[nrf noup] mbedtls: Separate psa_crypto_init in its own SYS_INIT

-This commit adds psa_init.c that contains a SYS_INIT to enforce early initialization of PSA crypto by calling psa_crypto_init() in PRE_KERNEL_1, before any other users (include entropy_psa_crypto). -This is separated from CONFIG_MBEDTLS_INIT which has a SYS_INIT that happens in POST_KERNEL and include initializing the Mbed TLS heap if this is enabled. -Removing unneeded doxygen @file entry for zephyr_init.c Signed-off-by: Frank Audun Kvamtrø <[email protected]> (Cherry-picked from commit ac42511fca09aa45e85600bc63e17b62f075c046)
nrfconnect · Jan 24, 2025 · 689b35b · 689b35b
1 parent 7c128f9
commit 689b35b
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 12 deletions.
diff --git a/modules/mbedtls/CMakeLists.txt b/modules/mbedtls/CMakeLists.txt
@@ -121,6 +121,10 @@ zephyr_interface_library_named(mbedTLS)
       zephyr_entropy.c
     )
 
+    if(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
+      list(APPEND mbedtls_base_src psa_init.c)
+    endif()
+
     zephyr_library_sources(${mbedtls_base_src})
 
     zephyr_library_sources_ifdef(CONFIG_MBEDTLS_DEBUG debug.c)

diff --git a/modules/mbedtls/psa_init.c b/modules/mbedtls/psa_init.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#include <errno.h>
+#include <zephyr/init.h>
+#include <psa/crypto.h>
+
+static int _psa_crypto_init(void)
+{
+	if (psa_crypto_init() != PSA_SUCCESS) {
+		return -EIO;
+	}
+
+	return 0;
+}
+
+/* Enforcing initialization of PSA crypto before any other users
+ * like entropy_psa_crypto (which has a higher priority number).
+ * This is done without dependency on CONFIG_MBEDTLS_INIT.
+ */
+SYS_INIT(_psa_crypto_init, PRE_KERNEL_1, CONFIG_KERNEL_INIT_PRIORITY_DEFAULT);
diff --git a/modules/mbedtls/zephyr_init.c b/modules/mbedtls/zephyr_init.c
@@ -1,9 +1,3 @@
-/** @file
- * @brief mbed TLS initialization
- *
- * Initialize the mbed TLS library like setup the heap etc.
- */
-
 /*
  * Copyright (c) 2017 Intel Corporation
  * Copyright (c) 2024 Nordic Semiconductor ASA
@@ -53,12 +47,6 @@ static int _mbedtls_init(void)
 	mbedtls_debug_set_threshold(CONFIG_MBEDTLS_DEBUG_LEVEL);
 #endif
 
-#if defined(CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT)
-	if (psa_crypto_init() != PSA_SUCCESS) {
-		return -EIO;
-	}
-#endif
-
 	return 0;
 }