tfm: do not enable all PSA features by default when BUILD_WITH_TFM

Do not enable all PSA features by default when BUILD_WITH_TFM Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-05-28 15:47:37 +02:00 · 2024-05-28 15:47:37 +02:00 · 87dbd81168
commit 87dbd81168
parent 955dbf47f8
2 changed files with 5 additions and 1 deletions
--- a/modules/trusted-firmware-m/Kconfig.tfm
+++ b/modules/trusted-firmware-m/Kconfig.tfm
@ -33,7 +33,6 @@ menuconfig BUILD_WITH_TFM
 	imply INIT_ARCH_HW_AT_BOOT
 	imply ARM_NONSECURE_PREEMPTIBLE_SECURE_CALLS
 	imply MBEDTLS
-	imply PSA_CRYPTO_ENABLE_ALL
 	help
 	  When enabled, this option instructs the Zephyr build process to
 	  additionally generate a TF-M image for the Secure Execution
--- a/samples/tfm_integration/psa_crypto/prj.conf
+++ b/samples/tfm_integration/psa_crypto/prj.conf
@ -29,6 +29,11 @@ CONFIG_MBEDTLS_USER_CONFIG_ENABLE=y
 CONFIG_MBEDTLS_USER_CONFIG_FILE="config_mbedtls.h"

 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY=y
+CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC=y
+CONFIG_PSA_WANT_ECC_SECP_R1_256=y
+CONFIG_PSA_WANT_ALG_ECDSA=y
+CONFIG_PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY=y
 CONFIG_MBEDTLS_ENTROPY_ENABLED=y
 CONFIG_MBEDTLS_ECP_C=y
 CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y