From e46443009a83b189fe7e8d790cec03ee6bdc3422 Mon Sep 17 00:00:00 2001 From: Jordan Yates Date: Mon, 17 Feb 2025 11:43:27 +1000 Subject: [PATCH] secure_storage: re-add MbedTLS backend Re-add the option to use the MbedTLS ITS backend on posix. This backend is much simpler to setup than the Zephyr backends in a testing environment. This was previously removed in: https://github.com/zephyrproject-rtos/zephyr/pull/82319 Signed-off-by: Jordan Yates --- modules/mbedtls/configs/config-tls-generic.h | 5 +++++ subsys/secure_storage/Kconfig | 6 ++++++ tests/bsim/bluetooth/mesh/overlay_pst.conf | 1 + tests/subsys/secure_storage/psa/crypto/Kconfig | 11 +++++++++++ tests/subsys/secure_storage/psa/its/Kconfig | 10 ++++++++++ 5 files changed, 33 insertions(+) create mode 100644 tests/subsys/secure_storage/psa/crypto/Kconfig create mode 100644 tests/subsys/secure_storage/psa/its/Kconfig diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h index 087246327cfa..dab99b062eda 100644 --- a/modules/mbedtls/configs/config-tls-generic.h +++ b/modules/mbedtls/configs/config-tls-generic.h @@ -486,6 +486,11 @@ #define MBEDTLS_PSA_CRYPTO_STORAGE_C #endif +#if defined(CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS) +#define MBEDTLS_PSA_ITS_FILE_C +#define MBEDTLS_FS_IO +#endif + #endif /* CONFIG_MBEDTLS_PSA_CRYPTO_C */ #if defined(CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS) diff --git a/subsys/secure_storage/Kconfig b/subsys/secure_storage/Kconfig index 11e78a7dbd2c..2ad4d21f9d03 100644 --- a/subsys/secure_storage/Kconfig +++ b/subsys/secure_storage/Kconfig @@ -27,6 +27,12 @@ source "subsys/logging/Kconfig.template.log_config" choice SECURE_STORAGE_ITS_IMPLEMENTATION prompt "Internal Trusted Storage (ITS) API implementation" +config SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS + bool "MbedTLS ITS implementation" + depends on ARCH_POSIX + help + Use MbedTLS's implementation of the ITS API. + config SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR bool "Zephyr's ITS implementation" select SECURE_STORAGE_ITS_TRANSFORM_MODULE diff --git a/tests/bsim/bluetooth/mesh/overlay_pst.conf b/tests/bsim/bluetooth/mesh/overlay_pst.conf index 52856866819d..cf12acf42a7a 100644 --- a/tests/bsim/bluetooth/mesh/overlay_pst.conf +++ b/tests/bsim/bluetooth/mesh/overlay_pst.conf @@ -4,6 +4,7 @@ CONFIG_FLASH=y CONFIG_FLASH_MAP=y CONFIG_NVS=y CONFIG_SECURE_STORAGE=y +CONFIG_SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR=y CONFIG_BT_PERIPHERAL=y CONFIG_BT_MESH_GATT_PROXY=y diff --git a/tests/subsys/secure_storage/psa/crypto/Kconfig b/tests/subsys/secure_storage/psa/crypto/Kconfig new file mode 100644 index 000000000000..7c9ec55190cb --- /dev/null +++ b/tests/subsys/secure_storage/psa/crypto/Kconfig @@ -0,0 +1,11 @@ +# Copyright (c) 2025 Embeint Inc +# SPDX-License-Identifier: Apache-2.0 + +# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here +# as it implements `psa_ps_*` and not the underlying `secure_storage_its_*`. +choice SECURE_STORAGE_ITS_IMPLEMENTATION + default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR + default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM +endchoice + +source "Kconfig.zephyr" diff --git a/tests/subsys/secure_storage/psa/its/Kconfig b/tests/subsys/secure_storage/psa/its/Kconfig new file mode 100644 index 000000000000..8052a5cb949a --- /dev/null +++ b/tests/subsys/secure_storage/psa/its/Kconfig @@ -0,0 +1,10 @@ +# Copyright (c) 2025 Embeint Inc +# SPDX-License-Identifier: Apache-2.0 + +# We explicitly don't want SECURE_STORAGE_ITS_IMPLEMENTATION_MBEDTLS here +choice SECURE_STORAGE_ITS_IMPLEMENTATION + default SECURE_STORAGE_ITS_IMPLEMENTATION_ZEPHYR + default SECURE_STORAGE_ITS_IMPLEMENTATION_CUSTOM +endchoice + +source "Kconfig.zephyr"