mbedtls: add Kconfig option for PSA_WANT_ALG_SHA_256

Create a new Kconfig named CONFIG_PSA_WANT_ALG_SHA_256 which allows to enable PSA_WANT_ALG_SHA_256. Together with BUILD_WITH_TFM this allows to dipatch SHA256 hash computations to TFM thus allowing to remove SHA256 support from the non-secure build of MbedTLS (unless it is required for some other functionality, of course). Signed-off-by: Valerio Setti <vsetti@baylibre.com> (cherry picked from commit 06a7d49) Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font · Apr 25, 2024 · 8ed38a2 · 8ed38a2
1 parent 3ba4c98
commit 8ed38a2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
@@ -327,6 +327,10 @@ config MBEDTLS_MAC_SHA256_ENABLED
 	bool "SHA-224 and SHA-256 hash algorithms"
 	default y
 
+config PSA_WANT_ALG_SHA_256
+	depends on BUILD_WITH_TFM
+	bool "SHA-256 hash algorithm through PSA"
+
 config MBEDTLS_SHA256_SMALLER
 	bool "Smaller SHA-256 implementation"
 	depends on MBEDTLS_MAC_SHA256_ENABLED

diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
@@ -288,6 +288,10 @@
 #define MBEDTLS_SHA256_C
 #endif
 
+#if defined(CONFIG_PSA_WANT_ALG_SHA_256)
+#define PSA_WANT_ALG_SHA_256 1
+#endif
+
 #if defined(CONFIG_MBEDTLS_SHA256_SMALLER)
 #define MBEDTLS_SHA256_SMALLER
 #endif