zephyr: Enable building ed25519 PSA variant with Zephyr

# Copyright (c) 2020 Nordic Semiconductor ASA

# Copyright (c) 2020-2025 Nordic Semiconductor ASA

#

# SPDX-License-Identifier: Apache-2.0

  )

endif()

if(CONFIG_BOOT_USE_MBEDTLS)

if(CONFIG_BOOT_USE_PSA_CRYPTO)

  target_include_directories(MCUBOOT_BOOTUTIL INTERFACE

     ${ZEPHYR_MBEDTLS_MODULE_DIR}/include

  )

endif()

if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO)

  zephyr_link_libraries(mbedTLS)

endif()

endif()

# CMakeLists.txt for building mcuboot as a Zephyr project

#

# Copyright (c) 2017 Open Source Foundries Limited

# Copyright (c) 2023 Nordic Semiconductor ASA

# Copyright (c) 2023-2025 Nordic Semiconductor ASA

#

# SPDX-License-Identifier: Apache-2.0

  include

  )

if(DEFINED CONFIG_MBEDTLS)

  zephyr_library_include_directories(

    ${ZEPHYR_MBEDTLS_MODULE_DIR}/include

  )

endif()

# Zephyr port-specific sources.

zephyr_library_sources(

  main.c

  ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c

  )

if(DEFINED CONFIG_BOOT_ENCRYPT_X25519 AND DEFINED CONFIG_BOOT_ED25519_PSA)

  zephyr_library_sources(${BOOT_DIR}/bootutil/src/encrypted_psa.c)

endif()

if(DEFINED CONFIG_MEASURED_BOOT OR DEFINED CONFIG_BOOT_SHARE_DATA)

  zephyr_library_sources(

    ${BOOT_DIR}/bootutil/src/boot_record.c

    ${FIAT_DIR}/include/

  )

  if(NOT CONFIG_BOOT_ED25519_PSA)

    zephyr_library_sources(

      ${FIAT_DIR}/src/curve25519.c

    )

  else()

    zephyr_library_sources(

      ${MBEDTLS_ASN1_DIR}/src/asn1parse.c

      ${BOOT_DIR}/bootutil/src/ed25519_psa.c

    )

  endif()

endif()

if(NOT CONFIG_BOOT_ED25519_PSA)

  if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519)

    zephyr_library_sources(

      ${TINYCRYPT_DIR}/source/aes_encrypt.c

      ${TINYCRYPT_DIR}/source/ecc_dh.c

    )

  endif()

endif()

if(CONFIG_BOOT_ENCRYPT_EC256)

  zephyr_library_sources(

endif

if BOOT_USE_PSA_CRYPTO

config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES

	bool

	default y if BOOT_IMG_HASH_ALG_SHA256

	select PSA_WANT_ALG_SHA_256

	help

	  Dependencies for hashing with SHA256

config BOOT_ED25519_PSA_DEPENDENCIES

	bool

	select PSA_WANT_ALG_SHA_256

	select PSA_WANT_ALG_SHA_512

	select PSA_WANT_ALG_PURE_EDDSA

	# Seems that upstream mbedTLS does not have TE

	#select PSA_WANT_ECC_TWISTED_EDWARDS_255

	select PSA_WANT_ECC_MONTGOMERY_255

	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT

	help

	  Dependencies for ed25519 signature

if BOOT_ENCRYPT_IMAGE

config BOOT_X25519_PSA_DEPENDENCIES

	bool

	select PSA_WANT_ALG_ECDH

	select PSA_WANT_ALG_HMAC

	select PSA_WANT_ALG_HKDF

	select PSA_WANT_ALG_CTR

	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT

	select PSA_WANT_KEY_TYPE_DERIVE

	select PSA_WANT_KEY_TYPE_AES

	select PSA_WANT_ECC_MONTGOMERY_255

	help

	  Dependencies for x25519 shared-random key encryption and AES

	  encryption. The PSA_WANT_ALG_CTR and PSA_WANT_KEY_TYPE_AES

	  enable Counter based block cipher and AES key, and algorithm support,

	  to use with it; the others are used for shared key decryption

	  and derivation.

endif # BOOT_ENCRYPT_IMAGE

if MBEDTLS_ENABLE_HEAP

config MBEDTLS_HEAP_SIZE

	default 2048 if BOOT_USE_PSA_CRYPTO

	help

	  The PSA internals need to be able to allocate memory for operation

	  and it uses mbedTLS heap for that.

endif # MBEDTLS_ENABLE_HEAP

endif # BOOT_USE_PSA_CRYPTO

menu "MCUBoot settings"

config SINGLE_APPLICATION_SLOT

choice BOOT_SIGNATURE_TYPE

	prompt "Signature type"

	default BOOT_SIGNATURE_TYPE_ED25519 if SOC_NRF54L15_CPUAPP

	default BOOT_SIGNATURE_TYPE_RSA

config BOOT_SIGNATURE_TYPE_NONE

choice BOOT_ED25519_IMPLEMENTATION

	prompt "Ecdsa implementation"

	default BOOT_ED25519_TINYCRYPT

config BOOT_ED25519_TINYCRYPT

	bool "Use tinycrypt"

	select BOOT_USE_TINYCRYPT

	select BOOT_IMG_HASH_ALG_SHA512_ALLOW

config BOOT_ED25519_MBEDTLS

	bool "Use mbedTLS"

	select BOOT_USE_MBEDTLS

	select MBEDTLS_ASN1_PARSE_C if MBEDTLS_BUILTIN

	select BOOT_AES_MBEDTLS_DEPENDENCIES if MBEDTLS_BUILTIN && BOOT_ENCRYPT_IMAGE

config BOOT_ED25519_PSA

	bool "Use PSA crypto"

	select MBEDTLS

	select BOOT_USE_PSA_CRYPTO

	select MBEDTLS_PSA_CRYPTO_C

	select MBEDTLS_ASN1_PARSE_C if MBEDTLS_BUILTIN

	select PSA_CRYPTO_CLIENT

	select PSA_CRYPTO_C

	select BOOT_ED25519_PSA_DEPENDENCIES

	select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE

endchoice

endif

if MBEDTLS

config MBEDTLS_CFG_FILE

	default "config-tls-generic.h" if MBEDTLS_BUILTIN

	default "config-tls-generic.h" if MBEDTLS_BUILTIN || BOOT_USE_PSA_CRYPTO

	default "mcuboot-mbedtls-cfg.h" if BOOT_USE_MBEDTLS

endif