Bluetooth: Mesh: add tf-m support for ble mesh

This PR adds ability to build mesh with tf-m psa for platforms those support tf-m. Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
2023-05-31 14:09:21 +02:00 · 2023-05-31 14:09:21 +02:00 · 327eb119b6
commit 327eb119b6
parent 9748250e72
22 changed files with 132 additions and 12 deletions
--- a/include/zephyr/bluetooth/mesh/keys.h
+++ b/include/zephyr/bluetooth/mesh/keys.h
@ -12,7 +12,7 @@
 #define ZEPHYR_INCLUDE_BLUETOOTH_MESH_KEYS_H_

 #include <stdint.h>
-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
+#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA
 #include <psa/crypto.h>
 #endif

@ -20,7 +20,7 @@
 extern "C" {
 #endif

-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
+#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA

 /** The structure that keeps representation of key. */
 struct bt_mesh_key {
--- a/samples/bluetooth/hci_rpmsg/nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf
+++ b/samples/bluetooth/hci_rpmsg/nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf
@ -0,0 +1,33 @@
+CONFIG_IPC_SERVICE=y
+CONFIG_MBOX=y
+
+CONFIG_HEAP_MEM_POOL_SIZE=8192
+
+CONFIG_MAIN_STACK_SIZE=512
+CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=512
+
+CONFIG_BT=y
+CONFIG_BT_HCI_RAW=y
+CONFIG_BT_HCI_RAW_RESERVE=1
+CONFIG_BT_MAX_CONN=16
+
+
+# Workaround: Unable to allocate command buffer when using K_NO_WAIT since
+# Host number of completed commands does not follow normal flow control.
+CONFIG_BT_BUF_CMD_TX_COUNT=10
+
+# Controller
+CONFIG_BT_LL_SW_SPLIT=y
+
+# Disable unused Bluetooth features
+CONFIG_BT_CTLR_DUP_FILTER_LEN=0
+CONFIG_BT_CTLR_LE_ENC=n
+CONFIG_BT_CTLR_LE_PING=n
+CONFIG_BT_DATA_LEN_UPDATE=n
+CONFIG_BT_PHY_UPDATE=n
+CONFIG_BT_CTLR_MIN_USED_CHAN=n
+CONFIG_BT_CTLR_PRIVACY=n
+
+CONFIG_BT_OBSERVER=y
+CONFIG_BT_BROADCASTER=y
+CONFIG_BT_EXT_ADV=y
--- a/samples/bluetooth/hci_rpmsg/sample.yaml
+++ b/samples/bluetooth/hci_rpmsg/sample.yaml
@ -82,3 +82,10 @@ tests:
    platform_allow: nrf5340dk_nrf5340_cpunet
    integration_platforms:
      - nrf5340dk_nrf5340_cpunet
+  sample.bluetooth.hci_rpmsg.mesh.bt_ll_sw_split:
+    harness: bluetooth
+    tags: bluetooth
+    extra_args: CONF_FILE="nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf"
+    platform_allow: nrf5340dk_nrf5340_cpunet
+    integration_platforms:
+      - nrf5340dk_nrf5340_cpunet
--- a/samples/bluetooth/mesh/CMakeLists.txt
+++ b/samples/bluetooth/mesh/CMakeLists.txt
@ -13,3 +13,9 @@ if (BOARD STREQUAL bbc_microbit)
 else()
  target_sources(app PRIVATE src/board.c)
 endif()
+
+if (CONFIG_BUILD_WITH_TFM)
+  target_include_directories(app PRIVATE
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+  )
+endif()
--- a/samples/bluetooth/mesh/README.rst
+++ b/samples/bluetooth/mesh/README.rst
@ -44,6 +44,12 @@ For other boards, build and flash the application as follows:
 Refer to your :ref:`board's documentation <boards>` for alternative
 flash instructions if your board doesn't support the ``flash`` target.

