From 384f32f256fd469cb999a0eabee10541eca0e9cc Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 4 Aug 2023 08:43:02 -0400
Subject: [PATCH 01/12] Update gsdk to 4.3.1

---
 third_party/silabs/gecko_sdk | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/silabs/gecko_sdk b/third_party/silabs/gecko_sdk
index ef05eb60565ce3..2ba59bf969e94a 160000
--- a/third_party/silabs/gecko_sdk
+++ b/third_party/silabs/gecko_sdk
@@ -1 +1 @@
-Subproject commit ef05eb60565ce3be035b79b8fac1f9d12c7e706b
+Subproject commit 2ba59bf969e94a0544e73e501d876722790f7a89

From a624061e7e9698ff7a017cc23bd4415afe31f8dd Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 4 Aug 2023 11:50:59 -0400
Subject: [PATCH 02/12] update to dev branch

---
 third_party/silabs/matter_support | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/silabs/matter_support b/third_party/silabs/matter_support
index f76916640f577c..555665e8e850ce 160000
--- a/third_party/silabs/matter_support
+++ b/third_party/silabs/matter_support
@@ -1 +1 @@
-Subproject commit f76916640f577ce81db2ec361d560c77c2e21478
+Subproject commit 555665e8e850cec654723d82b2819e7edd2b8283

From 30d3c9cd1ffaf2dd2e5bdb3c5a429fe1e98ae101 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 4 Aug 2023 11:58:02 -0400
Subject: [PATCH 03/12] gsdk update

---
 examples/platform/silabs/matter-platform.slcp |  3 ++-
 .../silabs/efr32/efr32-chip-mbedtls-config.h  |  3 ++-
 .../openthread/platforms/efr32/BUILD.gn       |  1 +
 third_party/silabs/efr32_sdk.gni              | 20 ++++++++++++++-----
 4 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index 24e7cc54b4bb15..40d63b5dcfb8dc 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -27,7 +27,7 @@ include:
   file_list:
   - {path: app.h}
   - {path: reset_util.h}
-sdk: {id: gecko_sdk, version: 4.2.0}
+sdk: {id: gecko_sdk, version: 4.3.1}
 toolchain_settings: []
 
 component:
@@ -48,6 +48,7 @@ component:
 - {id: rail_lib_multiprotocol}
 - {id: bluetooth_feature_system}
 - {id: bluetooth_feature_scanner}
+- {id: rail_util_power_manager_init}
 
 config_file:
   - override:
diff --git a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
index 86ea2dae9ea644..9edbabcefefc8a 100644
--- a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
+++ b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
@@ -150,6 +150,7 @@
 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
 
 #include "check_crypto_config.h"
-#include "config-device-acceleration.h"
 #include "mbedtls/check_config.h"
 #include "mbedtls/config_psa.h"
+#include "sli_mbedtls_acceleration.h"
+#include "sli_mbedtls_omnipresent.h"
diff --git a/third_party/openthread/platforms/efr32/BUILD.gn b/third_party/openthread/platforms/efr32/BUILD.gn
index 4eb6e7caa08ba9..e3862a465670c3 100644
--- a/third_party/openthread/platforms/efr32/BUILD.gn
+++ b/third_party/openthread/platforms/efr32/BUILD.gn
@@ -32,6 +32,7 @@ config("openthread_efr32_config") {
     "${chip_root}/examples/platform/efr32",
     "${sdk_support_root}/matter/efr32/${silabs_family}/${silabs_board}",
     "${sl_ot_efr32_root}",
+    "${sl_ot_platform_abstraction}/include",
   ]
 
   # temporarily disable check until gsdk pulls in a more recent version of openthread
diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index 9c64cd951cd5d9..74508ebf0f64f4 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -74,8 +74,8 @@ assert(efr32_sdk_root != "", "efr32_sdk_root must be specified")
 
 declare_args() {
   sl_ot_libs_path = "${efr32_sdk_root}/protocol/openthread"
-  sl_ot_efr32_root =
-      "${efr32_sdk_root}/protocol/openthread/platform-abstraction/efr32"
+  sl_ot_platform_abstraction =
+      "${efr32_sdk_root}/protocol/openthread/platform-abstraction"
   sl_openthread_root = "${efr32_sdk_root}/util/third_party/openthread"
 
   # board related pre-generated files path (default)
@@ -86,6 +86,10 @@ declare_args() {
   slc_gen_path = "${chip_root}/third_party/silabs/slc_gen/${silabs_board}/"
 }
 
+declare_args() {
+  sl_ot_efr32_root = "${sl_ot_platform_abstraction}/efr32"
+}
+
 if (slc_generate || slc_reuse_files) {
   silabs_gen_folder = slc_gen_path
 } else {
@@ -143,6 +147,7 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/radio/rail_lib/chip/efr32/rf/common/cortex",
       "${efr32_sdk_root}/platform/radio/rail_lib/protocol/ieee802154",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/pa-conversions",
+      "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_power_manager_init",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_pti",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_rf_path",
       "${efr32_sdk_root}/platform/service/device_init/inc",
@@ -162,6 +167,7 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/base/hal/plugin/psstore",
       "${efr32_sdk_root}/platform/base/hal/plugin/antenna",
       "${efr32_sdk_root}/protocol/bluetooth/inc/",
+      "${efr32_sdk_root}/protocol/bluetooth/bgstack/ll/inc",
       "${efr32_sdk_root}/util/plugin/plugin-common/fem-control",
       "${efr32_sdk_root}/util/silicon_labs/silabs_core/graphics",
       "${efr32_sdk_root}/util/silicon_labs/silabs_core/memory_manager",
@@ -416,7 +422,7 @@ template("efr32_sdk") {
       ]
 
       if (!chip_enable_ble_rs911x) {
-        libs += [ "${sdk_support_root}/protocol/bluetooth/lib/EFR32MG12P/GCC/libbluetooth.a" ]
+        libs += [ "${sdk_support_root}/protocol/bluetooth/lib/EFR32XG12/GCC/libbluetooth.a" ]
       }
 
       defines += [ "EFR32MG12" ]
@@ -432,12 +438,15 @@ template("efr32_sdk") {
       ]
 
       libs += [
-        "${sdk_support_root}/protocol/bluetooth/lib/EFR32MG24/GCC/libbluetooth.a",
         "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_multiprotocol_efr32xg24_gcc_release.a",
         "${sdk_support_root}/platform/emdrv/nvm3/lib/libnvm3_CM33_gcc.a",
         "${sdk_support_root}/protocol/openthread/libs/libsl_openthread_efr32mg2x_gcc.a",
       ]
 
