DNM: Entropy generator loop fix #2464
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NordicBuilder
added
manifest
manifest-trusted-firmware-m
manifest-hal_tdk
manifest-sof
manifest-hal_nxp
manifest-hostap
manifest-hal_intel
manifest-lvgl
manifest-hal_ethos_u
manifest-hal_adi
manifest-hal_silabs
manifest-libmetal
manifest-zcbor
manifest-hal_xtensa
manifest-segger
manifest-hal_renesas
manifest-hal_st
labels
Mention the removed prompt for BT_ECC in the migration guide, and also add a note about the removed HCI emulation layer to the release notes. Signed-off-by: Johan Hedberg <[email protected]> (cherry picked from commit b3c6151679cfe333625198d465ad4e5952d53b81)
…got deprecated This is a follow-up to commit 8cfad44. Replace the deprecated BT_LE_ADV_CONN macro with BT_LE_ADV_CONN_FAST_2. Signed-off-by: Andrzej Głąbek <[email protected]> (cherry picked from commit f930739acf8586e9e27ebf20bbe4df6189d348d3)
-liblc3 added a library-internal path to zephyr_interface containing a file that collides with common.h required e.g. by Mbed TLS This commit fixes build-issues by making this include-folder PRIVATE to the named library liblc3 Signed-off-by: Frank Audun Kvamtrø <[email protected]> (cherry picked from commit 2ca64a3449c3e4b6fd457a0e15c8f3a1af5de337)
-Mbed TLS requires common.h to build. The sample provides common.h in sample folder level but included the path to zephyr_interface. This commit changes the include to be sample-specific Signed-off-by: Frank Audun Kvamtrø <[email protected]> (cherry picked from commit 627d2f971db7a7e09be63518e43dd74a0b4e4f2f)
…rm_zeroize -Adding explicit include for mbedtls/platform_util.h to get acces to mbedtls_platform_zeroize in ITS. Somehow not visibile in Zephyr but it caused build issues in nRF Connect SDK. Signed-off-by: Frank Audun Kvamtrø <[email protected]> (cherry picked from commit 202c2c41ab90ab961c60f39bde68aa36bf12f562)
…he boards Bring the change that was already in place for the qemu_cortex_m3 board to all the other ones, since also nrf52840 had a similar problem (see issue #82812). Signed-off-by: Valerio Setti <[email protected]> (cherry picked from commit 9d0b1248caebcc3d25b9b548702d42ed058959e2)
The BT Host module also uses import/export PSA functions alongside the generate one, so these PSA_WANT should be added as well. Previously it happened to work only because Mbed TLS is enabling IMPORT/EXPORT internally whenever GENERATE/DERIVE is set. However the same might not be true for all PSA Crypto providers. Signed-off-by: Valerio Setti <[email protected]> (cherry picked from commit 222f8d87b546c5e91ce132449b4fd41d55ed7207)
There's no point building the sample for platforms that do not support networking, hence add netif dependency to reduce the CI execution scope. Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit 3df9b5f87340fc5f8d37ba65ff00f17b18a545b6)
Refactors the code to avoid 'unused variable' warning that is problematic for some builds. Signed-off-by: Piotr Koziar <[email protected]> (cherry picked from commit 8f83ffc302dec61a06418efa317336016e820c65)
This is a follow-up to commit 12eee61. Explicitly enable "PSA_WANT_ALG_ECB_NO_PADDING" to select the AES ECB mode that it is used in CMAC operation. This is done because CMAC uses AES-ECB, so both AES and ECB must be explicitly enabled. Previously it worked because Mbed TLS is not currently performing any check internally on this and it's just enabling ECB automatically. Signed-off-by: Andrzej Głąbek <[email protected]> (cherry picked from commit dff78b4813e8fffd28c552b66abb8c656c990a28)
Define HSFLL120 clock. Signed-off-by: Gerard Marull-Paretas <[email protected]> (cherry picked from commit 332a335)
Due to a copy-paste error, it duplicated `ttgo_lora32/esp32/procpu`. Also, remove the `lora` tag, as it seems to be omitted from devicetree. Signed-off-by: Grzegorz Swiderski <[email protected]> (cherry picked from commit c074661de91b7ee17b6450d5e34b0e4fe0ee6ce1)