+To run the application on an :ref:`nrf5340dk_nrf5340`, a Bluetooth controller application
+must also run on the network core. The :ref:`bluetooth-hci-rpmsg-sample` sample
+application may be used. Build this sample with configuration
+:zephyr_file:`samples/bluetooth/hci_rpmg/nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf`
+to enable mesh support.
+
 Interacting with the sample
 ***************************

--- a/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -0,0 +1,3 @@
+# Known issue: non secure platforms do not work with settings subsystem.
+CONFIG_SETTINGS=n
+CONFIG_BT_SETTINGS=n
--- a/samples/bluetooth/mesh/microbit_gatt.conf
+++ b/samples/bluetooth/mesh/microbit_gatt.conf
@ -13,7 +13,6 @@ CONFIG_BT_MESH_PB_ADV=n

 CONFIG_BT=y
 CONFIG_BT_DEVICE_NAME="Zephyr Mesh"
-CONFIG_BT_TINYCRYPT_ECC=y
 CONFIG_BT_RX_STACK_SIZE=1400
 CONFIG_BT_L2CAP_TX_BUF_COUNT=5
 CONFIG_BT_EXT_ADV=n
--- a/samples/bluetooth/mesh/prj.conf
+++ b/samples/bluetooth/mesh/prj.conf
@ -8,7 +8,6 @@ CONFIG_SETTINGS=y
 CONFIG_HWINFO=y

 CONFIG_BT=y
-CONFIG_BT_TINYCRYPT_ECC=y
 CONFIG_BT_L2CAP_TX_BUF_COUNT=5
 CONFIG_BT_PERIPHERAL=y
 CONFIG_BT_OBSERVER=y
--- a/samples/bluetooth/mesh/sample.yaml
+++ b/samples/bluetooth/mesh/sample.yaml
@ -7,6 +7,7 @@ tests:
      - bbc_microbit
      - qemu_x86
      - nrf52840dk_nrf52840
+      - nrf5340dk_nrf5340_cpuapp_ns
    integration_platforms:
      - qemu_x86
    tags: bluetooth
--- a/samples/bluetooth/mesh_demo/CMakeLists.txt
+++ b/samples/bluetooth/mesh_demo/CMakeLists.txt
@ -12,3 +12,9 @@ target_sources_ifdef(CONFIG_BOARD_BBC_MICROBIT app PRIVATE src/microbit.c)
 if(NODE_ADDR)
  zephyr_compile_definitions(NODE_ADDR=${NODE_ADDR})
 endif()
+
+if (CONFIG_BUILD_WITH_TFM)
+  target_include_directories(app PRIVATE
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+  )
+endif()
--- a/samples/bluetooth/mesh_demo/README.rst
+++ b/samples/bluetooth/mesh_demo/README.rst
@ -54,3 +54,9 @@ For other boards, build and flash the application as follows:

 Refer to your :ref:`board's documentation <boards>` for alternative
 flash instructions if your board doesn't support the ``flash`` target.
+
+To run the application on an :ref:`nrf5340dk_nrf5340`, a Bluetooth controller application
+must also run on the network core. The :ref:`bluetooth-hci-rpmsg-sample` sample
+application may be used. Build this sample with configuration
+:zephyr_file:`samples/bluetooth/hci_rpmg/nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf`
+to enable mesh support.
--- a/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -0,0 +1,3 @@
+# Known issue: non secure platforms do not work with settings subsystem.
+CONFIG_SETTINGS=n
+CONFIG_BT_SETTINGS=n
--- a/samples/bluetooth/mesh_demo/prj.conf
+++ b/samples/bluetooth/mesh_demo/prj.conf
@ -2,10 +2,18 @@ CONFIG_MAIN_STACK_SIZE=512
 CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