+      if (!chip_enable_ble_rs911x) {
+        libs += [ "${sdk_support_root}/protocol/bluetooth/lib/EFR32XG24/GCC/libbluetooth.a" ]
+      }
+
       defines += [
         "EFR32MG24",
         "EFR32_SERIES2_CONFIG4_MICRO",
@@ -458,7 +467,7 @@ template("efr32_sdk") {
       ]
 
       libs += [
-        "${sdk_support_root}/protocol/bluetooth/lib/EFR32MG24/GCC/libbluetooth.a",
+        "${sdk_support_root}/protocol/bluetooth/lib/EFR32XG24/GCC/libbluetooth.a",
         "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_multiprotocol_module_efr32xg24_gcc_release.a",
         "${sdk_support_root}/platform/emdrv/nvm3/lib/libnvm3_CM33_gcc.a",
         "${sdk_support_root}/protocol/openthread/libs/libsl_openthread_efr32mg2x_gcc.a",
@@ -572,6 +581,7 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/emlib/src/em_timer.c",
       "${efr32_sdk_root}/platform/peripheral/src/peripheral_sysrtc.c",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/pa-conversions/pa_conversions_efr32.c",
+      "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_power_manager_init/sl_rail_util_power_manager_init.c",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_pti/sl_rail_util_pti.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/aes_aes.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/crypto_aes.c",

From 9ad235191f92cc710e96d80fed837653d1be4378 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Tue, 8 Aug 2023 18:01:51 -0400
Subject: [PATCH 04/12] update crypto configurations update matter support
 commit

---
 examples/platform/silabs/matter-platform.slcp |  14 ++
 .../silabs/efr32/efr32-chip-mbedtls-config.h  |  77 +----------
 .../silabs/efr32/matter_psa_crypto_config.h   |  50 +++++++
 src/platform/silabs/efr32/psa_crypto_config.h | 128 ------------------
 .../silabs/platformAbstraction/GsdkSpam.cpp   |   1 -
 third_party/silabs/efr32_sdk.gni              |   4 +-
 third_party/silabs/matter_support             |   2 +-
 7 files changed, 74 insertions(+), 202 deletions(-)
 create mode 100644 src/platform/silabs/efr32/matter_psa_crypto_config.h
 delete mode 100644 src/platform/silabs/efr32/psa_crypto_config.h

diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index 40d63b5dcfb8dc..c87fa2408562c2 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -49,6 +49,20 @@ component:
 - {id: bluetooth_feature_system}
 - {id: bluetooth_feature_scanner}
 - {id: rail_util_power_manager_init}
+- {id: mbedtls_aes}
+- {id: mbedtls_ccm}
+- {id: mbedtls_cmac}
+- {id: mbedtls_ecc}
+- {id: mbedtls_ecdh}
+- {id: mbedtls_ecdsa}
+- {id: mbedtls_ecdsa_deterministic}
+- {id: mbedtls_hash}
+- {id: mbedtls_hkdf}
+- {id: mbedtls_entropy_default}
+- {id: mbedtls_x509}
+- {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime }
+- {id: mbedtls_pkcs5}
+- {id: psa_crypto_config}
 
 config_file:
   - override:
diff --git a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
index 9edbabcefefc8a..758f3dc60155ab 100644
--- a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
+++ b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
@@ -42,16 +42,9 @@
 /**
  * Enable H Crypto and Entropy modules
  */
-#define MBEDTLS_AES_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
 #ifdef DIC_ENABLE
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_RSA_NO_CRT
-#define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 #define MBEDTLS_RSA_C
 #define MBEDTLS_SSL_IN_CONTENT_LEN 5120
@@ -62,95 +55,39 @@
 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
 
 #define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_BASE64_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_CMAC_C
-#define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ECDH_LEGACY_CONTEXT
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECDSA_DETERMINISTIC
 #define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 #define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ENTROPY_FORCE_SHA256
-#define MBEDTLS_ENTROPY_HARDWARE_ALT
 #define MBEDTLS_ERROR_STRERROR_DUMMY
 #define MBEDTLS_HAVE_ASM
-#define MBEDTLS_HKDF_C
-#define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-#define MBEDTLS_MD_C
-#define MBEDTLS_NO_PLATFORM_ENTROPY
-#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PEM_WRITE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#if CHIP_CRYPTO_MBEDTLS
-#define MBEDTLS_PKCS5_C
-#endif
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_PLATFORM_MEMORY
 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#define MBEDTLS_PSA_CRYPTO_C
-#define MBEDTLS_PSA_CRYPTO_CONFIG
-#define MBEDTLS_PSA_CRYPTO_DRIVERS
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
 #define MBEDTLS_SHA256_SMALLER
 #define MBEDTLS_SHA512_C
-#define MBEDTLS_SSL_CLI_C
 #define MBEDTLS_SSL_COOKIE_C
 #define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 #define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 #define MBEDTLS_SSL_EXPORT_KEYS
-#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define MBEDTLS_SSL_PROTO_TLS1_2
 #define MBEDTLS_SSL_PROTO_DTLS
 #define MBEDTLS_SSL_SRV_C
-#define MBEDTLS_SSL_TLS_C
-
-#if CHIP_CRYPTO_PLATFORM
-#define MBEDTLS_USE_PSA_CRYPTO
-#endif
-
-#define MBEDTLS_X509_CREATE_C
-#define MBEDTLS_X509_CSR_WRITE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_X509_CSR_PARSE_C
 #define MBEDTLS_X509_USE_C
-
 #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */
+
 #ifdef DIC_ENABLE
-#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+#define MBEDTLS_MPI_MAX_SIZE 512    /**< Maximum number of bytes for usable MPIs. */
 #else
-#define MBEDTLS_MPI_MAX_SIZE 32         /**< Maximum number of bytes for usable MPIs. */
-#endif                                  // DIC_ENABLE
+#define MBEDTLS_MPI_MAX_SIZE 32     /**< Maximum number of bytes for usable MPIs. */
+#endif  // DIC_ENABLE
+
 #define MBEDTLS_ECP_MAX_BITS 256        /**< Maximum bit size of groups */
 #define MBEDTLS_ECP_WINDOW_SIZE 2       /**< Maximum window size used */
 #define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 2   /**< Maximum number of sources supported */
-
-#if OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 900 /**< Maxium fragment length in bytes */
-#else
-#define MBEDTLS_SSL_MAX_CONTENT_LEN 768 /**< Maxium fragment length in bytes */
-#endif
-
-#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
 
