https://devzone.nordicsemi.com/f/nordic-q-a/90020/nrf5340-cryptocell-312-sha-1-support-via-psa-crypto-apiHi, According to CryptoCell-312 documentation , it supports the SHA-1 algorithm. I was able to successfully run the SHA-256 cryptography sample application in the nRF Connect SDK ( v2.0.0/nrf/samples/crypto/sha256). I made a copy of this app, and converteden-USTelligent Community 13Mon, 18 Jul 2022 12:07:40 GMThttps://devzone.nordicsemi.com/thread/377409?ContentTypeID=1Mon, 18 Jul 2022 12:07:40 GMT137ad170-7792-4731-bb38-c0d22fbe4515:00808c9b-2045-4ea1-a417-594d9d346633Sigurd Hellesvik<p>Hi</p> <p>It turns out that SHA_1 is not allowed in <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/security_chapter.html">Trusted Firmware-M</a>.<br /><a href="https://github.com/zephyrproject-rtos/tf-m-tests/blob/c99a86b295c4887520da9d8402566d7f225c974e/test/secure_fw/suites/crypto/non_secure/crypto_ns_interface_testsuite.c#L263">psa_unsupported_hash_test(PSA_ALG_SHA_1, ret);</a></p> <p>So either do not use SHA_1, or turn off TF-M. <br />I would recommend using another hash algorithm.</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/377250?ContentTypeID=1Fri, 15 Jul 2022 17:44:10 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ef8a0502-2e7f-4fa9-9460-b51343ce4e27chris_c<p>Hi Sigurd,</p> <p>Thanks for the suggestion!&nbsp; Adding that to my prj.conf doesn&#39;t seem to change the behavior I&#39;m seeing.</p> <p>My proj.conf looks like this:</p> <p># The Zephyr CMSIS emulation assumes that ticks are ms, currently<br />CONFIG_SYS_CLOCK_TICKS_PER_SEC=1000</p> <p>CONFIG_MAIN_STACK_SIZE=4096<br />CONFIG_HEAP_MEM_POOL_SIZE=4096</p> <p># Enable loging using RTT and UART<br />CONFIG_CONSOLE=y<br />CONFIG_LOG=y<br />CONFIG_USE_SEGGER_RTT=y<br />CONFIG_LOG_BACKEND_RTT=y<br />CONFIG_LOG_BACKEND_UART=y<br />CONFIG_LOG_BUFFER_SIZE=15360<br />CONFIG_SEGGER_RTT_BUFFER_SIZE_UP=15360</p> <p># Enable nordic security backend and PSA APIs<br />CONFIG_NRF_SECURITY=y<br />CONFIG_MBEDTLS_PSA_CRYPTO_C=y</p> <p>CONFIG_MBEDTLS_ENABLE_HEAP=y<br />CONFIG_MBEDTLS_HEAP_SIZE=8192<br />CONFIG_PSA_CRYPTO_DRIVER_OBERON=n<br />CONFIG_PSA_CRYPTO_DRIVER_CC3XX=y<br />CONFIG_PSA_WANT_ALG_SHA_1=y<br />CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX=y</p> <p>With my boards/nrf5340dk_nrf5340_cpuapp_ns.conf currently the same as the default sha256 sample:</p> <p>CONFIG_BUILD_WITH_TFM=y<br />CONFIG_TFM_PROFILE_TYPE_NOT_SET=y</p> <p>Curiously, I did notice that when I comment out the following two code blocks&nbsp;inside the &quot;v2.0.0/nrfxlib/nrf_security/src/psa_crypto_driver_wrappers.c the SHA-1 hash operation succeeds and another SHA-1 test I am doing with hash_setup() succeeds as expected:</p> <p>1. Inside&nbsp;psa_driver_wrapper_hash_compute():</p> <p>1687 /*#if defined(MBEDTLS_PSA_CRYPTO_SPM)<br />1688 if (alg == PSA_ALG_SHA_1) {<br />1689 return PSA_ERROR_NOT_SUPPORTED;<br />1690 }<br />1691 #endif*/</p> <p>2. Inside&nbsp;psa_driver_wrapper_hash_setup():</p> <p>1741 /*#if defined(MBEDTLS_PSA_CRYPTO_SPM)<br />1742 if (alg == PSA_ALG_SHA_1) {<br />1743 return PSA_ERROR_NOT_SUPPORTED;<br />1744 }<br />1745 #endif*/</p> <p>I&#39;m not sure this is the correct approach, but an observation on what is working.</p> <p>Thanks,<br />Chris</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/377157?ContentTypeID=1Fri, 15 Jul 2022 10:41:21 GMT137ad170-7792-4731-bb38-c0d22fbe4515:1f4d46b7-e864-4832-bcb8-650b157fca12Sigurd Hellesvik<p>Hi</p> <p>Is <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.0.0/nrfxlib/nrf_security/doc/driver_config.html#secure-hash-driver-configurations">CONFIG_PSA_CRYPTO_DRIVER_ALG_SHA_1_CC3XX</a> what you are looking for?</p> <p>Regards,<br />Sigurd Hellesvik</p><div style="clear:both;"></div>