config: add secure key storage with tf-m

ktaborowski · ktaborowski · commit 46b4ea31f3b9 · 2024-11-07T09:10:06.000+01:00
[KRKNWK-19489] Signed-off-by: Krzysztof Taborowski <krzysztof.taborowski@nordicsemi.no>
diff --git a/Kconfig b/Kconfig
@@ -178,7 +178,7 @@ config SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7
 
 config SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	bool "Enable psa crypto storage for persistent Sidewalk keys [EXPERIMENTAL]"
-	default (SIDEWALK && !BUILD_WITH_TFM)
+	default SIDEWALK
 	select EXPERIMENTAL
 	help
 	  Use secure key storage for persistent Sidewalk keys.
diff --git a/Kconfig.dependencies b/Kconfig.dependencies
@@ -74,14 +74,21 @@ config SIDEWALK_CRYPTO
 	imply PSA_WANT_KEY_TYPE_HMAC
 	imply PSA_WANT_GENERATE_RANDOM
 	imply MBEDTLS_ENABLE_HEAP
-	imply MBEDTLS_PSA_CRYPTO_STORAGE_C if SIDEWALK_CRYPTO_PSA_KEY_STORAGE
-	imply TRUSTED_STORAGE if SIDEWALK_CRYPTO_PSA_KEY_STORAGE
-	imply HW_UNIQUE_KEY if SIDEWALK_CRYPTO_PSA_KEY_STORAGE
-	imply HW_UNIQUE_KEY_RANDOM if SIDEWALK_CRYPTO_PSA_KEY_STORAGE
-	imply HW_UNIQUE_KEY_WRITE_ON_CRYPTO_INIT if SIDEWALK_CRYPTO_PSA_KEY_STORAGE
 	help
 	   Sidewalk security module
 
+config SIDEWALK_SECURE_KEY
+	bool
+	default SIDEWALK_CRYPTO_PSA_KEY_STORAGE
+	imply MBEDTLS_PSA_CRYPTO_STORAGE_C
+	imply TRUSTED_STORAGE if !BUILD_WITH_TFM
+	imply HW_UNIQUE_KEY if !BUILD_WITH_TFM
+	imply HW_UNIQUE_KEY_RANDOM if !BUILD_WITH_TFM
+	imply HW_UNIQUE_KEY_WRITE_ON_CRYPTO_INIT if !BUILD_WITH_TFM
+	imply TFM_ITS_ENCRYPTED if BUILD_WITH_TFM
+	help
+	  Sidewalk persistent keys storage module
+
 if SIDEWALK_CRYPTO
 
 choice CC3XX_LOCK_VARIANT
