Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 3a0951fcd0bdb12e736a6d51d6f534ba6b3aec0b^! / .
commit3a0951fcd0bdb12e736a6d51d6f534ba6b3aec0b[log] [tgz]
authorTorsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>Tue Apr 27 10:17:42 2021 +0200
committerKumar Gala <kumar.gala@gmail.com>Sun May 09 15:24:23 2021 -0500
tree4e85994c6d634d3ee07763451d6ed6565537c259
parent4164b170342014f913d41aa3a4c5fb9ca2ec7f7e [diff]
openthread: kconfig: rework OpenThread security configurations

With the updates to mbedTLS Kconfig it is now possible to update the
OpenThread security configurations by disabling the mbedTLS prompt and
avoid stuck symbol selection.

As part of this, the OpenThread security selection has been reworked
into a choice which ensures only a single security selection can be
chosen.

And the OPENTHREAD_MBEDTLS itself has been made promptless to ensure
other parts of the build system can select a specific OpenThread
security implementation and disable user selection, if the module or
sample require such behavior.

Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>

diff --git a/subsys/net/l2/openthread/Kconfig b/subsys/net/l2/openthread/Kconfig
index 99016b4..65c8ef0 100644
--- a/subsys/net/l2/openthread/Kconfig
+++ b/subsys/net/l2/openthread/Kconfig

@@ -2,6 +2,12 @@
 
 # Copyright (c) 2018 Nordic Semiconductor ASA
 # SPDX-License-Identifier: Apache-2.0
+config OPENTHREAD_SECURITY_INTERNAL
+	bool
+	help
+	  OpenThread setting to signal that OpenThread security settings, such
+	  as the OPENTHREAD_MBEDTLS setting will be controlled through other
+	  Kconfig dependencies and should not be user configurable.
 
 menuconfig NET_L2_OPENTHREAD
 	bool "OpenThread L2"
@@ -153,9 +159,32 @@
 	depends on SHELL
 	default y
 
+config MBEDTLS_PROMPTLESS
+	bool
+	default y if !CUSTOM_OPENTHREAD_SECURITY
+
+choice OPENTHREAD_SECURITY
+	prompt "OpenThread security"
+	default OPENTHREAD_MBEDTLS_CHOICE
+	depends on !OPENTHREAD_SECURITY_INTERNAL
+
+config CUSTOM_OPENTHREAD_SECURITY
+	bool "Custom"
+	help
+	  Security settings will be controlled directly by the user.
+	  Enabling this setting will give access to full control of mbed TLS
+	  configuration.
+
+config OPENTHREAD_MBEDTLS_CHOICE
+	bool "mbed TLS built-in"
+	select OPENTHREAD_MBEDTLS
+	help
+	  Use the OpenThread mbed TLS configuration pre-defined security scheme.
+
+endchoice
+
 config OPENTHREAD_MBEDTLS
-	bool "Enable built-in mbedtls for use with OpenThread"
-	default y
+	bool
 	select MBEDTLS
 	select MBEDTLS_ENABLE_HEAP
 	select MBEDTLS_CIPHER_AES_ENABLED