Restore MBEDTLS_PSA_CRYPTO_C for PSA targets

[alzix]

Description

Enable PSA Crypto APIs on boards used by Pelion.
Removed by mistake in 763cb4c as part of #9195

Note: PSA Crypto APIs on other boards can still be enabled via mbed_app.json

Pull request type

[X] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

@jenia81 @Patater

[ciarmcom]

@alzix, thank you for your changes.
@Patater @jenia81 @ARMmbed/mbed-os-maintainers please review.

[NirSonnenschein]

seems that this already needs a rebase

[alzix]

rebased

[0xc0170]

Ci started

[mbed-ci]

Test run: SUCCESS

Summary: 12 of 12 test jobs passed
Build number : 1
Build artifacts

[0xc0170]

@alzix This is causing client to fail, can you please check? I'll share internal test url.

This is the error being reported from compilation

[Error] check_config.h@502,0: #35: #error directive: "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"

target NUCLEO_F411RE

cc @TeemuKultala

[shelib01]

@teetak01 , the version used in these tests includes integrated entropy injection feature ?

[teetak01]

This is reproducable with public mbed-cloud-client-example. I believe this broke the non-TRNG configuration.

[Patater]

Hi @shelib01 and @teetak01

Mbed OS doesn't declare entropy as present in a device by default. How entropy ends up in a device shipped out is quite dependent on the device, how it's manufactured, and so forth. It'd be pretty dangerous for Mbed OS to claim that there is any injected entropy for devices without TRNGs when there is no entropy source present. Let's work together and have a look at the mbed-cloud-client-example configuration to ensure that for devices where client knows the device has entropy injected already, or plans to inject it, we have the right configuration. See https://github.com/ARMmbed/mbed-os-example-mbed-crypto/#factory-injection-of-entropy for an example mbed_app.json and further explanation.

Thanks

[Patater]

I've raised PelionIoT/mbed-cloud-client-example#37 to resolve the build issues on the NUCLEO_F411RE for the mbed-cloud-client-example. Other examples or programs will need to make similar changes as desired, being careful to ensure that the feature is only enabled for devices that are manufactured properly.

[0xc0170]

Based on the feedback, we changed this to [X] Functionality change and 5.12 release.

@orenc17 will add Release notes

[orenc17]

Release notes

Adding PSA crypto support for the following single-v7 boards:

• K64F
• K66F
• NUCLEO_F411RE
• NUCLEO_F429ZI
• UBLOX_EVK_ODIN_W2

Note: NUCLEO_F411RE does not have TRNG support and requires entropy injection through NVSeed

[alzix]

@orenc17,
I would suggest rephrasing the last sentence in release notes.
Note: NUCLEO_F411RE does not have TRNG support and requires entropy injection by calling psa_inject... (I do not recall the exact API name - please fix). In case entropy was not injected psa_crypto_init() API will fail with xxx return code.

[0xc0170]

#9710 should fix this and this shall not be functional change anymore as I understood from the conversation. Marking this for 5.11.5 and all fixes needed as well.

[0xc0170]

Moved to 5.12 due to failures with 5.11 branch