 #define MBEDTLS_CIPHER_MODE_WITH_PADDING
 
-#include "check_crypto_config.h"
-#include "mbedtls/check_config.h"
-#include "mbedtls/config_psa.h"
-#include "sli_mbedtls_acceleration.h"
-#include "sli_mbedtls_omnipresent.h"
+// Includes generated file for all generic defines.
+#include "sl_mbedtls_config.h"
\ No newline at end of file
diff --git a/src/platform/silabs/efr32/matter_psa_crypto_config.h b/src/platform/silabs/efr32/matter_psa_crypto_config.h
new file mode 100644
index 00000000000000..e4f1e5298b539e
--- /dev/null
+++ b/src/platform/silabs/efr32/matter_psa_crypto_config.h
@@ -0,0 +1,50 @@
+/*
+ *
+ *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+#include "em_device.h"
+#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
+// Use accelerated HMAC when we have it
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+// Use accelerated ECDSA/ECDH when we have it
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
+#define MBEDTLS_PSA_ACCEL_ALG_ECDH
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#else
+// Devices without SEMAILBOX or CRYPTOACC don't have HMAC top-level accelerated
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+// Devices without SEMAILBOX or CRYPTOACC don't have fully implemented ECDSA/ECDH
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
+#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#endif
+// end of user configuration section >>>
+
+#ifdef DIC_ENABLE
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+#define PSA_WANT_ALG_CBC_NO_PADDING
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif // DIC_ENABLE
+
+// Include Generated fies
+#include "psa_crypto_config.h"
\ No newline at end of file
diff --git a/src/platform/silabs/efr32/psa_crypto_config.h b/src/platform/silabs/efr32/psa_crypto_config.h
deleted file mode 100644
index 450f9233cb9c4b..00000000000000
--- a/src/platform/silabs/efr32/psa_crypto_config.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- *
- *    Copyright (c) 2020-2021 Project CHIP Authors
- *    All rights reserved.
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-#pragma once
-
-// ADD USER PSA CRYPTO CONFIG HERE
-#define SL_PSA_KEY_USER_SLOT_COUNT (4)
-
-#define SL_PSA_ITS_USER_MAX_FILES (128)
-
-#include "em_device.h"
-#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
-// Use accelerated HMAC when we have it
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC
-// Use accelerated ECDSA/ECDH when we have it
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
-#define MBEDTLS_PSA_ACCEL_ALG_ECDH
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
-#else
-// Devices without SEMAILBOX or CRYPTOACC don't have HMAC top-level accelerated
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-// Devices without SEMAILBOX or CRYPTOACC don't have fully implemented ECDSA/ECDH
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#endif
-// end of user configuration section >>>
-
-// AUTO GENERATED PSA CONFIG SECTION BELOW. **KEEP AS IS FUTURE GSDK UPDATE**
-#define PSA_WANT_KEY_TYPE_AES
-#define PSA_WANT_ALG_CMAC
-#define PSA_WANT_ALG_SHA_256
-#define PSA_WANT_ALG_CCM
-#define PSA_WANT_ALG_ECB_NO_PADDING
-#define PSA_WANT_ALG_ECDSA
-#define PSA_WANT_ALG_ECDH
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-#define PSA_WANT_ECC_SECP_R1_256
-#define PSA_WANT_ALG_HKDF
-#define PSA_WANT_ALG_HMAC
-#define PSA_WANT_KEY_TYPE_HMAC
-#ifdef DIC_ENABLE
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-#define PSA_WANT_ALG_CBC_NO_PADDING
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif // DIC_ENABLE
-#define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_224
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
-#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
-#define MBEDTLS_PSA_ACCEL_ALG_CTR
-#define MBEDTLS_PSA_ACCEL_ALG_CFB
-#define MBEDTLS_PSA_ACCEL_ALG_OFB
-#define MBEDTLS_PSA_ACCEL_ALG_GCM
-#define MBEDTLS_PSA_ACCEL_ALG_CCM
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC
-
-#define MBEDTLS_PSA_KEY_SLOT_COUNT (15 + 1 + SL_PSA_KEY_USER_SLOT_COUNT)
-#define SL_PSA_ITS_MAX_FILES (1 + SL_PSA_ITS_USER_MAX_FILES)
-
-#if defined(TFM_CONFIG_SL_SECURE_LIBRARY)
-// Asymmetric Crypt module (RSA is not supported)
-#define TFM_CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED
-
-// HASH module
-#if !defined(PSA_WANT_ALG_SHA_1) && !defined(PSA_WANT_ALG_SHA_224) && !defined(PSA_WANT_ALG_SHA_256) &&                            \
-    !defined(PSA_WANT_ALG_SHA_384) && !defined(PSA_WANT_ALG_SHA_512) && !defined(PSA_WANT_ALG_MD5)
-#define TFM_CRYPTO_HASH_MODULE_DISABLED
-#endif
-
-// AEAD module
-#if !defined(PSA_WANT_ALG_CCM) && !defined(PSA_WANT_ALG_GCM) && !defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#define TFM_CRYPTO_AEAD_MODULE_DISABLED
-#endif
-
-// Asymmetric Sign module
-#if !defined(PSA_WANT_ALG_ECDSA) && !defined(PSA_WANT_ALG_EDDSA) && !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#define TFM_CRYPTO_ASYM_SIGN_MODULE_DISABLED
-#endif
-
-// Cipher module
-#if !defined(PSA_WANT_ALG_CFB) && !defined(PSA_WANT_ALG_CTR) && !defined(PSA_WANT_ALG_CBC_NO_PADDING) &&                           \
-    !defined(PSA_WANT_ALG_CBC_PKCS7) && !defined(PSA_WANT_ALG_ECB_NO_PADDING) && !defined(PSA_WANT_ALG_XTS) &&                     \
-    !defined(PSA_WANT_ALG_OFB) && !defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define TFM_CRYPTO_CIPHER_MODULE_DISABLED
-#endif
-
-// MAC module
-#if !defined(PSA_WANT_ALG_HMAC) && !defined(PSA_WANT_ALG_CMAC) && !defined(PSA_WANT_ALG_CBC_MAC)
-#define TFM_CRYPTO_MAC_MODULE_DISABLED
-#endif
-
-// Key derivation module
-#if !defined(PSA_WANT_ALG_PBKDF2_HMAC) && !defined(PSA_WANT_ALG_HKDF) && !defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) &&         \
-    !defined(PSA_WANT_ALG_TLS12_PRF) && !defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && !defined(PSA_WANT_ALG_ECDH)
-#define TFM_CRYPTO_KEY_DERIVATION_MODULE_DISABLED
-#endif
-
-#endif // TFM_CONFIG_SL_SECURE_LIBRARY
-
-/* Defaults in GSDK 4.3.0 */
-#define SL_PSA_ITS_SUPPORT_V1_DRIVER 0
-#define SL_PSA_ITS_SUPPORT_V2_DRIVER 0
-#define SL_PSA_ITS_SUPPORT_V3_DRIVER 1
diff --git a/src/platform/silabs/platformAbstraction/GsdkSpam.cpp b/src/platform/silabs/platformAbstraction/GsdkSpam.cpp
index 98eaa6f7114724..6701e832328a89 100644
--- a/src/platform/silabs/platformAbstraction/GsdkSpam.cpp
+++ b/src/platform/silabs/platformAbstraction/GsdkSpam.cpp
@@ -68,7 +68,6 @@ SilabsPlatform::SilabsButtonCb SilabsPlatform::mButtonCallback = nullptr;
 CHIP_ERROR SilabsPlatform::Init(void)
 {
     sl_system_init();
-    sl_mbedtls_init();
 
