Mbed-os: NRF52480: baremetal build fails due to cryptocell dependency on mbedtls

cc @RonEld

Internal Jira reference: https://jira.arm.com/browse/MBOCUSTRIA-1713

What changes would be necessary (perhaps to Mbed OS build tools) in order to make the baremetal build capable of excluding cryptocell?

There isn't a real dependency in Cryptocell to Mbed TLS.
The dependency is in the porting layer between Mbed TLS API.
One can still call the Cryptocell API directly, without the need for Mbed TLS API.
However, this needs to be further investigated, to understand what the build failures are, and whether there is a simpler wayto keep same API.

Excluding Cryptocell basically means removing the CRYPTOCELL310 from the target feature

We'd like to exclude CRYPTOCELL310 from the target features, but just for baremetal.

I think this would be good as a temporary patch, but if Cryptocell wouldn't increase much RAM, wouldn't it be an advantage to have it?

I think including it would be against the aims of the baremetal profile.

Wouldn't we want cryptography in baremetal, if possible?

Anyway, in baremetal profile, one should remove the CRYPTOCELL310, ( and possibly also TRNG and MBEDTLS_CONFIG_HW_SUPPORT), similar to what is done for MTB_LAIRD_BL654

We would like Cryptocell to be available in bare-metal if possible.
@trowbridgec @AGlass0fMilk @farrenv

Wouldn't we want cryptography in baremetal, if possible?

I'd like to know the reasons why Mbed TLS isn't in the baremetal profile. Maybe the same reasoning would apply to why not CryptoCell.

If we add Mbed TLS to baremetal, this target would would fine with CRYPTOCELL310.

How much flash does enabling CRYPTOCELL310 require?

I'd like to know the reasons why Mbed TLS isn't in the baremetal profile. Maybe the same reasoning would apply to why not CryptoCell.

I would not expect having TLS in baremetal but definitely should work with it.

We would like Cryptocell to be available in bare-metal if possible.

@loverdeg-ep You would vote then for having mbedtls as well in baremetal ?

cc @bulislaw

@0xc0170 I would just like for it to work with bare-metal.
Cryptocell does not need to be the default.

@0xc0170

I would not expect having TLS in baremetal but definitely should work with it.

I agree that TLS should probably not be by default in baremetal, but I would say that the crypto part should be in baremetal

I don't know why TLS wouldn't be available in baremetal. From what I remember it was initially excluded because of work/testing needed and the scope of work. In practise I can easily find a use cases to have non-RTOS build with TLS. So I think we should work on getting TLS to work with baremetal. Another question, is presence of cryptocell inflating the image even if it's not used?

Just chiming in. FWIW I would also find a use-case for TLS in baremetal. At the moment I'm using the full RTOS just for periodic wakes/TX due to the ease of use with LoRa/TLS. It's not a huge issue of course, just a nice-to-have.