bt: crypto/host: remove CONFIG_BT_USE_PSA_API symbol

CONFIG_BT_USE_PSA_API was used in BT crypto/host modules to select PSA crypto API over TinyCrypt (which was the default until now). Since TinyCrypt is being deprecated and PSA crypto API is the new standard library for crypto operations, CONFIG_BT_USE_PSA_API is no more needed. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2024-10-18 05:44:27 +02:00 · 2024-10-18 05:44:27 +02:00 · da9ab6f593
commit da9ab6f593
parent 4b6683cca1
19 changed files with 36 additions and 364 deletions
--- a/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -1,2 +0,0 @@
 # Enable PSA as a crypto backend in host
 CONFIG_BT_USE_PSA_API=y
--- a/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh_demo/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -1,2 +0,0 @@
 # Enable PSA as a crypto backend in host
 CONFIG_BT_USE_PSA_API=y
--- a/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
+++ b/samples/bluetooth/mesh_provisioner/boards/nrf5340dk_nrf5340_cpuapp_ns.conf
@ -1,2 +0,0 @@
 # Enable PSA as a crypto backend in host
 CONFIG_BT_USE_PSA_API=y
--- a/subsys/bluetooth/Kconfig
+++ b/subsys/bluetooth/Kconfig
@ -241,13 +241,6 @@ config BT_SHELL
 	  Activate shell module that provides Bluetooth commands to the
 	  console.
 config BT_USE_PSA_API
 	bool "Use PSA APIs instead of TinyCrypt for crypto operations"
 	depends on BT_CRYPTO || BT_HOST_CRYPTO || BT_ECC
 	depends on PSA_CRYPTO_CLIENT
 	help
 	  Use PSA APIs instead of TinyCrypt for crypto operations
 endif # BT_HCI
 config BT_COMPANY_ID
--- a/subsys/bluetooth/crypto/CMakeLists.txt
+++ b/subsys/bluetooth/crypto/CMakeLists.txt
@ -4,15 +4,11 @@ zephyr_library()
 zephyr_library_sources(bt_crypto.c)
-if(CONFIG_BT_USE_PSA_API)
+zephyr_library_sources(bt_crypto_psa.c)
-    zephyr_library_sources(bt_crypto_psa.c)
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
-    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
-    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+    $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
-        $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+)
    )
 else()
    zephyr_library_sources(bt_crypto_tc.c)
 endif()
 if(CONFIG_BT_CRYPTO_LOG_LEVEL_DBG)
    message(WARNING "CONFIG_BT_CRYPTO_LOG_LEVEL_DBG is enabled.
--- a/subsys/bluetooth/crypto/Kconfig
+++ b/subsys/bluetooth/crypto/Kconfig
@ -3,10 +3,10 @@
 config BT_CRYPTO
 	bool
-	select TINYCRYPT if !BT_USE_PSA_API
+	select MBEDTLS if !BUILD_WITH_TFM
-	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
-	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select PSA_WANT_ALG_CMAC
-	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
+	select MBEDTLS_AES_ROM_TABLES if MBEDTLS_PSA_CRYPTO_C
 	help
 	  This option enables the Bluetooth Cryptographic Toolbox.
--- a/subsys/bluetooth/crypto/bt_crypto.c
+++ b/subsys/bluetooth/crypto/bt_crypto.c
@ -7,12 +7,7 @@
 #include <zephyr/sys/byteorder.h>
 #if defined(CONFIG_BT_USE_PSA_API)
 #include "psa/crypto.h"
 #else
 #include <tinycrypt/cmac_mode.h>
 #include <tinycrypt/constants.h>
 #endif
 #include "common/bt_str.h"
 #include "bt_crypto.h"
--- a/subsys/bluetooth/crypto/bt_crypto_tc.c
+++ b/subsys/bluetooth/crypto/bt_crypto_tc.c
@ -1,34 +0,0 @@
 /* Copyright (c) 2022 Nordic Semiconductor ASA
 * SPDX-License-Identifier: Apache-2.0
 */
 #include <errno.h>
