[Silabs] Cherry-pick changes to support PSA keys for the SessionKeyStore #41143
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* [Silabs] PSA Crypto PAL customized for EFR32.
Merge in WMN_TOOLS/matter from provision_SPAM to dev/provision_source_code Squashed commit of the following: commit ae6d6bd09b963838fa8ae70efefa0770c33c5b73 Author: lpbeliveau-silabs <[email protected]> Date: Wed Sep 25 11:08:23 2024 -0400 Updated the GsdkSpam for series 3 now that provisioning relies on it commit fb0cb797ca3eea51856e2b62e5b2c0a4dfb8cac3 Author: lpbeliveau-silabs <[email protected]> Date: Tue Sep 24 17:53:54 2024 -0400 Updated provisioning to use Silabs Platform Abstraction Manager Co-authored-by: Andrei Litvin <[email protected]>
* [Silabs] Provision: Dynamic buffer allocation. * Code review.
…37580) * [Silabs] AES_CCM_decrypt output buffer fixed. * Code review.
* Bump submodule for sdk updates and docker image version * Update files and libs pulled from sisdk. add -fno-lto ld flag. update mg24 linkerfile * Bring PSA crypto changes from sisdk Co-authored-by: Ricardo Casallas <[email protected]> * fixup merge conflict on CHIPCryptoPALPsaEfr32.cpp * Update mgm24 linkerfile. add no-lto to test-driver * update mg26 linkerfile * Adds mbedTLS 3.x support with tinycrypt uECC APIs (#132) * [SL-UP] Add BRD4338A support for Wiseconnect 3.4 in GN (#104) * Update for siwx917 * Changes for wifi sdk 3.4.0 (#89) * fix slc-gen build * fix wifi ncp build * Fixup nxp submodule desync * Fix ot_lib builds * Fix linking issue with coapi lib. address comments * Cleanup commented lines and bump merged matter_support sha * move some psa define from coap config to the right header * Add segger_rtt reference in linkerfile * fix rebase to master conflict issue --------- Co-authored-by: Ricardo Casallas <[email protected]> Co-authored-by: Rohan Sahay <[email protected]> Co-authored-by: Mathieu Kardous <[email protected]> Co-authored-by: bhmanda-silabs <[email protected]>
There was a problem hiding this comment.
Code Review
This pull request cherry-picks a number of changes to support PSA keys for the SessionKeyStore, which is needed to fix an interoperability issue with the Android CHIP tool. The changes are extensive and include:
- Refactoring the crypto PAL to use standard PSA APIs instead of custom or internal ones, which improves security and maintainability.
- Introducing a platform abstraction layer for flash operations, cleaning up platform-specific code.
- Updating build configurations to support a new
chip_crypto_keystoreoption, decoupling the keystore implementation from the crypto library. - Updating linker scripts and various SDK dependencies.
The review focuses on the code quality and correctness of the new and refactored code. I've found a couple of issues: a potential memory corruption bug in the Buffer class and a redundant header inclusion. The rest of the changes look solid and are a good improvement to the codebase.
mkardous-silabs
commented
Sep 25, 2025
jmartinez-silabs
approved these changes
Sep 25, 2025
yunhanw-google
approved these changes
Sep 25, 2025
|
@mkardous-silabs Our product is developed based on dea605e for LIT ICD, but we have not encountered this issue. This is very strange. I would like to know how to analyze this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
PR cherry-picks all the necessary changes to support PSA keys for the SessionKeyStore which translates to using PSA keys for the Check-In message.
These changes are necessary due to an interop issue with the android chip-tool crypto engine that could not decrypt the check-in message.
PR is a cherry-pick of multiple PRs except the last commit to fix build issues.
Related issues
Note to reviewers: The description in the issue does not clearly describe the problem. The tipping point that caused the issue was a PR to support TrustZone, but the issue was not fixed by TrustZone. The required changes span several PRs.
Fixes #41105
Testing
--icd-registrationflag during commissioningReadability checklist
The checklist below will help the reviewer finish PR review in time and keep the
code readable:
descriptive
“When in Rome…”
rule (coding style)
See: Pull Request Guidelines