From 23546676dc34b0df9d08f8d717287ff0defbb10e Mon Sep 17 00:00:00 2001
From: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
Date: Wed, 8 Nov 2023 13:43:17 +0100
Subject: [PATCH 1/2] openthread: kconfig: optimize FTD and MTD configurations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removed support for:
- DHCPv6 client
- Joiner
- SNTP client
- Link Metrics initiator

in FTD and MTD variants to optimize space for application.

Co-authored-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
---
 subsys/net/openthread/Kconfig           | 10 +++++-----
 subsys/net/openthread/Kconfig.defconfig | 15 ++++++++++++++-
 west.yml                                |  4 ++--
 3 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/subsys/net/openthread/Kconfig b/subsys/net/openthread/Kconfig
index 3e7456aee7e2..e52ebc2b16e2 100644
--- a/subsys/net/openthread/Kconfig
+++ b/subsys/net/openthread/Kconfig
@@ -34,7 +34,7 @@ config OPENTHREAD_NRF_SECURITY_PSA
 	select EXPERIMENTAL
 	select NRF_SECURITY
 	select MBEDTLS_ENABLE_HEAP
-	select MBEDTLS_TLS_LIBRARY
+	select MBEDTLS_TLS_LIBRARY if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
 	select MBEDTLS_PSA_CRYPTO_STORAGE_C if !BUILD_WITH_TFM
 	select PSA_NATIVE_ITS if !BUILD_WITH_TFM
 	select PSA_WANT_ALG_HKDF
@@ -43,8 +43,8 @@ config OPENTHREAD_NRF_SECURITY_PSA
 	select PSA_WANT_ALG_HMAC
 	select PSA_WANT_ALG_ECB_NO_PADDING
 	select PSA_WANT_ALG_SHA_256
-	select PSA_WANT_ALG_JPAKE
-	select PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+	select PSA_WANT_ALG_JPAKE  if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
+	select PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS  if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
 	select PSA_WANT_ALG_DETERMINISTIC_ECDSA if OPENTHREAD_ECDSA
 	select PSA_WANT_ALG_ECDSA if OPENTHREAD_ECDSA
 	select PSA_WANT_ALG_ECDH if OPENTHREAD_ECDSA
@@ -69,11 +69,11 @@ config OPENTHREAD_NRF_SECURITY
 	select MBEDTLS_ECDSA_C if OPENTHREAD_ECDSA
 	select MBEDTLS_PK_C if OPENTHREAD_ECDSA
 	select MBEDTLS_PK_WRITE_C if OPENTHREAD_ECDSA
-	select MBEDTLS_ECJPAKE_C
+	select MBEDTLS_ECJPAKE_C if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER)
 	select MBEDTLS_ECP_C
 	select MBEDTLS_ECP_DP_SECP256R1_ENABLED
 	select MBEDTLS_HMAC_DRBG_C
-	select MBEDTLS_TLS_LIBRARY
+	select MBEDTLS_TLS_LIBRARY if (OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
 	select NORDIC_SECURITY_BACKEND
 	select NRF_SECURITY_ADVANCED
 	select OBERON_BACKEND if !CC3XX_BACKEND
diff --git a/subsys/net/openthread/Kconfig.defconfig b/subsys/net/openthread/Kconfig.defconfig
index bd0c246765ec..fe4a625947e6 100644
--- a/subsys/net/openthread/Kconfig.defconfig
+++ b/subsys/net/openthread/Kconfig.defconfig
@@ -19,7 +19,7 @@ config OPENTHREAD_LIBRARY_AVAILABLE
 	# Switch:
 	# - To `y` when libraries for the current OpenThread revision are provided
 	# - To `n` on the next OpenThread upmerge
-	default y
+	default n
 	depends on OPENTHREAD_THREAD_VERSION_1_3
 	depends on OPENTHREAD_NORDIC_LIBRARY_FTD || OPENTHREAD_NORDIC_LIBRARY_MTD
 	depends on !OPENTHREAD_COPROCESSOR
@@ -84,6 +84,7 @@ endchoice
 
 config MBEDTLS_SSL_PROTO_DTLS
 	bool
+	default n if !(OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
 	default y
 
 config MBEDTLS_ENTROPY_C
@@ -150,6 +151,18 @@ config MBEDTLS_SSL_COOKIE_C
 
 endif # !(OPENTHREAD_BORDER_AGENT || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
 
