nrf_security: fix undefined Kconfig option references

doc/_utils/redirects.py

@@ -1,3 +1,3 @@
 """
 Copyright (c) 2022 Nordic Semiconductor
 SPDX-License-Identifier: Apache-2.0
@@ -553,7 +553,8 @@
     ("libraries/nrf_security/doc/configuration", "libraries/security/nrf_security/doc/configuration"), # Configuration
     ("libraries/nrf_security/doc/driver_config", "security/crypto/driver_config"), # Feature configurations and driver support (moved to security/crypto for v3.1.0)
     ("libraries/security/nrf_security/doc/driver_config", "security/crypto/driver_config"),
-    ("libraries/nrf_security/doc/mbed_tls_header", "libraries/security/nrf_security/doc/mbed_tls_header"), # User-provided Mbed TLS configuration header
+    ("libraries/nrf_security/doc/mbed_tls_header", "libraries/security/nrf_security/index"), # User-provided Mbed TLS configuration header (removed in v3.1.0)
+    ("libraries/security/nrf_security/doc/mbed_tls_header", "libraries/security/nrf_security/index"), # User-provided Mbed TLS configuration header (removed in v3.1.0)
     ("libraries/nrf_security/doc/backend_config", "libraries/security/nrf_security/doc/backend_config"), # Legacy configurations and supported features
     ("libraries/tfm/index", "libraries/security/tfm/index"), # TF-M libraries (landing)
     ("libraries/tfm/tfm_ioctl_api", "libraries/security/tfm/tfm_ioctl_api"), # TF-M input/output control (IOCTL)

doc/nrf/app_dev/device_guides/nrf53/logging_nrf5340.rst

@@ -87,7 +87,6 @@ There are several options to get UART output from the secure TF-M:
 * Disable the output for the network core and change the pins used by TF-M.
   The network core usually has a child image.
   To configure logging in an |NCS| image, see :ref:`ug_logging`.
-  To change the pins used by TF-M, set the RXD (:kconfig:option:`CONFIG_TFM_UART1_RXD_PIN`) and TXD (:kconfig:option:`CONFIG_TFM_UART1_TXD_PIN`) Kconfig options in the application image to **P1.00** (32) and **P1.01** (33).
 
 * You can wire the secure and non-secure UART peripherals to the same pins.
   Specifically, physically wire together the pins **P0.25** and **P0.26** to **P0.20** and **P0.22**, respectively.

doc/nrf/libraries/security/nrf_security/index.rst

@@ -13,7 +13,7 @@ The nRF Security subsystem provides:
 * Software fallbacks when hardware acceleration is unavailable (``nrf_oberon``)
 * A PSA driver abstraction layer enabling simultaneous use of hardware and software implementations
 * Compatibility with the specific Mbed TLS version included in the |NCS| through `sdk-mbedtls`_
-* Integration logic for the PSA Oberon core (`sdk-oberon-psa-crypto`_)
+* Integration logic for the Oberon PSA Crypto core (`sdk-oberon-psa-crypto`_)
 * Source code for the CRACEN driver used for the :ref:`ug_nrf54l_cryptography`
 * Integration with the |NCS| build system
 
@@ -26,4 +26,3 @@ This library conforms to the specific revision of Mbed TLS that is supplied thro
 
    doc/configuration
    doc/backend_config
-   doc/mbed_tls_header

doc/nrf/security/tfm/tfm_building.rst

@@ -155,7 +155,7 @@ TF-M's Secure Partition Manager (SPM) backend may also be configured, depending
      - With IPC, each Secure Partition processes signals in any order, and can defer responding to a message while continuing to process other signals.
      - Levels 1, 2 and 3
 
-To control the number of logging messages, set the :kconfig:option:`CONFIG_TFM_LOG_LEVEL` Kconfig option.
+To control the number of logging messages, set the :kconfig:option:`CONFIG_TFM_SPM_LOG_LEVEL` Kconfig option.
 To disable logging, set the :kconfig:option:`CONFIG_TFM_LOG_LEVEL_SILENCE` option.
 
