to psa_generate_random() would fail in
get_random_data() (in modules/mbedtls/zephyr_entropy.c) because
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG is not set and it would
not reach "subsys/random/random_test_csprng.c".
This commit fixes this problem.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
As long as MBEDTLS_ENTROPY_C is enabled, Mbed TLS needs to
poll some entropy source to gather data that will then be
processed by CTR/HMAC-DRBG modules. This means that in most
of the cases, once MBEDTLS_ENTROPY_C is enabled then also
MBEDTLS_ENTROPY_POLL_ZEPHYR needs to be enabled. This was
done manually until now, as the long list of samples/tests
demonstrate.
This commit solves this dependency by defaulting
MBEDTLS_ENTROPY_POLL_ZEPHYR to on as soon as
MBEDTLS_ENTROPY_C is set. As a consequence, all manual
enablement of MBEDTLS_ENTROPY_POLL_ZEPHYR in samples/tests
are removed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a sample to demonstrate direct use of the PSA ITS API.
The implementation of the API is provided either by the just-introduced
secure storage subsystem or by TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
