1#
2# Copyright (c) 2024 Nordic Semiconductor ASA
3#
4# SPDX-License-Identifier: Apache-2.0
5#
6
7menuconfig WIFI_CREDENTIALS
8	bool "WIFI credentials management"
9	select EXPERIMENTAL
10	help
11	  Enable WiFi credentials management subsystem.
12
13if WIFI_CREDENTIALS
14
15module = WIFI_CREDENTIALS
16module-str = wifi_credentials
17source "subsys/logging/Kconfig.template.log_config"
18
19choice WIFI_CREDENTIALS_BACKEND
20	prompt "WiFi credentials backend"
21	default WIFI_CREDENTIALS_BACKEND_PSA if BUILD_WITH_TFM
22	default WIFI_CREDENTIALS_BACKEND_SETTINGS
23	default WIFI_CREDENTIALS_BACKEND_NONE if WIFI_CREDENTIALS_STATIC
24	help
25	  Selects whether to use PSA Protected Storage or the Zephyr settings subsystem
26	  for credentials storage.
27
28config WIFI_CREDENTIALS_BACKEND_SETTINGS
29	bool "Zephyr Settings"
30	depends on SETTINGS
31	depends on !SETTINGS_NONE
32
33config WIFI_CREDENTIALS_BACKEND_PSA
34	bool "PSA Protected Storage"
35	depends on BUILD_WITH_TFM
36
37config WIFI_CREDENTIALS_BACKEND_NONE
38	bool "No credentials storage"
39	depends on WIFI_CREDENTIALS_STATIC
40
41endchoice
42
43config WIFI_CREDENTIALS_MAX_ENTRIES
44	int "Number of supported WiFi credentials"
45	default 2
46	help
47	  This detemines how many different WiFi networks can be configured at a time.
48
49config WIFI_CREDENTIALS_SAE_PASSWORD_LENGTH
50	int "Max. length of SAE password"
51	default 128
52	help
53	  There is no official limit on SAE password length,
54	  but for example Linux 6.0 has a hardcoded limit of 128 bytes.
55
56config WIFI_CREDENTIALS_SHELL
57	bool "Shell commands to manage Wi-Fi credentials"
58	default y
59	depends on SHELL
60	select SHELL_GETOPT
61	select GETOPT_LONG
62	depends on !WIFI_CREDENTIALS_BACKEND_NONE
63
64config WIFI_CREDENTIALS_CONNECT_STORED
65	bool "Add command to connect to stored networks directly."
66	default y
67
68if WIFI_CREDENTIALS_CONNECT_STORED
69
70config WIFI_CREDENTIALS_CONNECT_STORED_CONNECTION_TIMEOUT
71	int "Connection timeout"
72	default 30
73	help
74	   Wait period before falling back to the next entry in the list of stored SSIDs.
75
76
77if WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
78
79config WIFI_CREDENTIALS_RUNTIME_CERTIFICATES
80	bool "Provide Wi-Fi enterprise security certificates at run-time"
81	select TLS_CREDENTIALS
82	select TLS_CREDENTIALS_SHELL
83	select BASE64
84	default y if WIFI_SHELL_RUNTIME_CERTIFICATES
85	help
86	  This option enables providing Wi-Fi enterprise security certificates at run-time.
87	  Uses the TLS credentials subsystem to store and manage the certificates.
88
89if WIFI_CREDENTIALS_RUNTIME_CERTIFICATES
90
91config HEAP_MEM_POOL_ADD_SIZE_WIFI_CERT
92	int "Wi-Fi enterprise security certificates memory pool size"
93	# STA - 6 certs and each assume 1500 bytes
94	default 12000
95	help
96	   The size of the memory pool used by the Wi-Fi enterprise security certificates.
97
98endif # WIFI_CREDENTIALS_RUNTIME_CERTIFICATES
99
100endif # WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE
101
102endif # WIFI_CREDENTIALS_CONNECT_STORED
103
104endif # WIFI_CREDENTIALS
105
106config WIFI_CREDENTIALS_STATIC
107	bool "Static Wi-Fi network configuration"
108
109if WIFI_CREDENTIALS_STATIC
110
111config WIFI_CREDENTIALS_STATIC_SSID
112	string "SSID of statically configured WiFi network"
113
114config WIFI_CREDENTIALS_STATIC_PASSWORD
115	string "Password of statically configured Wi-Fi network"
116	default ""
117
118choice WIFI_CREDENTIALS_STATIC_TYPE
119	prompt "Static Wi-Fi network security type"
120	default WIFI_CREDENTIALS_STATIC_TYPE_PSK
121
122config WIFI_CREDENTIALS_STATIC_TYPE_OPEN
123	bool "OPEN"
124
125config WIFI_CREDENTIALS_STATIC_TYPE_PSK
126	bool "WPA2-PSK"
127
128config WIFI_CREDENTIALS_STATIC_TYPE_PSK_SHA256
129	bool "WPA2-PSK-SHA256"
130
131config WIFI_CREDENTIALS_STATIC_TYPE_SAE
132	bool "SAE"
133
134config WIFI_CREDENTIALS_STATIC_TYPE_WPA_PSK
135	bool "WPA-PSK"
136
137endchoice
138
139endif
140