 #include <string.h>
 #include <zephyr/sys/byteorder.h>
 #include <tinycrypt/cmac_mode.h>
 #include <tinycrypt/constants.h>
 #include "common/bt_str.h"
 #include "bt_crypto.h"
 int bt_crypto_aes_cmac(const uint8_t *key, const uint8_t *in, size_t len, uint8_t *out)
 {
 	struct tc_aes_key_sched_struct sched;
 	struct tc_cmac_struct state;
 	if (tc_cmac_setup(&state, key, &sched) == TC_CRYPTO_FAIL) {
 		return -EIO;
 	}
 	if (tc_cmac_update(&state, in, len) == TC_CRYPTO_FAIL) {
 		return -EIO;
 	}
 	if (tc_cmac_final(out, &state) == TC_CRYPTO_FAIL) {
 		return -EIO;
 	}
 	return 0;
 }
--- a/subsys/bluetooth/host/CMakeLists.txt
+++ b/subsys/bluetooth/host/CMakeLists.txt
@ -32,11 +32,10 @@ if(CONFIG_BT_HCI_HOST)
    scan.c
    )
-  if(CONFIG_BT_USE_PSA_API)
+  zephyr_library_sources_ifdef(
-    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_psa.c)
+    CONFIG_BT_HOST_CRYPTO
-  else()
+    crypto_psa.c
-    zephyr_library_sources_ifdef(CONFIG_BT_HOST_CRYPTO    crypto_tc.c)
+    )
  endif()
  zephyr_library_sources_ifdef(
    CONFIG_BT_ECC
@ -116,12 +115,10 @@ if(CONFIG_BT_CONN_DISABLE_SECURITY)
    )
 endif()
-if(CONFIG_BT_USE_PSA_API)
+zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
-    zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)
+zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
-    zephyr_library_include_directories_ifdef(CONFIG_BUILD_WITH_TFM
+  $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
-      $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/api_ns/interface/include
+)
    )
 endif()
 # Bluetooth Mesh has test dependencies in the host.
 # In order to compile Bsim tests with these test features
--- a/subsys/bluetooth/host/Kconfig
+++ b/subsys/bluetooth/host/Kconfig
@ -168,22 +168,23 @@ rsource "../audio/Kconfig"
 config BT_HOST_CRYPTO
 	bool "Use crypto functionality implemented in the Bluetooth host"
 	default y if !BT_CTLR_CRYPTO
-	select TINYCRYPT if !BT_USE_PSA_API
+	select MBEDTLS if !BUILD_WITH_TFM
-	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select MBEDTLS_PSA_CRYPTO_C if !BUILD_WITH_TFM
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES
 	select PSA_WANT_ALG_ECB_NO_PADDING
 	help
-	  The option adds the AES encryption support using TinyCrypt
+	  The option adds the AES encryption support using PSA Crypto API
 	  library if this is not provided by the controller implementation.
 config BT_HOST_CRYPTO_PRNG
-	bool "Use Tinycrypt library for random number generation"
+	bool "Use PSA crypto API library for random number generation"
 	default y
-	select TINYCRYPT_SHA256 if !BT_USE_PSA_API
+	select PSA_WANT_ALG_SHA_256
-	select TINYCRYPT_SHA256_HMAC if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_HMAC
-	select TINYCRYPT_SHA256_HMAC_PRNG if !BT_USE_PSA_API
+	select PSA_WANT_ALG_HMAC
 	depends on BT_HOST_CRYPTO
 	help
-	  When selected, will use tinycrypt library for random number generation.
+	  When selected, will use PSA Crypto API library for random number generation.
 	  This will consume additional ram, but may speed up the generation of random
 	  numbers.
--- a/subsys/bluetooth/host/Kconfig.gatt
+++ b/subsys/bluetooth/host/Kconfig.gatt
@ -115,11 +115,10 @@ config BT_GATT_CACHING
 	bool "GATT Caching support"
 	default y
 	depends on BT_GATT_SERVICE_CHANGED
-	select TINYCRYPT if !BT_USE_PSA_API