 #if CHIP_ENABLE_OPENTHREAD
     sl_ot_sys_init();
diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index 74508ebf0f64f4..2fde69d0bbf3d8 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -211,7 +211,7 @@ template("efr32_sdk") {
     # declared in efr32_mbedtls_config further down this file.
     defines = [
       "MBEDTLS_CONFIG_FILE=\"efr32-chip-mbedtls-config.h\"",
-      "MBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"psa_crypto_config.h\"",
+      "MBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"matter_psa_crypto_config.h\"",
       "__STARTUP_CLEAR_BSS",
       "HARD_FAULT_LOG_ENABLE",
       "CORTEXM3_EFM32_MICRO",
@@ -541,7 +541,7 @@ template("efr32_sdk") {
     # edited.
     sources = [
       "${chip_root}/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h",
-      "${chip_root}/src/platform/silabs/efr32/psa_crypto_config.h",
+      "${chip_root}/src/platform/silabs/efr32/matter_psa_crypto_config.h",
     ]
 
     public_configs = [ "${chip_root}/src:includes" ]
diff --git a/third_party/silabs/matter_support b/third_party/silabs/matter_support
index 555665e8e850ce..68b3265e892bc0 160000
--- a/third_party/silabs/matter_support
+++ b/third_party/silabs/matter_support
@@ -1 +1 @@
-Subproject commit 555665e8e850cec654723d82b2819e7edd2b8283
+Subproject commit 68b3265e892bc0e4b36e9aed336737ce9e8fe42b

From b6a414c4e92da1acc6b18082c39e9bdc11490bd6 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Thu, 10 Aug 2023 10:08:28 -0400
Subject: [PATCH 05/12] clean up crypto configs

---
 examples/platform/silabs/matter-platform.slcp |  9 ++++
 .../silabs/efr32/efr32-chip-mbedtls-config.h  | 41 +++------------
 .../silabs/efr32/efr32-psa-crypto-config.h    | 28 +++++++++++
 .../silabs/efr32/matter_psa_crypto_config.h   | 50 -------------------
 third_party/silabs/efr32_sdk.gni              | 13 +++--
 5 files changed, 53 insertions(+), 88 deletions(-)
 create mode 100644 src/platform/silabs/efr32/efr32-psa-crypto-config.h
 delete mode 100644 src/platform/silabs/efr32/matter_psa_crypto_config.h

diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index c87fa2408562c2..fb2c8d56cd9e7b 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -62,7 +62,16 @@ component:
 - {id: mbedtls_x509}
 - {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime }
 - {id: mbedtls_pkcs5}
+- {id: mbedtls_base64}
+- {id: mbedtls_jpake}
 - {id: psa_crypto_config}
+- {id: psa_crypto_sha512}
+- {id: psa_crypto_tls12_prf}
+- {id: mbedtls_sha512}
+- {id: mbedtls_tls}
+- {id: mbedtls_dtls}
+- {id: mbedtls_tls_server}
+
 
 config_file:
   - override:
diff --git a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
index 758f3dc60155ab..01a1c6c3724d7d 100644
--- a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
+++ b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
@@ -40,7 +40,7 @@
 #endif // CHIP_HAVE_CONFIG_H
 
 /**
- * Enable H Crypto and Entropy modules
+ * DIC Specific Configurations
  */
 #ifdef DIC_ENABLE
 #define MBEDTLS_PKCS1_V15
@@ -50,44 +50,17 @@
 #define MBEDTLS_SSL_IN_CONTENT_LEN 5120
 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1560
 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF
-#endif // DIC_ENABLE
+#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
+#endif                           // DIC_ENABLE
 
 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
 
 #define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
-#define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-#define MBEDTLS_HAVE_ASM
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+// #define MBEDTLS_AES_FEWER_TABLES /* Check if we want this */
+
 #define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-#define MBEDTLS_SHA256_SMALLER
-#define MBEDTLS_SHA512_C
-#define MBEDTLS_SSL_COOKIE_C
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-#define MBEDTLS_SSL_EXPORT_KEYS
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-#define MBEDTLS_SSL_PROTO_DTLS
-#define MBEDTLS_SSL_SRV_C
-#define MBEDTLS_X509_USE_C
+#define MBEDTLS_SHA256_SMALLER    /* Check if we want this */
 #define MBEDTLS_MPI_WINDOW_SIZE 1 /**< Maximum windows size used. */
 
