samples: tfm: Re-commit psa_crypto sample

Adds a refactored version of the psa_crypto sample back, which was removed as part of the update to TF-M 1.7.0 due to unresolvable (at the time) issues with use of MbedTLS instances on the S and NS sides. This sample takes advantage of changes to MbedTLS and TF-M that were introduced after the TF-M 1.7.0 and MbedTLS 3.3 release, and cherry-picked in Zephyr, allowing for improved linking of MbedTLS in secure and non-secure images. PSA API calls on the non-secure side can now be correctly routed to the secure partition, while X.509 and TLS calls remain on the non-secure/Zephyr side. Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
zephyrproject-rtos · May 25, 2023 · 090eb2a · 090eb2a
1 parent 3f30081
commit 090eb2a
Show file tree

Hide file tree

Showing 21 changed files with 2,248 additions and 0 deletions.
diff --git a/samples/tfm_integration/psa_crypto/CMakeLists.txt b/samples/tfm_integration/psa_crypto/CMakeLists.txt
@@ -0,0 +1,29 @@
+# SPDX-License-Identifier: Apache-2.0
+
+cmake_minimum_required(VERSION 3.20.0)
+
+find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
+
+project(tfm_psa_crypto)
+
+# Source files in this sample
+target_sources(app PRIVATE src/main.c)
+target_sources(app PRIVATE src/psa_attestation.c)
+target_sources(app PRIVATE src/psa_crypto.c)
+target_sources(app PRIVATE src/shell.c)
+target_sources(app PRIVATE src/util_app_cfg.c)
+target_sources(app PRIVATE src/util_app_log.c)
+target_sources(app PRIVATE src/util_sformat.c)
+
+target_include_directories(app PRIVATE
+  $<TARGET_PROPERTY:tfm,TFM_BINARY_DIR>/install/interface/include
+)
+
+# In TF-M, default value of CRYPTO_ENGINE_BUF_SIZE is 0x2080. It causes
+# insufficient memory failure while verifying signature. Increase it to 0x2400.
+set_property(TARGET zephyr_property_target
+             APPEND PROPERTY TFM_CMAKE_OPTIONS
+             -DCRYPTO_ENGINE_BUF_SIZE=0x2400
+)
+
+zephyr_include_directories(${APPLICATION_SOURCE_DIR}/src/tls_config)
diff --git a/samples/tfm_integration/psa_crypto/Kconfig b/samples/tfm_integration/psa_crypto/Kconfig
@@ -0,0 +1,49 @@
+# Private config options for PSA Crypto application
+
+# Copyright (c) 2023 Linaro
+# SPDX-License-Identifier: Apache-2.0
+
+mainmenu "PSA Crypto sample application"
+
+menu "Application configuration"
+
+module = PSA
+module-str = psa
+source "subsys/logging/Kconfig.template.log_config"
+
+endmenu
+
+config PSA_SHELL
+	bool "The 'psa' shell command"
+	depends on SHELL
+	help
+	  Enabling this option will make the 'psa' shell command available.
+
+config PSA_IMPORT_KEY
+	bool "Support for importing private key data"
+	help
+	  Enable support for importing a pre-generated or randomly generated
+	  private key using PSA APIs and PRIVATE_KEY_STATIC or
+	  PRIVATE_KEY_RANDOM.
+
+choice
+	prompt "Private Key"
+	default PRIVATE_KEY_RANDOM
+
+config PRIVATE_KEY_STATIC
+	bool "Static"
+	depends on PSA_IMPORT_KEY
+	help
+	  A static key value will be used for the elliptic curve 'secp256r1'
+	  private key.
+
+config PRIVATE_KEY_RANDOM
+	bool "Random"
+	depends on PSA_IMPORT_KEY
+	help
+	  A randomly generated value will be used for the elliptic curve
+	  'secp256r1' private key.
+
+endchoice
+
+source "Kconfig.zephyr"