+	depends on PSA_CRYPTO_CLIENT
-	select TINYCRYPT_AES if !BT_USE_PSA_API
+	select PSA_WANT_KEY_TYPE_AES
-	select TINYCRYPT_AES_CMAC if !BT_USE_PSA_API
+	select PSA_WANT_ALG_CMAC
-	select PSA_WANT_KEY_TYPE_AES if BT_USE_PSA_API
+	select MBEDTLS_AES_ROM_TABLES if MBEDTLS_PSA_CRYPTO_C
 	select PSA_WANT_ALG_CMAC if BT_USE_PSA_API
 	help
 	  This option enables support for GATT Caching. When enabled the stack
 	  will register Client Supported Features and Database Hash
--- a/subsys/bluetooth/host/crypto_psa.c
+++ b/subsys/bluetooth/host/crypto_psa.c
@ -30,6 +30,7 @@ LOG_MODULE_REGISTER(bt_host_crypto);
 int prng_init(void)
 {
 	if (psa_crypto_init() != PSA_SUCCESS) {
 		LOG_ERR("psa_crypto_init() failed");
 		return -EIO;
 	}
 	return 0;
@ -42,6 +43,7 @@ int bt_rand(void *buf, size_t len)
 		return 0;
 	}
 	LOG_ERR("psa_generate_random() failed");
 	return -EIO;
 }
 #else /* !CONFIG_BT_HOST_CRYPTO_PRNG */
--- a/subsys/bluetooth/host/crypto_tc.c
+++ b/subsys/bluetooth/host/crypto_tc.c
@ -1,176 +0,0 @@
 /*
 * Copyright (c) 2017 Nordic Semiconductor ASA
 * Copyright (c) 2015-2016 Intel Corporation
 *
 * SPDX-License-Identifier: Apache-2.0
 */
 #include <string.h>
 #include <errno.h>
 #include <zephyr/kernel.h>
 #include <zephyr/sys/byteorder.h>
 #include <zephyr/sys/check.h>
 #include <zephyr/bluetooth/bluetooth.h>
 #include <zephyr/bluetooth/hci.h>
 #include <zephyr/bluetooth/conn.h>
 #include <zephyr/bluetooth/crypto.h>
 #include <tinycrypt/constants.h>
 #include <tinycrypt/hmac_prng.h>
 #include <tinycrypt/aes.h>
 #include <tinycrypt/utils.h>
 #include "common/bt_str.h"
 #include "hci_core.h"
 #define LOG_LEVEL CONFIG_BT_HCI_CORE_LOG_LEVEL
 #include <zephyr/logging/log.h>
 LOG_MODULE_REGISTER(bt_host_crypto);
 static struct tc_hmac_prng_struct prng;
 static int prng_reseed(struct tc_hmac_prng_struct *h)
 {
 	uint8_t seed[32];
 	int64_t extra;
 	int ret;
 	ret = bt_hci_le_rand(seed, sizeof(seed));
 	if (ret) {
 		return ret;
 	}
 	extra = k_uptime_get();
 	ret = tc_hmac_prng_reseed(h, seed, sizeof(seed), (uint8_t *)&extra,
 				  sizeof(extra));
 	if (ret == TC_CRYPTO_FAIL) {
 		LOG_ERR("Failed to re-seed PRNG");
 		return -EIO;
 	}
 	return 0;
 }
 int prng_init(void)
 {
 	uint8_t perso[8];
 	int ret;
 	ret = bt_hci_le_rand(perso, sizeof(perso));
 	if (ret) {
 		return ret;
 	}
 	ret = tc_hmac_prng_init(&prng, perso, sizeof(perso));
 	if (ret == TC_CRYPTO_FAIL) {
 		LOG_ERR("Failed to initialize PRNG");
 		return -EIO;
 	}
 	/* re-seed is needed after init */
 	return prng_reseed(&prng);
 }
 #if defined(CONFIG_BT_HOST_CRYPTO_PRNG)
 int bt_rand(void *buf, size_t len)
 {
 	int ret;
 	CHECKIF(buf == NULL || len == 0) {
 		return -EINVAL;
 	}
 	ret = tc_hmac_prng_generate(buf, len, &prng);
 	if (ret == TC_HMAC_PRNG_RESEED_REQ) {
 		ret = prng_reseed(&prng);
 		if (ret) {
 			return ret;
 		}
 		ret = tc_hmac_prng_generate(buf, len, &prng);
 	}
 	if (ret == TC_CRYPTO_SUCCESS) {
 		return 0;
 	}
 	return -EIO;
 }
 #else /* !CONFIG_BT_HOST_CRYPTO_PRNG */
 int bt_rand(void *buf, size_t len)
 {
 	CHECKIF(buf == NULL || len == 0) {
 		return -EINVAL;
 	}
 	return bt_hci_le_rand(buf, len);
 }
 #endif /* CONFIG_BT_HOST_CRYPTO_PRNG */
 int bt_encrypt_le(const uint8_t key[16], const uint8_t plaintext[16],
 		  uint8_t enc_data[16])
 {
 	struct tc_aes_key_sched_struct s;
 	uint8_t tmp[16];