 The size of TF-M partitions is affected by multiple configuration options and hardware-related options.

modules/trusted-firmware-m/tfm_boards/common/crypto_keys.c

@@ -49,7 +49,7 @@ static enum tfm_plat_err_t tfm_plat_get_huk(uint8_t *buf, size_t buf_len, size_t
 
 	return TFM_PLAT_ERR_SUCCESS;
 }
-#endif /* CONFIG_HW_UNQUE_KEY */
+#endif /* CONFIG_HW_UNIQUE_KEY */
 
 #ifdef TFM_PARTITION_INITIAL_ATTESTATION
 static enum tfm_plat_err_t tfm_plat_get_iak(uint8_t *buf, size_t buf_len, size_t *key_len,

samples/bootloader/socs/nrf54l05_cpuapp.conf

@@ -11,7 +11,7 @@ CONFIG_PSA_USE_CRACEN_MAC_DRIVER=n
 # Hardware support for ED25519
 CONFIG_PSA_USE_CRACEN_HASH_DRIVER=y
 CONFIG_PSA_USE_CRACEN_CIPHER_DRIVER=y
-CONFIG_PSA_USE_CRACEN_ASYMMETRIC_DRIVER=y
+CONFIG_PSA_USE_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER=y
 
 # Link Time Optimizations
 CONFIG_ISR_TABLES_LOCAL_DECLARATION=y

samples/bootloader/socs/nrf54l10_cpuapp.conf

@@ -11,7 +11,7 @@ CONFIG_PSA_USE_CRACEN_MAC_DRIVER=n
 # Hardware support for ED25519
 CONFIG_PSA_USE_CRACEN_HASH_DRIVER=y
 CONFIG_PSA_USE_CRACEN_CIPHER_DRIVER=y
-CONFIG_PSA_USE_CRACEN_ASYMMETRIC_DRIVER=y
+CONFIG_PSA_USE_CRACEN_ASYMMETRIC_SIGNATURE_DRIVER=y
 
 # Link Time Optimizations
 CONFIG_ISR_TABLES_LOCAL_DECLARATION=y

subsys/nrf_security/cmake/generate_configs.cmake

@@ -18,7 +18,7 @@ macro(generate_mbedcrypto_interface_configs)
     kconfig_backup_current_config(CONFIG_MBEDTLS_PSA_CRYPTO_C)
     kconfig_backup_current_config(CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
     kconfig_backup_current_config(CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-    kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING)
+    kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING_C)
     kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING_ALT)
 
     message("=========== Checkpoint: backup ===============")
@@ -61,7 +61,7 @@ macro(generate_mbedcrypto_interface_configs)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_C)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
-    kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING)
+    kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING_C)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING_ALT)
 
     message("=========== End psa_crypto_config ===============")
@@ -87,7 +87,7 @@ macro(generate_mbedcrypto_library_configs)
     kconfig_backup_current_config(CONFIG_MBEDTLS_PSA_CRYPTO_SPM)
     kconfig_backup_current_config(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
     kconfig_backup_current_config(CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT)
-    kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING)
+    kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING_C)
     kconfig_backup_current_config(CONFIG_MBEDTLS_THREADING_ALT)
 
 
@@ -135,7 +135,7 @@ macro(generate_mbedcrypto_library_configs)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PSA_CRYPTO_SPM)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_USE_PSA_CRYPTO)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_PLATFORM_PRINTF_ALT)
-    kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING)
+    kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING_C)
     kconfig_restore_backup_config(CONFIG_MBEDTLS_THREADING_ALT)
 
     message("=========== End psa_crypto_library_config ===============")

subsys/nrf_security/tfm/CMakeLists.txt

@@ -84,7 +84,6 @@ set(CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG          True)
 set(CONFIG_MBEDTLS_PSA_CRYPTO_C                     True)
 
 if ("${PROJECT_NAME}" STREQUAL "Bootloader")
-  set(CONFIG_CC3XX_MBEDTLS_RSA_C    True)
   set(CONFIG_MBEDTLS_RSA_C          True)
   set(CONFIG_MBEDTLS_PKCS1_V21      True)
   set(CONFIG_MBEDTLS_PSA_CRYPTO_SPM False)

tests/crypto/src/common_test.h

@@ -65,10 +65,6 @@ extern char drbg_ctx;
 #include <zephyr/drivers/entropy.h>
 #endif
 
-#if defined CONFIG_TV_ASSERT_USER_OVERRIDE
-#include <tv_assert_user_override.h>
-#endif
-
 /**@brief Test vector expected result.
  *  Used to verify invalid behavior test cases.
  */