 CONFIG_BT=y
-CONFIG_BT_TINYCRYPT_ECC=y
 CONFIG_BT_OBSERVER=y
 CONFIG_BT_BROADCASTER=y

+CONFIG_BT_CTLR_DUP_FILTER_LEN=0
+CONFIG_BT_CTLR_LE_ENC=n
+CONFIG_BT_CTLR_LE_PING=n
+CONFIG_BT_DATA_LEN_UPDATE=n
+CONFIG_BT_PHY_UPDATE=n
+CONFIG_BT_CTLR_MIN_USED_CHAN=n
+CONFIG_BT_CTLR_PRIVACY=n
+CONFIG_BT_CTLR_CHAN_SEL_2=n
+
 CONFIG_BT_MESH=y
 CONFIG_BT_MESH_RELAY=y
 CONFIG_BT_MESH_SUBNET_COUNT=1
--- a/samples/bluetooth/mesh_demo/sample.yaml
+++ b/samples/bluetooth/mesh_demo/sample.yaml
@ -7,6 +7,7 @@ tests:
      - bbc_microbit
      - qemu_x86
      - nrf52840dk_nrf52840
+      - nrf5340dk_nrf5340_cpuapp_ns
    integration_platforms:
      - qemu_x86
      - bbc_microbit
--- a/samples/bluetooth/mesh_provisioner/CMakeLists.txt
+++ b/samples/bluetooth/mesh_provisioner/CMakeLists.txt
@ -7,3 +7,9 @@ find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
 project(mesh_provisioner)

 target_sources(app PRIVATE src/main.c)
+
+if (CONFIG_BUILD_WITH_TFM)
+  target_include_directories(app PRIVATE
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+  )
+endif()
--- a/samples/bluetooth/mesh_provisioner/README.rst
+++ b/samples/bluetooth/mesh_provisioner/README.rst
@ -52,3 +52,9 @@ For other boards, build and flash the application as follows:

 Refer to your :ref:`board's documentation <boards>` for alternative
 flash instructions if your board doesn't support the ``flash`` target.
+
+To run the application on an :ref:`nrf5340dk_nrf5340`, a Bluetooth controller application
+must also run on the network core. The :ref:`bluetooth-hci-rpmsg-sample` sample
+application may be used. Build this sample with configuration
+:zephyr_file:`samples/bluetooth/hci_rpmg/nrf5340_cpunet_bt_mesh-bt_ll_sw_split.conf`
+to enable mesh support.
--- a/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -0,0 +1,3 @@
+# Known issue: non secure platforms do not work with settings subsystem.
+CONFIG_SETTINGS=n
+CONFIG_BT_SETTINGS=n
--- a/samples/bluetooth/mesh_provisioner/prj.conf
+++ b/samples/bluetooth/mesh_provisioner/prj.conf
@ -5,11 +5,19 @@ CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
 CONFIG_MAIN_THREAD_PRIORITY=-2

 CONFIG_BT=y
-CONFIG_BT_TINYCRYPT_ECC=y
 #CONFIG_BT_DEBUG_LOG=y
 CONFIG_BT_OBSERVER=y
 CONFIG_BT_BROADCASTER=y

+CONFIG_BT_CTLR_DUP_FILTER_LEN=0
+CONFIG_BT_CTLR_LE_ENC=n
+CONFIG_BT_CTLR_LE_PING=n
+CONFIG_BT_DATA_LEN_UPDATE=n
+CONFIG_BT_PHY_UPDATE=n
+CONFIG_BT_CTLR_MIN_USED_CHAN=n
+CONFIG_BT_CTLR_PRIVACY=n
+CONFIG_BT_CTLR_CHAN_SEL_2=n
+
 CONFIG_BT_MESH=y
 CONFIG_BT_MESH_SUBNET_COUNT=1
 CONFIG_BT_MESH_APP_KEY_COUNT=1
--- a/samples/bluetooth/mesh_provisioner/sample.yaml
+++ b/samples/bluetooth/mesh_provisioner/sample.yaml
@ -6,6 +6,7 @@ tests:
    platform_allow:
      - qemu_x86
      - nrf52840dk_nrf52840
+      - nrf5340dk_nrf5340_cpuapp_ns
    integration_platforms:
      - qemu_x86
    tags: bluetooth
--- a/subsys/bluetooth/mesh/CMakeLists.txt
+++ b/subsys/bluetooth/mesh/CMakeLists.txt
@ -120,8 +120,16 @@ zephyr_library_sources_ifdef(CONFIG_BT_MESH_OD_PRIV_PROXY_SRV sol_pdu_rpl_srv.c)