 	CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) {
 		return -EINVAL;
 	}
 	LOG_DBG("key %s", bt_hex(key, 16));
 	LOG_DBG("plaintext %s", bt_hex(plaintext, 16));
 	sys_memcpy_swap(tmp, key, 16);
 	if (tc_aes128_set_encrypt_key(&s, tmp) == TC_CRYPTO_FAIL) {
 		return -EINVAL;
 	}
 	sys_memcpy_swap(tmp, plaintext, 16);
 	if (tc_aes_encrypt(enc_data, tmp, &s) == TC_CRYPTO_FAIL) {
 		return -EINVAL;
 	}
 	sys_mem_swap(enc_data, 16);
 	LOG_DBG("enc_data %s", bt_hex(enc_data, 16));
 	return 0;
 }
 int bt_encrypt_be(const uint8_t key[16], const uint8_t plaintext[16],
 		  uint8_t enc_data[16])
 {
 	struct tc_aes_key_sched_struct s;
 	CHECKIF(key == NULL || plaintext == NULL || enc_data == NULL) {
 		return -EINVAL;
 	}
 	LOG_DBG("key %s", bt_hex(key, 16));
 	LOG_DBG("plaintext %s", bt_hex(plaintext, 16));
 	if (tc_aes128_set_encrypt_key(&s, key) == TC_CRYPTO_FAIL) {
 		return -EINVAL;
 	}
 	if (tc_aes_encrypt(enc_data, plaintext, &s) == TC_CRYPTO_FAIL) {
 		return -EINVAL;
 	}
 	LOG_DBG("enc_data %s", bt_hex(enc_data, 16));
 	return 0;
 }
 #ifdef ZTEST_UNITTEST
 struct tc_hmac_prng_struct *bt_crypto_get_hmac_prng_instance(void)
 {
 	return &prng;
 }
 #endif /* ZTEST_UNITTEST */
--- a/subsys/bluetooth/host/gatt.c
+++ b/subsys/bluetooth/host/gatt.c
@ -21,15 +21,7 @@
 #include <zephyr/settings/settings.h>
 #if defined(CONFIG_BT_GATT_CACHING)
 #if defined(CONFIG_BT_USE_PSA_API)
 #include "psa/crypto.h"
 #else /* CONFIG_BT_USE_PSA_API */
 #include <tinycrypt/constants.h>
 #include <tinycrypt/utils.h>
 #include <tinycrypt/aes.h>
 #include <tinycrypt/cmac_mode.h>
 #include <tinycrypt/ccm_mode.h>
 #endif /* CONFIG_BT_USE_PSA_API */
 #endif /* CONFIG_BT_GATT_CACHING */
 #include <zephyr/bluetooth/hci.h>
@ -702,7 +694,6 @@ static ssize_t cf_write(struct bt_conn *conn, const struct bt_gatt_attr *attr,
 	return len;
 }
 #if defined(CONFIG_BT_USE_PSA_API)
 struct gen_hash_state {
 	psa_mac_operation_t operation;
 	psa_key_id_t key;
@ -752,43 +743,6 @@ static int db_hash_finish(struct gen_hash_state *state)
 	return 0;
 }
 #else /* CONFIG_BT_USE_PSA_API */
 struct gen_hash_state {
 	struct tc_cmac_struct state;
 	struct tc_aes_key_sched_struct sched;
 	int err;
 };
 static int db_hash_setup(struct gen_hash_state *state, uint8_t *key)
 {
 	if (tc_cmac_setup(&(state->state), key, &(state->sched)) == TC_CRYPTO_FAIL) {
 		LOG_ERR("CMAC setup failed");
 		return -EIO;
 	}
 	return 0;
 }
 static int db_hash_update(struct gen_hash_state *state, uint8_t *data, size_t len)
 {
 	if (tc_cmac_update(&state->state, data, len) == TC_CRYPTO_FAIL) {
 		LOG_ERR("CMAC update failed");
 		return -EIO;
 	}
 	return 0;
 }
 static int db_hash_finish(struct gen_hash_state *state)
 {
 	if (tc_cmac_final(db_hash.hash, &(state->state)) == TC_CRYPTO_FAIL) {
 		LOG_ERR("CMAC finish failed");
 		return -EIO;
 	}
 	return 0;
 }
 #endif /* CONFIG_BT_USE_PSA_API */
 union hash_attr_value {
 	/* Bluetooth Core Specification Version 5.3 | Vol 3, Part G
 	 * Table 3.1: Service declaration
--- a/subsys/bluetooth/host/hci_ecc.c
+++ b/subsys/bluetooth/host/hci_ecc.c
@ -14,14 +14,7 @@
 #include <zephyr/debug/stack.h>
 #include <zephyr/sys/byteorder.h>
 #if defined(CONFIG_BT_USE_PSA_API)
 #include <psa/crypto.h>
 #else /* !CONFIG_BT_USE_PSA_API */
 #include <tinycrypt/constants.h>
 #include <tinycrypt/utils.h>
 #include <tinycrypt/ecc.h>
