Hello
I am trying to implement AES Key Wrap on nrf54l15.
For that i enabled
```
#necessary to get oberon_psa_wrap_key/oberon_psa_unwrap_key
CONFIG_PSA_WANT_ALG_AES_KW=y
#necessary as it seems to be the only driver implementing these functions
CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
```
This works well with volatile keys (i.e. that i import myself into PSA).
Now the problem is that we want to use KMU protection for the KEK (Key Encryption Key) and we were not able to provision it into KMU.
We are using github.com/.../generate_psa_key_attributes.py
and `nrfutil device x-provision-keys` to flash the keys.
Nothing in the nRF SDK documentation indicates that it is supported by KMU but we still tried to provision the KEK with the following attributes:
```
PSA_ALG_AES_KW
PSA_KEY_USAGE_WRAP
PSA_KEY_USAGE_UNWRAP
```
As we could expect, the device rejects the attributes:
```
$ ./provisioning_keys_kmu.bat
Failed to provision keys on 1057746627, Device error: Keys [5] failed provisioning. Error: One or more key provisioning tasks failed:
* 1057746627: Device error: Keys [5] failed provisioning. (Generic)
```
We also looked at other options than `LOCATION_CRACEN_KMU`:
- on `LOCATION_CRACEN` we get the exact same error
- on `LOCATION_LOCAL_STORAGE` we don't get any error, but we are not able to get the keys attributes by reusing the same psa_key_id, as if nothing was flashed on the device.
My questions are:
- is AES KW supported by KMU ?
- if not, how would you suggest to protect the AES Key Wrap operation on Nordic nRF54l15 ?
Thanks
Nicolas