-#ifdef DIC_ENABLE
-#define MBEDTLS_MPI_MAX_SIZE 512    /**< Maximum number of bytes for usable MPIs. */
-#else
-#define MBEDTLS_MPI_MAX_SIZE 32     /**< Maximum number of bytes for usable MPIs. */
-#endif  // DIC_ENABLE
-
-#define MBEDTLS_ECP_MAX_BITS 256        /**< Maximum bit size of groups */
-#define MBEDTLS_ECP_WINDOW_SIZE 2       /**< Maximum window size used */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Enable fixed-point speed-up */
-
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
-
 // Includes generated file for all generic defines.
-#include "sl_mbedtls_config.h"
\ No newline at end of file
+#include "sl_mbedtls_config.h"
diff --git a/src/platform/silabs/efr32/efr32-psa-crypto-config.h b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
new file mode 100644
index 00000000000000..38cddcbb152416
--- /dev/null
+++ b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
@@ -0,0 +1,28 @@
+/*
+ *
+ *    Copyright (c) 2020-2021 Project CHIP Authors
+ *    All rights reserved.
+ *
+ *    Licensed under the Apache License, Version 2.0 (the "License");
+ *    you may not use this file except in compliance with the License.
+ *    You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *    Unless required by applicable law or agreed to in writing, software
+ *    distributed under the License is distributed on an "AS IS" BASIS,
+ *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *    See the License for the specific language governing permissions and
+ *    limitations under the License.
+ */
+
+#pragma once
+
+#ifdef DIC_ENABLE
+#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+#define PSA_WANT_ALG_CBC_NO_PADDING
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif // DIC_ENABLE
+
+// Include Generated fies
+#include "psa_crypto_config.h"
\ No newline at end of file
diff --git a/src/platform/silabs/efr32/matter_psa_crypto_config.h b/src/platform/silabs/efr32/matter_psa_crypto_config.h
deleted file mode 100644
index e4f1e5298b539e..00000000000000
--- a/src/platform/silabs/efr32/matter_psa_crypto_config.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- *
- *    Copyright (c) 2020-2021 Project CHIP Authors
- *    All rights reserved.
- *
- *    Licensed under the Apache License, Version 2.0 (the "License");
- *    you may not use this file except in compliance with the License.
- *    You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *    Unless required by applicable law or agreed to in writing, software
- *    distributed under the License is distributed on an "AS IS" BASIS,
- *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *    See the License for the specific language governing permissions and
- *    limitations under the License.
- */
-
-#pragma once
-
-#include "em_device.h"
-#if defined(SEMAILBOX_PRESENT) || defined(CRYPTOACC_PRESENT)
-// Use accelerated HMAC when we have it
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC
-// Use accelerated ECDSA/ECDH when we have it
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
-#define MBEDTLS_PSA_ACCEL_ALG_ECDH
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
-#else
-// Devices without SEMAILBOX or CRYPTOACC don't have HMAC top-level accelerated
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-// Devices without SEMAILBOX or CRYPTOACC don't have fully implemented ECDSA/ECDH
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#endif
-// end of user configuration section >>>
-
-#ifdef DIC_ENABLE
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-#define PSA_WANT_ALG_CBC_NO_PADDING
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-#endif // DIC_ENABLE
-
-// Include Generated fies
-#include "psa_crypto_config.h"
\ No newline at end of file
diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index 2fde69d0bbf3d8..fd11964ef1142b 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -211,7 +211,7 @@ template("efr32_sdk") {
     # declared in efr32_mbedtls_config further down this file.
     defines = [
       "MBEDTLS_CONFIG_FILE=\"efr32-chip-mbedtls-config.h\"",
-      "MBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"matter_psa_crypto_config.h\"",
+      "MBEDTLS_PSA_CRYPTO_CONFIG_FILE=\"efr32-psa-crypto-config.h\"",
       "__STARTUP_CLEAR_BSS",
       "HARD_FAULT_LOG_ENABLE",
       "CORTEXM3_EFM32_MICRO",
@@ -541,7 +541,14 @@ template("efr32_sdk") {
     # edited.
     sources = [
       "${chip_root}/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h",
-      "${chip_root}/src/platform/silabs/efr32/matter_psa_crypto_config.h",
+      "${chip_root}/src/platform/silabs/efr32/efr32-psa-crypto-config.h",
+      "${silabs_gen_folder}/autogen/sli_mbedtls_config_autogen.h",
+      "${silabs_gen_folder}/autogen/sli_mbedtls_config_transform_autogen.h",
+      "${silabs_gen_folder}/autogen/sli_psa_builtin_config_autogen.h",
+      "${silabs_gen_folder}/autogen/sli_psa_config_autogen.h",
+      "${silabs_gen_folder}/config/psa_crypto_config.h",
+      "${silabs_gen_folder}/config/sl_mbedtls_config.h",
+      "${silabs_gen_folder}/config/sl_mbedtls_device_config.h",
     ]
 
     public_configs = [ "${chip_root}/src:includes" ]
@@ -553,13 +560,11 @@ template("efr32_sdk") {
       "${chip_root}/third_party/mbedtls/repo/include/mbedtls/platform.h",
       "${efr32_sdk_root}/hardware/board/src/sl_board_control_gpio.c",
       "${efr32_sdk_root}/hardware/board/src/sl_board_init.c",
-      "${efr32_sdk_root}/hardware/driver/configuration_over_swo/src/sl_cos.c",
       "${efr32_sdk_root}/platform/CMSIS/RTOS2/Source/os_systick.c",
       "${efr32_sdk_root}/platform/bootloader/api/btl_interface.c",
       "${efr32_sdk_root}/platform/bootloader/api/btl_interface_storage.c",
       "${efr32_sdk_root}/platform/bootloader/security/sha/crypto_sha.c",
       "${efr32_sdk_root}/platform/common/src/sl_slist.c",
-      "${efr32_sdk_root}/platform/driver/debug/src/sl_debug_swo.c",
       "${efr32_sdk_root}/platform/emdrv/dmadrv/src/dmadrv.c",
       "${efr32_sdk_root}/platform/emdrv/gpiointerrupt/src/gpiointerrupt.c",
       "${efr32_sdk_root}/platform/emdrv/nvm3/src/nvm3_default.c",

From 055524175bf4a77f4ca52c0723d815a48aabc136 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 11 Aug 2023 09:54:42 -0400
Subject: [PATCH 06/12] Pull in updated generated files

---
 third_party/silabs/matter_support | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/third_party/silabs/matter_support b/third_party/silabs/matter_support
index 68b3265e892bc0..313d4efc465d0e 160000
--- a/third_party/silabs/matter_support
+++ b/third_party/silabs/matter_support
@@ -1 +1 @@
-Subproject commit 68b3265e892bc0e4b36e9aed336737ce9e8fe42b
+Subproject commit 313d4efc465d0e5ce5e29d9c5c0e19e4f5e4e732

From 47eb13fb7a572c72b37fad3e2acfb4a73887e7a6 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 11 Aug 2023 09:56:11 -0400
Subject: [PATCH 07/12] last changes for gsdk update