…rver The unicast server does not need GATT caching and it was likely incorrectly added earlier as a dependency. Upstream PR #: 84232 Signed-off-by: Emil Gydesen <[email protected]>
… updates -Update hostap to PR nrfconnect#76 which adds support for CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead of relying on legacy Mbed TLS ctr_drbg and entropy APIs. This change is in line with PSA crypto entropy changes in Zephyr happening with TinyCrypt deprecation and advancement of PSA crypto mechanisms -Remove defconfigs for currently sets the Kconfigs: -CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG -CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG Upstream PR #: 84517 Signed-off-by: Frank Audun Kvamtrø <[email protected]>
…endencies -PSA_WANT_ALG_CMAC must be set for PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 to be valid. This commit fixes this mismatch for hostap Upstream PR #: 84517 Signed-off-by: Frank Audun Kvamtrø <[email protected]>
…nfigurations
-Mbed TLS has come up with its own naming-convention with regards
to certain Mbed TLS configurations for TLS/DTLS and X.509. This
commit fixes a couple of them by depending on MBEDTLS_BUILTIN
which is set when Kconfig.tls-generic is used
1. Make MBEDTLS_PEM_CERTIFICATE_FORMAT depend on MBEDTLS_BUILTIN
The proper name for this functionaity is MBEDTL_PEM_PARSE_C and
MBEDTLS_PEM_WRITE_C
2. Make MBEDTLS_SERVER_NAME_INDICATION depend on MBEDTLS_BUILTIN
The proper name for this is MBEDTLS_SSL_SERVER_NAME_INDICATION
Upstream PR #: 84517
Signed-off-by: Frank Audun Kvamtrø <[email protected]>
nRF boards have a ROM crunch esp. with combined with Matter/networking features, as the advanced features are not essential for typical Wi-Fi operation, disable them by default. Individual samples can choose to enable it. Upstream PR #: 84940 Signed-off-by: Chaitanya Tata <[email protected]>
Problem ------- Board & SoC extensions are used to define out-of-tree board variants or SoC qualifiers. When a board is extended, it has multiple directories associated with it (each with its own `board.yml`), where twister should be able to find additional platform files to support these qualifiers. Currently, this doesn't work, because twister only traverses the primary BOARD_DIR and ignores the rest. The fix would've been trivial in the case of "legacy" platform files, i.e. those of the form `<normalized_board_target>.yaml`, but it's less straightforward for the newly introduced `twister.yaml` format. A `twister.yaml` file contains platform configuration that can be shared by multiple board targets and tweaked for specific targets by using the top-level `variants` key. Normally, there is at most one `twister.yaml` per board, but the file isn't necessarily unique to one board. Instead, it's unique to one directory, which may define multiple boards (as is the case with e.g. `boards/qemu/x86/`). With extensions in the picture, the goal is to initialize platforms when given multiple `twister.yaml` per board. The OOT files are expected to only provide information about OOT board targets, without being able to override in-tree targets (same principle as in the Zephyr build system). Solution -------- Scanning for `twister.yaml` is broken up into multiple passes - first loading all the files, then splitting the `variants` keys apart from the shared configuration, before constructing the Platform instances. The purpose of the split is to treat the variant information as global, instead of making unnecessary or faulty assumptions about locality. Remember that the build system can derive board target names not only from `board.yml`, but from `soc.yml` too. Considering that any board may end up using an OOT-extended SoC (and hence multiple `soc.yml` files), not