bartoszek/zephyr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2db9ea94de
zephyr/subsys/net/lib/tls_credentials/Kconfig
Valerio Setti 34c4b54473 net: tls_credentials: use PSA to compute SHA256 when BUILD_WITH_TFM 
When using the TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE there is
BUILD_WITH_TFM enabled which means that we can take advantage of
TFM (thorugh PSA interface) to compute the SHA256 hash.

This removes the need for the built-in implementation of
mbedtls_sha256() on the non-secure image (unless it's used somewhere
else, of course) and therefore it helps in reducing the memory
footprint.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-05-08 22:14:19 -07:00

61 lines
1.8 KiB
Plaintext
Raw Blame History

# Copyright (c) 2018 Nordic Semiconductor ASA
# SPDX-License-Identifier: Apache-2.0
menuconfig TLS_CREDENTIALS
bool "TLS credentials management"
help
Enable TLS credentials management subsystem.
if TLS_CREDENTIALS
module = TLS_CREDENTIALS
module-str = tls_credentials
source "subsys/logging/Kconfig.template.log_config"
choice TLS_CREDENTIALS_BACKEND
prompt "TLS credentials management backend"
depends on TLS_CREDENTIALS
default TLS_CREDENTIALS_BACKEND_VOLATILE
help
TLS credentials management backend implementation.
config TLS_CREDENTIALS_BACKEND_VOLATILE
bool "TLS credentials management volatile backend"
help
TLS credentials management volatile backend implementation,
storing credentials in system runtime memory.
config TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE
bool "TLS credentials management protected storage backend"
depends on BUILD_WITH_TFM
select PSA_WANT_ALG_SHA_256
help
TLS credentials management backend using the Protected Storage
API to store credentials with integrity check against physical
attacks and keeps entries across system reboot.
endchoice
config TLS_MAX_CREDENTIALS_NUMBER
int "Maximum number of TLS credentials"
default 4
help
Maximum number of TLS credentials that can be registered.
config TLS_CREDENTIAL_FILENAMES
bool "Specify TLS credential filenames"
depends on NET_SOCKETS_OFFLOAD
help
Allows clients of the socket APIs to specify filenames
of security certificates and private keys
to use during subsequent TLS/SSL negotiations.
The secure files will have been previously provisioned to the
device's secure file system; eg, via a vendor tool or
by executing a separate binary.
This option is currently only available for secure
socket offload devices.
source "subsys/net/lib/tls_credentials/Kconfig.shell"
endif # TLS_CREDENTIALS
Reference in New Issue View Git Blame Copy Permalink