 #include <tinycrypt/ecc_dh.h>
 #endif /* CONFIG_BT_USE_PSA_API*/
 #include <zephyr/bluetooth/bluetooth.h>
 #include <zephyr/bluetooth/buf.h>
@ -101,7 +94,6 @@ static void send_cmd_status(uint16_t opcode, uint8_t status)
 	bt_hci_recv(bt_dev.hci, buf);
 }
 #if defined(CONFIG_BT_USE_PSA_API)
 static void set_key_attributes(psa_key_attributes_t *attr)
 {
 	psa_set_key_type(attr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
@ -148,29 +140,6 @@ static uint8_t generate_keys(void)
 	return 0;
 }
 #else
 static uint8_t generate_keys(void)
 {
 	do {
 		int rc;
 		rc = uECC_make_key(ecc.public_key_be, ecc.private_key_be,
 				   &curve_secp256r1);
 		if (rc == TC_CRYPTO_FAIL) {
 			LOG_ERR("Failed to create ECC public/private pair");
 			return BT_HCI_ERR_UNSPECIFIED;
 		}
 	/* make sure generated key isn't debug key */
 	} while (memcmp(ecc.private_key_be, debug_private_key_be, BT_PRIV_KEY_LEN) == 0);
 	if (IS_ENABLED(CONFIG_BT_LOG_SNIFFER_INFO)) {
 		LOG_INF("SC private key 0x%s", bt_hex(ecc.private_key_be, BT_PRIV_KEY_LEN));
 	}
 	return 0;
 }
 #endif /* CONFIG_BT_USE_PSA_API */
 static void emulate_le_p256_public_key_cmd(void)
 {
@ -221,7 +190,6 @@ static void emulate_le_generate_dhkey(void)
 	int ret = 0;
 	bool use_debug = atomic_test_bit(flags, USE_DEBUG_KEY);
 #if defined(CONFIG_BT_USE_PSA_API)
 	psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
 	psa_key_id_t key_id;
 	/* PSA expects secp256r1 public key to start with a predefined 0x04 byte
@ -253,19 +221,6 @@ static void emulate_le_generate_dhkey(void)
 		ret = -EIO;
 	}
 #else /* !CONFIG_BT_USE_PSA_API */
 	ret = uECC_valid_public_key(ecc.public_key_be, &curve_secp256r1);
 	if (ret < 0) {
 		LOG_ERR("public key is not valid (ret %d)", ret);
 		ret = -EIO;
 		goto exit;
 	}
 	ret = uECC_shared_secret(ecc.public_key_be,
 				use_debug ? debug_private_key_be : ecc.private_key_be,
 				ecc.dhkey_be, &curve_secp256r1);
 	ret = (ret == TC_CRYPTO_FAIL) ? -EIO : 0;
 #endif /* CONFIG_BT_USE_PSA_API */
 exit:
 	buf = bt_buf_get_rx(BT_BUF_EVT, K_FOREVER);
--- a/tests/bluetooth/mesh/basic/testcase.yaml
+++ b/tests/bluetooth/mesh/basic/testcase.yaml
@ -46,8 +46,6 @@ tests:
  bluetooth.mesh.gatt.psa:
    build_only: true
    extra_args: CONF_FILE=gatt.conf
    extra_configs:
      - CONFIG_BT_USE_PSA_API=y
    platform_allow:
      - qemu_x86
      - nrf5340dk/nrf5340/cpuapp/ns
--- a/tests/bsim/bluetooth/host/gatt/caching/psa_overlay.conf
+++ b/tests/bsim/bluetooth/host/gatt/caching/psa_overlay.conf
@ -1,4 +1,3 @@
 CONFIG_BT_USE_PSA_API=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 CONFIG_PSA_CRYPTO_ENABLE_ALL=y
--- a/tests/bsim/bluetooth/ll/conn/psa_overlay.conf
+++ b/tests/bsim/bluetooth/ll/conn/psa_overlay.conf
@ -1,4 +1,3 @@
 CONFIG_BT_USE_PSA_API=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_PSA_CRYPTO_C=y
 CONFIG_PSA_CRYPTO_ENABLE_ALL=y
--- a/tests/bsim/bluetooth/mesh/overlay_psa.conf
+++ b/tests/bsim/bluetooth/mesh/overlay_psa.conf
@ -1,5 +1,5 @@
-# Enable PSA as a crypto backend in host
+# Increase the number of key slots in PSA Crypto core
-CONFIG_BT_USE_PSA_API=y
+CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=64
 # Increase the number of key slots in PSA Crypto core
 CONFIG_MBEDTLS_PSA_KEY_SLOT_COUNT=64
		`@ -1,2 +0,0 @@`
			`# Enable PSA as a crypto backend in host`
			`CONFIG_BT_USE_PSA_API=y`