+if !(OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
+
+config MBEDTLS_SSL_CLI_C
+	bool
+	default n
+
+config MBEDTLS_SSL_TLS_C
+	bool
+	default n
+
+endif # !(OPENTHREAD_JOINER || OPENTHREAD_COMMISSIONER || OPENTHREAD_COAPS)
+
 # Note: MBEDTLS_HEAP_SIZE value for OPENTHREAD_NRF_SECURITY_PSA is experimental.
 # It might be changed in the future.
 config MBEDTLS_HEAP_SIZE
diff --git a/west.yml b/west.yml
index 1531d67af4c5..e00cdd815372 100644
--- a/west.yml
+++ b/west.yml
@@ -141,7 +141,7 @@ manifest:
     - name: nrfxlib
       repo-path: sdk-nrfxlib
       path: nrfxlib
-      revision: 3266a76862560101783bf117b4d4939fce642783
+      revision: 85089419ef582ab0db6546c8c679488b1073b38a
     - name: trusted-firmware-m
       repo-path: sdk-trusted-firmware-m
       path: modules/tee/tf-m/trusted-firmware-m
@@ -149,7 +149,7 @@ manifest:
     - name: matter
       repo-path: sdk-connectedhomeip
       path: modules/lib/matter
-      revision: 6da1696964340e9f2435024365c25197eb7e0b3b
+      revision: 1b161385287dd9ea829b158c7f4e7f6ca769e9a0
       submodules:
         - name: nlio
           path: third_party/nlio/repo

From 8b639eca4959e97645338f8fd2ec5455d41bc5bb Mon Sep 17 00:00:00 2001
From: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
Date: Thu, 9 Nov 2023 08:46:02 +0100
Subject: [PATCH 2/2] doc: openthread: kconfig: optimize FTD and MTD
 configurations

Update documentation and changelog regarding features
removed from feature sets.

Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
---
 doc/nrf/protocols/thread/prebuilt_libs.rst       | 16 ++++++++--------
 .../releases/release-notes-changelog.rst         |  9 +++++++++
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/doc/nrf/protocols/thread/prebuilt_libs.rst b/doc/nrf/protocols/thread/prebuilt_libs.rst
index 077152b18d14..c9a8cf966ba8 100644
--- a/doc/nrf/protocols/thread/prebuilt_libs.rst
+++ b/doc/nrf/protocols/thread/prebuilt_libs.rst
@@ -96,8 +96,8 @@ For more information about Thread 1.2 features, see the `Thread 1.2 Base Feature
       -
     * - DHCP6_CLIENT
       - ✔
-      - ✔
-      - ✔
+      -
+      -
       -
     * - ECDSA
       - ✔
@@ -116,8 +116,8 @@ For more information about Thread 1.2 features, see the `Thread 1.2 Base Feature
       -
     * - JOINER
       - ✔
-      - ✔
-      - ✔
+      -
+      -
       -
     * - LINK_RAW
       - ✔
@@ -146,8 +146,8 @@ For more information about Thread 1.2 features, see the `Thread 1.2 Base Feature
       -
     * - SNTP_CLIENT
       - ✔
-      - ✔
-      - ✔
+      -
+      -
       -
     * - SRP_CLIENT
       - ✔
@@ -176,8 +176,8 @@ For more information about Thread 1.2 features, see the `Thread 1.2 Base Feature
       -
     * - LINK_METRICS_INITIATOR (Thread 1.2)
       - ✔
-      - ✔
-      - ✔
+      -
+      -
       -
     * - LINK_METRICS_SUBJECT (Thread 1.2)
       - ✔
diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
index a569e86f8a7e..eedb860189ca 100644
--- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
+++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst
@@ -344,6 +344,15 @@ Thread samples
 
 * Changed building method to use :ref:`zephyr:snippets` for predefined configuration.
 
+* In the :ref:`thread_ug_feature_sets` provided as part of the |NCS|, the following features have been removed from the FTD and MTD variants:
+
+  * ``DHCP6_CLIENT``
+  * ``JOINER``
+  * ``SNTP_CLIENT``
+  * ``LINK_METRICS_INITIATOR``
+
+  All mentioned features are still available in the master variant.
+
 Sensor samples
 --------------