---
 examples/platform/silabs/matter-platform.slcp | 12 +++++++-----
 src/platform/silabs/CHIPPlatformConfig.h      | 10 +++++++++-
 third_party/silabs/silabs_board.gni           |  5 -----
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index fb2c8d56cd9e7b..2be9116b67bfad 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -71,6 +71,7 @@ component:
 - {id: mbedtls_tls}
 - {id: mbedtls_dtls}
 - {id: mbedtls_tls_server}
+- {id: psa_its}
 
 
 config_file:
@@ -81,20 +82,21 @@ config_file:
     directory: btconf
 
 configuration:
-- {name: SL_BOARD_ENABLE_VCOM, value: '1'}
 - {name: SL_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED, value: '1'}
 - {name: SL_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED, value: '1'}
 - condition: [uartdrv_usart]
   name: UARTDRV_RESTRICT_ENERGY_MODE_TO_ALLOW_RECEPTION
-  value: '0'
+  value: '1'
 - condition: [iostream_usart]
   name: SL_IOSTREAM_USART_VCOM_RESTRICT_ENERGY_MODE_TO_ALLOW_RECEPTION
-  value: '0'
+  value: '1'
 - condition: [iostream_usart]
   name: SL_IOSTREAM_USART_VCOM_RX_BUFFER_SIZE
   value: '128'
-- {name: SL_HEAP_SIZE, value: '16384'}
-- {name: SL_STACK_SIZE, value: '4608'}
+- {name: SL_HEAP_SIZE, value: '0'}
+- {name: SL_STACK_SIZE, value: '0'}
+- {name: SL_BOARD_ENABLE_VCOM, value: '0'}
+- {name: EMDRV_UARTDRV_FLOW_CONTROL_ENABLE, value: '0'}
 
 requires:
 - condition: [device_series_1]
diff --git a/src/platform/silabs/CHIPPlatformConfig.h b/src/platform/silabs/CHIPPlatformConfig.h
index a9105527fb7b15..49e2bb59454658 100644
--- a/src/platform/silabs/CHIPPlatformConfig.h
+++ b/src/platform/silabs/CHIPPlatformConfig.h
@@ -45,11 +45,19 @@
 #if CHIP_HAVE_CONFIG_H
 #include <crypto/CryptoBuildConfig.h>
 #endif
-#if !defined(CHIP_CONFIG_SHA256_CONTEXT_SIZE) && (CHIP_CRYPTO_PLATFORM == 1)
+#if (CHIP_CRYPTO_PLATFORM == 1)
 #include "psa/crypto.h"
+
+#if !defined(CHIP_CONFIG_SHA256_CONTEXT_SIZE)
 #define CHIP_CONFIG_SHA256_CONTEXT_SIZE (sizeof(psa_hash_operation_t))
 #endif
 
+#if !defined(CHIP_CONFIG_SHA256_CONTEXT_ALIGN)
+#define CHIP_CONFIG_SHA256_CONTEXT_ALIGN psa_hash_operation_t
+#endif
+
+#endif // CHIP_CRYPTO_PLATFORM
+
 // ==================== General Configuration Overrides ====================
 
 #ifndef CHIP_CONFIG_MAX_UNSOLICITED_MESSAGE_HANDLERS
diff --git a/third_party/silabs/silabs_board.gni b/third_party/silabs/silabs_board.gni
index bba3f060f8898d..660a970f3b2d60 100644
--- a/third_party/silabs/silabs_board.gni
+++ b/third_party/silabs/silabs_board.gni
@@ -168,11 +168,6 @@ if (silabs_board == "BRD4304A") {
 } else if (silabs_board == "BRD4318A") {
   silabs_family = "mgm24"
   silabs_mcu = "MGM240SD22VNA"
-
-  use_wstk_leds = false
-  use_external_flash = false
-  show_qr_code = false
-  disable_lcd = true
 } else {
   print(
       "Please provide a valid value for SILABS_BOARD env variable (currently supported BRD4304A, BRD4161A, BRD4163A, BRD4164A BRD4166A, BRD4170A, BRD4186C, BRD4187C, BRD2601B, BRD2703A, BRD4317A, BRD2704A)")

From fd79e6fd6d37b3cf14b3db4310f0e0c2ee112399 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 11 Aug 2023 09:57:47 -0400
Subject: [PATCH 08/12] update workflow docker image

---
 .github/workflows/examples-efr32.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/examples-efr32.yaml b/.github/workflows/examples-efr32.yaml
index b0e3eef9b3cbe7..626a6913c1d6c7 100644
--- a/.github/workflows/examples-efr32.yaml
+++ b/.github/workflows/examples-efr32.yaml
@@ -38,7 +38,7 @@ jobs:
     if: github.actor != 'restyled-io[bot]'
 
     container:
-      image: ghcr.io/project-chip/chip-build-efr32:1
+      image: ghcr.io/project-chip/chip-build-efr32:8
       volumes:
         - "/tmp/bloat_reports:/tmp/bloat_reports"
     steps:

From a09dc92cd40536bfb4422a9c9ac0f4b8c63fcd10 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 11 Aug 2023 09:58:19 -0400
Subject: [PATCH 09/12] restyle

---
 src/platform/silabs/efr32/efr32-psa-crypto-config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/platform/silabs/efr32/efr32-psa-crypto-config.h b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
index 38cddcbb152416..adec31ab4e6237 100644
--- a/src/platform/silabs/efr32/efr32-psa-crypto-config.h
+++ b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
@@ -25,4 +25,4 @@
 #endif // DIC_ENABLE
 
 // Include Generated fies
-#include "psa_crypto_config.h"
\ No newline at end of file
+#include "psa_crypto_config.h"

From b967c92e86c669859a4b3d23369480a8625648ef Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Fri, 11 Aug 2023 11:17:24 -0400
Subject: [PATCH 10/12] fix slc gen builds

---
 third_party/silabs/efr32_sdk.gni | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index fd11964ef1142b..649045e149865e 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -794,6 +794,14 @@ template("efr32_sdk") {
       ]
     }
 
+    # COS and SWO sources files for when we use generate with slc
+    if (slc_generate || slc_reuse_files) {
+      sources += [
+        "${efr32_sdk_root}/hardware/driver/configuration_over_swo/src/sl_cos.c",
+        "${efr32_sdk_root}/platform/driver/debug/src/sl_debug_swo.c",
+      ]
+    }
+
     # USART sources files
     if ((defined(invoker.chip_enable_pw_rpc) && invoker.chip_enable_pw_rpc) ||
         chip_build_libshell || enable_openthread_cli ||

From d9a5d551d6a2b1a455a264231b003aa062e46344 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Mon, 14 Aug 2023 16:30:30 -0400
Subject: [PATCH 11/12] WIP