 zephyr_library_sources_ifdef(CONFIG_BT_MESH_SOLICITATION solicitation.c)

-zephyr_library_sources_ifdef(CONFIG_BT_MESH_USES_TINYCRYPT crypto_tc.c)
-
-zephyr_library_sources_ifdef(CONFIG_BT_MESH_USES_MBEDTLS_PSA crypto_psa.c)
+if (CONFIG_BT_MESH_USES_TINYCRYPT)
+    zephyr_library_sources(crypto_tc.c)
+else()
+    zephyr_library_sources(crypto_psa.c)
+endif()

 zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+
+if (CONFIG_BUILD_WITH_TFM)
+  target_include_directories(${ZEPHYR_CURRENT_LIBRARY} PRIVATE
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+  )
+endif()
--- a/subsys/bluetooth/mesh/Kconfig
+++ b/subsys/bluetooth/mesh/Kconfig
@ -15,6 +15,7 @@ if BT_MESH

 choice BT_MESH_CRYPTO_LIB
 	prompt "Crypto library selection for mesh security"
+	default BT_MESH_USES_TFM_PSA if BUILD_WITH_TFM
 	default BT_MESH_USES_TINYCRYPT

 config BT_MESH_USES_TINYCRYPT
@ -53,9 +54,18 @@ config BT_MESH_USES_MBEDTLS_PSA
 	  on Zephyr's settings subsystem.
 	  Not possible to use for embedded devices yet.

+config BT_MESH_USES_TFM_PSA
+	bool "Use TF-M PSA [EXPERIMENTAL]"
+	select EXPERIMENTAL
+	depends on BUILD_WITH_TFM
+	help
+	  Use TF-M that implements PSA security framework. Support of TF-M is
+	  experimental. It is only possible to use with platforms that TF-M supports.
+	  For more platform details see TF-M documentation.
+
 endchoice

-if BT_MESH_USES_MBEDTLS_PSA
+if BT_MESH_USES_MBEDTLS_PSA || BT_MESH_USES_TFM_PSA

 config BT_MESH_PSA_KEY_ID_USER_MIN_OFFSET
 	int "Offset of BLE Mesh key id range regarding PSA_KEY_ID_USER_MIN"
@ -69,7 +79,7 @@ config BT_MESH_PSA_KEY_ID_USER_MIN_OFFSET
 	  for each application key, and two ids for the device key and device key candidate.
 	  It should consider the Mesh Configuration Database instances if database enabled.

-endif # BT_MESH_USES_MBEDTLS_PSA
+endif # BT_MESH_USES_MBEDTLS_PSA || BT_MESH_USES_TFM_PSA

 # Virtual option enabled whenever Generic Provisioning layer is needed
 config BT_MESH_PROV
--- a/subsys/bluetooth/mesh/keys.h
+++ b/subsys/bluetooth/mesh/keys.h
@ -13,7 +13,7 @@ enum bt_mesh_key_type {
 	BT_MESH_KEY_TYPE_DEV
 };

-#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA
+#if defined CONFIG_BT_MESH_USES_MBEDTLS_PSA || defined CONFIG_BT_MESH_USES_TFM_PSA

 int bt_mesh_key_import(enum bt_mesh_key_type type, const uint8_t in[16], struct bt_mesh_key *out);
 int bt_mesh_key_export(uint8_t out[16], const struct bt_mesh_key *in);