From eb1ed1205fbd2898b6b67988483bbbdd0449a5a9 Mon Sep 17 00:00:00 2001 From: Tomi Fontanilles Date: Fri, 14 Feb 2025 16:26:59 +0200 Subject: [PATCH] secure_storage: use hybrid key store in samples/tests Use dynamic allocation for key material for better compatibility as a fully static key store is a new feature that not all PSA Crypto implementations support. Explicitly enable CONFIG_MBEDTLS_ENABLE_HEAP to ensure that Mbed TLS uses heap for the PSA keys' data (instead of failing at runtime). This will turn off CONFIG_MBEDTLS_PSA_STATIC_KEY_SLOTS, making the implementation default to dynamic key slots. Signed-off-by: Tomi Fontanilles --- samples/psa/persistent_key/overlay-secure_storage.conf | 2 ++ .../secure_storage/psa/crypto/overlay-secure_storage.conf | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/samples/psa/persistent_key/overlay-secure_storage.conf b/samples/psa/persistent_key/overlay-secure_storage.conf index 9265b38ccc7..c5cff5f364a 100644 --- a/samples/psa/persistent_key/overlay-secure_storage.conf +++ b/samples/psa/persistent_key/overlay-secure_storage.conf @@ -2,6 +2,8 @@ CONFIG_MBEDTLS=y CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_MBEDTLS_ENABLE_HEAP=y +CONFIG_MBEDTLS_HEAP_SIZE=1024 # The default stack size (1024) is not enough for the PSA Crypto core. # On top of that, the ITS implementation uses the stack for buffers. diff --git a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf index b67ceff8969..dab6788d922 100644 --- a/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf +++ b/tests/subsys/secure_storage/psa/crypto/overlay-secure_storage.conf @@ -5,9 +5,9 @@ CONFIG_MBEDTLS=y CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_TIMER_RANDOM_GENERATOR=y CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG_ALLOW_NON_CSPRNG=y -# PSA Crypto needs some heap, but MINIMAL_LIBC has none by default. -CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=2048 CONFIG_MBEDTLS_PSA_CRYPTO_C=y +CONFIG_MBEDTLS_ENABLE_HEAP=y +CONFIG_MBEDTLS_HEAP_SIZE=1024 CONFIG_SECURE_STORAGE=y # For testing isolation between the different callers of the ITS.