These functions have been deprecated for more than 2 releases,
remove them:
- zephyr_smp_rx_req
- zephyr_smp_alloc_rsp
- zephyr_smp_free_buf
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
As part of ongoing work to move away from TinyCrypt and towards PSA
(#43712), introduce a PSA option and remove the TinyCrypt one for the
SHA-256 implementation.
The Mbed TLS implementation is modified to use `mbedtls_sha256`
directly for smaller code size.
The reliance of mgmt/updatehub on storage/flash_map's configuration
(`FLASH_AREA_CHECK_INTEGRITY_BACKEND`) is removed.
The choice of which implementation to use is made automatically,
based on whether a PSA API provider is present (`PSA_CRYPTO_CLIENT`).
This commit also add a test case with PSA (based on Mbed TLS)
in samples/subsys/mgmt/updatehub/sample.yaml.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
When CP has a secure channel active, it should never receive a
REPLY_CCRYPT or REPLY_RMAC_I. Since these responses change the SC state,
let's also make sure that they are accepted only when they are
expected: in response to commands CMD_CHLNG and CMD_SCRYPT respectively.
Reported-by: Eran Jacob <eran.jacob@otorio.com>
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The commit replaces flash_area_erase with flash_area_flatten.
The function is used in to places:
1) in image management commands IMG_MGMT_ID_UPLOAD
and IMG_MGMT_ID_ERASE: to erase an image in secondary slot
or to scramble trailer part of image, which could be misunderstood
by MCUboot as valid image operation request;
2) in command ZEPHYR_MGMT_GRP_BASIC_CMD_ERASE_STORAGE to
erase/scramble data partition.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Namespaced the generated headers with `zephyr` to prevent
potential conflict with other headers.
Introduce a temporary Kconfig `LEGACY_GENERATED_INCLUDE_PATH`
that is enabled by default. This allows the developers to
continue the use of the old include paths for the time being
until it is deprecated and eventually removed. The Kconfig will
generate a build-time warning message, similar to the
`CONFIG_TIMER_RANDOM_GENERATOR`.
Updated the includes path of in-tree sources accordingly.
Most of the changes here are scripted, check the PR for more
info.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Adds a missing network include file which was causing an undefined
function build failure, likely caused by a recent change affecting
includes in other header files
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
As part of ongoing work to move away from TinyCrypt and towards PSA
(#43712), make fs_mgmt use either PSA (when available) or MbedTLS
(as a fallback) for SHA-256.
The use of PSA is guarded by CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT
which requires a locally-built PSA core for devices without TF-M.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
After the changes introduced by #50816 the UpdateHub could not decode
anymore the JSON object. This introduce missing parsing definitions
to allow JSON parser undertood the correct UpdateHub probe object.
Fixes#69297
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
There have been to problems with the code where zcbor_bool_encode
has been fed value instead of expected pointer and the result
of previous zcbor_encode operations has not been taken to evaluate
value of ok status.
The change also replaces usage of #if IS_ENABLED with #ifdef, as
IS_ENABLED should not be used outside if().
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In situations, where the address, the port and the auth token of the
hawkbit server are not known during build, it should be possible to set
it during runtime.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
In hawkbit there are currently a lot of values send to the server, that
are not required or even optional. This commit corrects that.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
`setsockopt` is enabled by `CONFIG_POSIX_API`, use
`zsock_setsockopt` instead, otherwise there will be a
compilation error if `CONFIG_NET_SOCKETS_SOCKOPT_TLS` is
enabled.
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
remove unnecessary condition for CONFIG_HAWKBIT_POLL_INTERVAL,
changes poll_sleep to be in seconds,
change type of sleep_time in hawkbit_update_sleep(), so the return
value of hawkbit_time2sec() is interpreted correctly.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Change 'Hawkbit' and 'hawkbit' to 'hawkBit' wherever
makes sense, and a bit of touch ups here and there.
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
The library should be using internal socket API functions
so that we do not need to depend on POSIX_API.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
remove hb_context.status_buffer_size and replace it with
sizeof(hb_context.status_buffer), because hb_context.status_buffer_size
is never set.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Added the CONFIG_MCUMGR_TRANSPORT_BT_DYNAMIC_SVC_REGISTRATION Kconfig
option to manage how the SMP service should be registered.
By default the SMP service must be registered at runtime.
If this Kconfig option is disabled, the SMP service is statically
defined and registered.
This change allows to opt out of using the CONFIG_BT_GATT_DYNAMIC_DB
Kconfig option and as a result, lower the memory usage.
Signed-off-by: Mateusz Kapala <mateusz.kapala@nordicsemi.no>
A lot of the log messages are using highest level, optimize
them to recycle as much messages as possible.
When building the sample with `CONFIG_HAWKBIT_LOG_LEVEL_DBG`
on `frdm_k64f`, the FLASH size is reduced from 150860 B to
150048 B, saving ~800 bytes.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Introduce a current state of Host Command subsystem.
It makes sures that a backend has been initilized and doesn't allow
sending a response twice. There is a possibility, that a command handler
that calls ec_host_cmd_send_response function returns anyway (which is a
mistake).
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