---
 examples/platform/silabs/matter-platform.slcp | 40 ++++++--------
 .../silabs/efr32/efr32-chip-mbedtls-config.h  |  7 ---
 third_party/silabs/efr32_sdk.gni              | 52 +++----------------
 3 files changed, 23 insertions(+), 76 deletions(-)

diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index 2be9116b67bfad..bfb67f7c295dea 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -49,29 +49,23 @@ component:
 - {id: bluetooth_feature_system}
 - {id: bluetooth_feature_scanner}
 - {id: rail_util_power_manager_init}
-- {id: mbedtls_aes}
-- {id: mbedtls_ccm}
-- {id: mbedtls_cmac}
-- {id: mbedtls_ecc}
-- {id: mbedtls_ecdh}
-- {id: mbedtls_ecdsa}
-- {id: mbedtls_ecdsa_deterministic}
-- {id: mbedtls_hash}
-- {id: mbedtls_hkdf}
-- {id: mbedtls_entropy_default}
-- {id: mbedtls_x509}
-- {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime }
-- {id: mbedtls_pkcs5}
-- {id: mbedtls_base64}
-- {id: mbedtls_jpake}
-- {id: psa_crypto_config}
-- {id: psa_crypto_sha512}
-- {id: psa_crypto_tls12_prf}
-- {id: mbedtls_sha512}
-- {id: mbedtls_tls}
-- {id: mbedtls_dtls}
-- {id: mbedtls_tls_server}
-- {id: psa_its}
+- {id: mbedtls_aes} # -> ok
+- {id: mbedtls_ccm} # -> ok
+- {id: mbedtls_cmac} # -> ok
+- {id: mbedtls_ecc} # -> ok
+- {id: mbedtls_ecdh} # -> ok
+- {id: mbedtls_ecdsa} # -> ok
+- {id: mbedtls_ecdsa_deterministic} # -> ok
+- {id: mbedtls_hash} # -> ok
+- {id: mbedtls_hkdf} # -> ok
+- {id: mbedtls_entropy_default} # -> ok
+- {id: mbedtls_x509} # -> ok
+- {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime } # -> ok
+- {id: mbedtls_pkcs5} # -> ok
+- {id: mbedtls_base64} # Not present
+- {id: ot_mbedtls}
+- {id: ot_psa_crypto}
+- {id: bluetooth_crypto}
 
 
 config_file:
diff --git a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
index 01a1c6c3724d7d..c236ed04680f23 100644
--- a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
+++ b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
@@ -28,13 +28,6 @@
 
 #pragma once
 
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "em_device.h"
-#include "em_se.h"
-
 #if CHIP_HAVE_CONFIG_H
 #include <crypto/CryptoBuildConfig.h>
 #endif // CHIP_HAVE_CONFIG_H
diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index 649045e149865e..dd50ca15b80549 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -172,14 +172,15 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/silicon_labs/silabs_core/graphics",
       "${efr32_sdk_root}/util/silicon_labs/silabs_core/memory_manager",
       "${efr32_sdk_root}/util/third_party/mbedtls/include",
+      "${efr32_sdk_root}/util/third_party/mbedtls/include/mbedtls",
       "${efr32_sdk_root}/util/third_party/mbedtls/include/psa",
       "${efr32_sdk_root}/util/third_party/mbedtls/library",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_alt/include",
       "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/inc",
+      "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config/",
+      "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/config/preset",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/inc",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/inc/public",
       "${efr32_sdk_root}/platform/security/sl_component/se_manager/inc",
       "${efr32_sdk_root}/platform/security/sl_component/se_manager/src/",
       "${efr32_sdk_root}/util/third_party/freertos/cmsis/Include",
@@ -227,17 +228,11 @@ template("efr32_sdk") {
       "${silabs_mcu}=1",
       "${silabs_board}=1",
       "SL_BOARD_NAME=${silabs_board}",
-      "SL_SUPRESS_DEPRECATION_WARNINGS_SDK_3_1",
       "__HEAP_SIZE=0",
-      "SL_CATALOG_FREERTOS_KERNEL_PRESENT=1",
-      "MBEDTLS_THREADING_C=1",
-      "MBEDTLS_THREADING_ALT=1",
       "SL_THREADING_ALT=1",
       "SL_COMPONENT_CATALOG_PRESENT=1",
       "PLATFORM_HEADER=\"platform-header.h\"",
       "USE_NVM3=1",
-      "SL_CATALOG_POWER_MANAGER_PRESENT",
-      "SL_CATALOG_SLEEPTIMER_PRESENT",
 
       #"__STACK_SIZE=0",
     ]
@@ -542,13 +537,6 @@ template("efr32_sdk") {
     sources = [
       "${chip_root}/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h",
       "${chip_root}/src/platform/silabs/efr32/efr32-psa-crypto-config.h",
-      "${silabs_gen_folder}/autogen/sli_mbedtls_config_autogen.h",
-      "${silabs_gen_folder}/autogen/sli_mbedtls_config_transform_autogen.h",
-      "${silabs_gen_folder}/autogen/sli_psa_builtin_config_autogen.h",
-      "${silabs_gen_folder}/autogen/sli_psa_config_autogen.h",
-      "${silabs_gen_folder}/config/psa_crypto_config.h",
-      "${silabs_gen_folder}/config/sl_mbedtls_config.h",
-      "${silabs_gen_folder}/config/sl_mbedtls_device_config.h",
     ]
 
     public_configs = [ "${chip_root}/src:includes" ]
@@ -557,7 +545,6 @@ template("efr32_sdk") {
 
   source_set(sdk_target_name) {
     sources = [
-      "${chip_root}/third_party/mbedtls/repo/include/mbedtls/platform.h",
       "${efr32_sdk_root}/hardware/board/src/sl_board_control_gpio.c",
       "${efr32_sdk_root}/hardware/board/src/sl_board_init.c",
       "${efr32_sdk_root}/platform/CMSIS/RTOS2/Source/os_systick.c",
@@ -588,8 +575,6 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/pa-conversions/pa_conversions_efr32.c",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_power_manager_init/sl_rail_util_power_manager_init.c",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_pti/sl_rail_util_pti.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/aes_aes.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/crypto_aes.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/crypto_ecp.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/error.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/mbedtls_ccm.c",
@@ -599,17 +584,10 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sl_entropy_hardware.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sl_mbedtls.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sli_psa_crypto.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/version_features.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_protocol_crypto_crypto.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_protocol_crypto_radioaes.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/crypto_management.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_aead.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_cipher.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_hash.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_mac.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_trng_driver.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_driver_common.c",
+      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_version_dependencies.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_driver_init.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_trng.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_driver_builtin_keys.c",
@@ -640,24 +618,18 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/third_party/freertos/kernel/stream_buffer.c",
       "${efr32_sdk_root}/util/third_party/freertos/kernel/tasks.c",
       "${efr32_sdk_root}/util/third_party/freertos/kernel/timers.c",
+      "${efr32_sdk_root}/util/third_party/mbedtls/include/mbedtls/platform.h",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/aes.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/aesni.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/asn1parse.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/asn1write.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/base64.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/bignum.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/camellia.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ccm.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/chacha20.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/chachapoly.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/cipher.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/cipher_wrap.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/cmac.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/constant_time.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ctr_drbg.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/debug.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/des.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/dhm.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecdh.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecdsa.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecjpake.c",
@@ -665,22 +637,18 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecp_curves.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy_poll.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/gcm.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/hkdf.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/hmac_drbg.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/md.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/md5.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/oid.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pem.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pk.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pk_wrap.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/pkcs12.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/pkcs5.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pkparse.c",
+      "${efr32_sdk_root}/util/third_party/mbedtls/library/pkcs5.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pkwrite.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/platform.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/platform_util.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/poly1305.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto_aead.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto_cipher.c",
@@ -693,12 +661,7 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto_se.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto_slot_management.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_crypto_storage.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/psa_its_file.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/ripemd160.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/rsa.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/sha1.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/sha256.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/sha512.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_cache.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_ciphersuites.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_client.c",
@@ -708,10 +671,7 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_tls.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_tls12_client.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_tls12_server.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/ssl_tls13_keys.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/threading.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/timing.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/version.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/x509.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/x509_create.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/x509_crl.c",

