Multiple samples/tests fail to build in multiple platforms due to MBEDTLS / PSA issues

[hakehuang]

Describe the bug tests/subsys/jwt/libraries.encoding.jwt fails to build for multiple platforms:

• raytac_mdbt53v_db_40/nrf5340/cpuapp/ns
• innblue22/nrf9160/ns
• circuitdojo_feather/nrf9160/ns
• nrf9160dk/nrf9160/ns
• actinius_icarus_som/nrf9160/ns
• nrf9160dk@0.7.0/nrf9160/ns
• innblue21/nrf9160/ns
• b_u585i_iot02a/stm32u585xx/ns
• nrf9151dk/nrf9151/ns
• stm32l562e_dk/stm32l562xx/ns
• actinius_icarus_bee/nrf9160/ns
• bl5340_dvk/nrf5340/cpuapp/ns
• nrf9161dk/nrf9161/ns
• nrf9161dk@0.7.0/nrf9161/ns
• thingy53/nrf5340/cpuapp/ns
• actinius_icarus_som_dk/nrf9160/ns
• nrf9131ek/nrf9131/ns
• nrf5340dk/nrf5340/cpuapp/ns
• nrf5340_audio_dk/nrf5340/cpuapp/ns
• lpcxpresso55s69/lpc55s69/cpu0/ns
• actinius_icarus@1.4.0/nrf9160/ns
• actinius_icarus@2.0.0/nrf9160/ns
• raytac_mdbt53_db_40/nrf5340/cpuapp/ns
• sparkfun_thing_plus/nrf9160/ns

Similarly

• tests/net/lib/mqtt_publisher/net.mqtt.tls
• tests/net/lib/mqtt_sn_client/net.mqtt_sn.client

Fail to build for multiple platforms, including nrf9131ek/nrf9131/ns

Bisected by @hakehuang to:

87dbd81168c9e705098b842e0cc0d9f739f377e7 is the first bad commit
commit 87dbd81168c9e705098b842e0cc0d9f739f377e7
Author: Valerio Setti <vsetti@baylibre.com>
Date:   Tue May 28 15:47:37 2024 +0200

    tfm: do not enable all PSA features by default when BUILD_WITH_TFM

    Do not enable all PSA features by default when BUILD_WITH_TFM

    Signed-off-by: Valerio Setti <vsetti@baylibre.com>

 modules/trusted-firmware-m/Kconfig.tfm      | 1 -
 samples/tfm_integration/psa_crypto/prj.conf | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

To Reproduce Steps to reproduce the behavior:

1. west buind -b lpcxpresso55s69/lpc55s69/cpu0/ns tests/subsys/jwt

Expected behavior No build failures

Impact Multiple CI failures (~50 in weekly)

Logs and console output

https://github.com/zephyrproject-rtos/zephyr/runs/25996829280

modules/crypto/mbedtls/library/pk_internal.h:26:67: error: 'psa_to_pk_rsa_errors' undeclared (first use in this function); did you mean 'psa_to_ssl_errors'?
   26 |                                                                   psa_to_pk_rsa_errors,            \
      |                                                                   ^~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/psa_util_internal.h:95:35: note: in definition of macro 'PSA_TO_MBEDTLS_ERR_LIST'
   95 |     psa_status_to_mbedtls(status, error_list,                         \
      |                                   ^~~~~~~~~~
modules/crypto/mbedtls/library/pk.c:1202:16: note: in expansion of macro 'PSA_PK_RSA_TO_MBEDTLS_ERR'
 1202 |         return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
      |                ^~~~~~~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/pk_internal.h:26:67: note: each undeclared identifier is reported only once for each function it appears in
   26 |                                                                   psa_to_pk_rsa_errors,            \
      |                                                                   ^~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/psa_util_internal.h:95:35: note: in definition of macro 'PSA_TO_MBEDTLS_ERR_LIST'
   95 |     psa_status_to_mbedtls(status, error_list,                         \
      |                                   ^~~~~~~~~~
modules/crypto/mbedtls/library/pk.c:1202:16: note: in expansion of macro 'PSA_PK_RSA_TO_MBEDTLS_ERR'
 1202 |         return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
      |                ^~~~~~~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/pk.c: In function 'mbedtls_pk_sign_ext':
modules/crypto/mbedtls/library/pk_internal.h:26:67: error: 'psa_to_pk_rsa_errors' undeclared (first use in this function); did you mean 'psa_to_ssl_errors'?
   26 |                                                                   psa_to_pk_rsa_errors,            \
      |                                                                   ^~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/psa_util_internal.h:95:35: note: in definition of macro 'PSA_TO_MBEDTLS_ERR_LIST'
   95 |     psa_status_to_mbedtls(status, error_list,                         \
      |                                   ^~~~~~~~~~
modules/crypto/mbedtls/library/pk.c:1339:20: note: in expansion of macro 'PSA_PK_RSA_TO_MBEDTLS_ERR'
 1339 |             return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
      |                    ^~~~~~~~~~~~~~~~~~~~~~~~~
modules/crypto/mbedtls/library/pk.c: In function 'mbedtls_pk_verify_ext':
modules/crypto/mbedtls/library/pk.c:1228:1: error: control reaches end of non-void function [-Werror=return-type]
 1228 | }
      | ^
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.

Environment (please complete the following information):

• OS: (e.g. Linux): CI Ubuntu 22.04
• Toolchain (e.g Zephyr SDK, ...): Zephyr SDK 0.16.8
• Commit SHA or Version used: Main as of now b46fb464cbaaad8d094f75487a3502a11126d025

Edited by @aescolar as it affects many platforms

[butok]

JFYI: TFM is broken for all platforms, not only for NXP.

[aescolar]

CC @valeriosetti

[valeriosetti]

I can take care of this!

[valeriosetti]

@hakehuang can you please check if https://github.com/zephyrproject-rtos/zephyr/pull/74052 solves the above mentioned issues? Please note that a west update is required after you checkout into that PR ;)

[hakehuang]

@hakehuang can you please check if #74052 solves the above mentioned issues? Please note that a west update is required after you checkout into that PR ;)

fixed. @valeriosetti