secure_storage: re-add MbedTLS backend

Re-add the option to use the MbedTLS ITS backend on posix. This backend is much simpler to setup than the Zephyr backends in a testing environment. This was previously removed in: #82319 Signed-off-by: Jordan Yates <[email protected]>
zephyrproject-rtos · Feb 17, 2025 · e464430 · e464430
1 parent ff4dc62
commit e464430
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 0 deletions.
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
@@ -486,6 +486,11 @@
 #define MBEDTLS_PSA_CRYPTO_STORAGE_C
 #endif
 
+#if defined(CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS)
+#define MBEDTLS_PSA_ITS_FILE_C
+#define MBEDTLS_FS_IO
+#endif
+
 #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */
 
 #if defined(CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS)

diff --git a/subsys/secure_storage/Kconfig b/subsys/secure_storage/Kconfig
@@ -27,6 +27,12 @@ source "subsys/logging/Kconfig.template.log_config"
 choice SECURE_STORAGE_ITS_IMPLEMENTATION
 	prompt "Internal Trusted Storage (ITS) API implementation"
 
+config SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS
+	bool "MbedTLS ITS implementation"
+	depends on ARCH_POSIX
+	help
+	  Use MbedTLS's implementation of the ITS API.
+
 config SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
 	bool "Zephyr's ITS implementation"
 	select SECURE_STORAGE_ITS_TRANSFORM_MODULE

diff --git a/tests/bsim/bluetooth/mesh/overlay_pst.conf b/tests/bsim/bluetooth/mesh/overlay_pst.conf
@@ -4,6 +4,7 @@ CONFIG_FLASH=y
 CONFIG_FLASH_MAP=y
 CONFIG_NVS=y
 CONFIG_SECURE_STORAGE=y
+CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y
 
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT_MESH_GATT_PROXY=y

diff --git a/tests/subsys/secure_storage/psa/crypto/Kconfig b/tests/subsys/secure_storage/psa/crypto/Kconfig
@@ -0,0 +1,11 @@
+# Copyright (c) 2025 Embeint Inc
+# SPDX-License-Identifier: Apache-2.0
+
+# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here
+# as it implements `psa_ps_*` and not the underlying `secure_storage_its_*`.
+choice SECURE_STORAGE_ITS_IMPLEMENTATION
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM
+endchoice
+
+source "Kconfig.zephyr"
diff --git a/tests/subsys/secure_storage/psa/its/Kconfig b/tests/subsys/secure_storage/psa/its/Kconfig
@@ -0,0 +1,10 @@
+# Copyright (c) 2025 Embeint Inc
+# SPDX-License-Identifier: Apache-2.0
+
+# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here
+choice SECURE_STORAGE_ITS_IMPLEMENTATION
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR
+	default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM
+endchoice
+
+source "Kconfig.zephyr"