Hi, I have a problem with the Kconfig Wi-Fi and crypto configuration on a nrf7002dk_nrf5340_cpuapp board and ncs v2.5.0.
What I want to achieve is to be able to use the psa_generate_random -> psa_driver_wrapper_get_random
function to generate random bytes. To be able to do so, any PSA_NEED_*_DRBG_DRIVER
define needs to be defined (from a psa_crypto_config.cmake
included in nrf/subsys/nrf_security/src/CMakeLists.txt
). But to do so, a CONFIG_MBEDTLS_LEGACY_CRYPTO_C
cannot be defined. This symbol is y-selected by WPA_SUPP_CRYPTO_LEGACY
. If I change WPA_SUPP_CRYPTO_BACKEND
to WPA_SUPP_CRYPTO_PSA
, I'm able to unselect the MBEDTLS_LEGACY_CRYPTO_C
but then I get the following Kconfig warnigns/error (example below):
warning: MBEDTLS_ECP_C (defined at ~/zephyrproject/nrf/modules/trusted-firmware-m/Kconfig.mbedtls_minimal.defconfig:41, ~/zephyrproject/nrf/subsys/nrf_security/Kconfig.legacy:525, modules/mbedtls/Kconfig.tls-generic:145, modules/mbedtls/Kconfig.tls-generic:145) has direct dependencies TFM_PROFILE_TYPE_MINIMAL || (MBEDTLS_LEGACY_CRYPTO_C && NRF_SECURITY) || (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS) || (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0) with value n, but is currently being y-selected by the following symbols:
- WPA_SUPP_CRYPTO_PSA (defined at ~/zephyrproject/nrf/modules/hostap/Kconfig:81), with value y, direct dependencies <choice WPA_SUPP_CRYPTO_BACKEND> (value: y), and select condition <choice WPA_SUPP_CRYPTO_BACKEND> (value: y)
Is there any possibility to both use crypto support for Wi-Fi and psa_generate_random with the nrf7002dk_nrf5340_cpuapp board? Or am I wrong in my thinking?