every board target can be said to belong to some board dir. Unlike the variant data, the remaining top-level config is still rooted to the primary BOARD_DIR and inherited by the extension dirs from there. This is quite intuitive in most imagined cases, but there is a caveat: if a `twister.yaml` resides in an extension dir, then it is allowed to have a top-level config of its own, but it will be silently ignored. This is to support corner cases where, much like how a single board dir can define multiple boards, a single board dir can also extend multiple boards, or even do both. In those cases, the primary BOARD_DIR rule should make it unambiguous which config belongs to which board, even if it may seem counter-intuitive at first. Upstream PR #: 84975 Signed-off-by: Grzegorz Swiderski <[email protected]>
test_k_workqueue_stop uses an uninitialized variable, causing sporadic test failures. Signed-off-by: Robin Kastberg <[email protected]> (cherry picked from commit 75daa43)
Non-secure variants for nRF7002 DK were removed from upstream in commit 10d4973. Revert these changes downstream, so that the NS variants are still available. Signed-off-by: Andrzej Głąbek <[email protected]>
…en built-in in PSA" This reverts commit ac6d834. Temporarily revert an upstream change that leads to a Kconfig dependency loop with MBEDTLS_CIPHER_AES_ENABLED. This is supposed to be replaced with a better fix later. Signed-off-by: Andrzej Głąbek <[email protected]>
This test cannot be executed with the SDFW Service Framework client started, so disable its initialization. Signed-off-by: Andrzej Głąbek <[email protected]>
The BT_DRIVERS symbol default value 'y' used to depend on !BT_CTLR but now it is always on when BT is set. For BT_RPC the BT_DRIVERS symbol must not be enabled on the client side as no driver is used. The temporary solution is to set BT_DRIVERS to 'y' by default only when BT_HCI stack selection is enabled. It will be 'n' when BT_RPC_STACK is enabled. The fix should be fine as NCS uses either HCI or RPC stack. Signed-off-by: Michał Grochala <[email protected]>
noup because it's about partition manager. Fix the build of secure_storage.psa.its.secure_storage.store.zms on nrf54l15dk/nrf54l15/cpuapp by disabling partition manager, which is incompatible with the ZMS implementation of the ITS store module. Disabling it only for that test as it's not needed for the others and even makes the NS board targets fail if disabling PM. Signed-off-by: Tomi Fontanilles <[email protected]>
-Adding imply MBEDTLS_CIPHER_AES_ENABLED if not TF-M build in BT_CRYPTO -Needed to set a specific symbol for MBEDTLS + MBEDTLS_BUILTIN to work on network core build. -This [nrf noup] can be removed once PSA crypto is fully supported in network core, or PSA crypto is not compiled in at all and is provided as a RPC-mechanism via the app-core Signed-off-by: Frank Audun Kvamtrø <[email protected]>
frkv
force-pushed
the
entropy_generator_loop_fix
branch
from
f5fb6bc to
48587e8
Compare
Set CONFIG_TFM_PROFILE_TYPE_MEDIUM for boards with TF-M to enable ITS and PS. Enable CONFIG_PSA_WANT_GENERATE_RANDOM to fix persistent_key tests when TF-M is used. native_sim target needs CONFIG_PSA_WANT_ALG_ECB_NO_PADDING. Skip checking of private_reserved field in psa_key_attributes if present. Increase maximum ITS asset size. Signed-off-by: Juha Ylinen <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
Set CONFIG_TFM_PROFILE_TYPE_MEDIUM for boards with TF-M to enable ITS and PS. Enable CONFIG_PSA_WANT_GENERATE_RANDOM to fix persistent_key sample. native_sim requires ECB cipher to be enabled. Signed-off-by: Juha Ylinen <[email protected]> Signed-off-by: Frank Audun Kvamtrø <[email protected]>
frkv
force-pushed
the
entropy_generator_loop_fix
branch
from
48587e8 to
a2ce34a
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Just for testing