From 87dbd81168c9e705098b842e0cc0d9f739f377e7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 28 May 2024 15:47:37 +0200 Subject: [PATCH] tfm: do not enable all PSA features by default when BUILD_WITH_TFM Do not enable all PSA features by default when BUILD_WITH_TFM Signed-off-by: Valerio Setti --- modules/trusted-firmware-m/Kconfig.tfm | 1 - samples/tfm_integration/psa_crypto/prj.conf | 5 +++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/trusted-firmware-m/Kconfig.tfm b/modules/trusted-firmware-m/Kconfig.tfm index 5e8511947cf..b90390f3d04 100644 --- a/modules/trusted-firmware-m/Kconfig.tfm +++ b/modules/trusted-firmware-m/Kconfig.tfm @@ -33,7 +33,6 @@ menuconfig BUILD_WITH_TFM imply INIT_ARCH_HW_AT_BOOT imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS imply MBEDTLS - imply PSA_CRYPTO_ENABLE_ALL help When enabled, this option instructs the Zephyr build process to additionally generate a TF-M image for the Secure Execution diff --git a/samples/tfm_integration/psa_crypto/prj.conf b/samples/tfm_integration/psa_crypto/prj.conf index dde93b26bd2..0abda953423 100644 --- a/samples/tfm_integration/psa_crypto/prj.conf +++ b/samples/tfm_integration/psa_crypto/prj.conf @@ -29,6 +29,11 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y CONFIG_MBEDTLS_USER_CONFIG_FILE="config_mbedtls.h" CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y +CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC=y +CONFIG_PSA_WANT_ECC_SECP_R1_256=y +CONFIG_PSA_WANT_ALG_ECDSA=y +CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y CONFIG_MBEDTLS_ENTROPY_ENABLED=y CONFIG_MBEDTLS_ECP_C=y CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y