From e2cac429e7c595591bd9ea68b2f9f969aca18165 Mon Sep 17 00:00:00 2001
From: Mathieu Kardous <mathieu.kardous@silabs.com>
Date: Tue, 15 Aug 2023 12:38:38 -0400
Subject: [PATCH 12/12] Fix gsdk flash increase

---
 .../efr32/project_include/OpenThreadConfig.h  |  4 ++
 examples/platform/silabs/matter-platform.slcp | 37 ++++++------
 .../silabs/efr32/efr32-chip-mbedtls-config.h  | 25 ++++++--
 .../silabs/efr32/efr32-psa-crypto-config.h    |  6 ++
 third_party/silabs/BUILD.gn                   |  9 ++-
 third_party/silabs/efr32_sdk.gni              | 59 ++++++++++++-------
 third_party/silabs/matter_support             |  2 +-
 7 files changed, 97 insertions(+), 45 deletions(-)

diff --git a/examples/platform/silabs/efr32/project_include/OpenThreadConfig.h b/examples/platform/silabs/efr32/project_include/OpenThreadConfig.h
index 339142894f5e61..e563f31d638b40 100644
--- a/examples/platform/silabs/efr32/project_include/OpenThreadConfig.h
+++ b/examples/platform/silabs/efr32/project_include/OpenThreadConfig.h
@@ -98,6 +98,10 @@
 // and to stay awake after receiving a packet with frame pending set to true.
 #define OPENTHREAD_CONFIG_MAC_STAY_AWAKE_BETWEEN_FRAGMENTS 1
 
+#define OPENTHREAD_CONFIG_ENABLE_BUILTIN_MBEDTLS 0
+
+#define OPENTHREAD_CONFIG_DETERMINISTIC_ECDSA_ENABLE 0
+
 // Use the SiLabs-supplied default platform configuration for remainder
 // of OpenThread config options.
 //
diff --git a/examples/platform/silabs/matter-platform.slcp b/examples/platform/silabs/matter-platform.slcp
index bfb67f7c295dea..33ed32c11d909f 100644
--- a/examples/platform/silabs/matter-platform.slcp
+++ b/examples/platform/silabs/matter-platform.slcp
@@ -44,29 +44,30 @@ component:
 - {id: rail_util_pti}
 - {id: bluetooth_feature_gatt}
 - {id: bluetooth_feature_connection}
-- {id: psa_crypto}
 - {id: rail_lib_multiprotocol}
 - {id: bluetooth_feature_system}
 - {id: bluetooth_feature_scanner}
 - {id: rail_util_power_manager_init}
-- {id: mbedtls_aes} # -> ok
-- {id: mbedtls_ccm} # -> ok
-- {id: mbedtls_cmac} # -> ok
-- {id: mbedtls_ecc} # -> ok
-- {id: mbedtls_ecdh} # -> ok
-- {id: mbedtls_ecdsa} # -> ok
-- {id: mbedtls_ecdsa_deterministic} # -> ok
-- {id: mbedtls_hash} # -> ok
-- {id: mbedtls_hkdf} # -> ok
-- {id: mbedtls_entropy_default} # -> ok
-- {id: mbedtls_x509} # -> ok
-- {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime } # -> ok
-- {id: mbedtls_pkcs5} # -> ok
-- {id: mbedtls_base64} # Not present
-- {id: ot_mbedtls}
+- {id: psa_crypto}
+- {id: psa_crypto_aes}
+- {id: psa_crypto_ccm}
+- {id: psa_crypto_cmac}
+- {id: psa_crypto_ecc}
+- {id: psa_crypto_ecdh}
+- {id: psa_crypto_ecdsa}
+- {id: psa_crypto_hash}
+- {id: psa_crypto_hkdf}
+- {id: mbedtls_x509}
+- {id: mbedtls_cmac}
+- {id: mbedtls_platform_dynamic_memory_allocation_config_init_runtime }
+- {id: mbedtls_base64}
 - {id: ot_psa_crypto}
 - {id: bluetooth_crypto}
-
+# Necessary componenets for ot coap cert lib
+# - {id: mbedtls_dtls} # Requried by COAP lib
+# - {id: mbedtls_tls_server} # Requried by COAP lib
+# - {id: mbedtls_tls} # Requried by COAP lib
+# - {id: mbedtls_jpake} # Required by COAP lib
 
 config_file:
   - override:
@@ -76,7 +77,7 @@ config_file:
     directory: btconf
 
 configuration:
-- {name: SL_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED, value: '1'}
+- {name: SL_MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED, value: '0'}
 - {name: SL_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED, value: '1'}
 - condition: [uartdrv_usart]
   name: UARTDRV_RESTRICT_ENERGY_MODE_TO_ALLOW_RECEPTION
diff --git a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
index c236ed04680f23..35ff27436ed88b 100644
--- a/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
+++ b/src/platform/silabs/efr32/efr32-chip-mbedtls-config.h
@@ -32,9 +32,7 @@
 #include <crypto/CryptoBuildConfig.h>
 #endif // CHIP_HAVE_CONFIG_H
 
-/**
- * DIC Specific Configurations
- */
+// DIC Specific Configurations
 #ifdef DIC_ENABLE
 #define MBEDTLS_PKCS1_V15
 #define MBEDTLS_RSA_NO_CRT
@@ -43,8 +41,25 @@
 #define MBEDTLS_SSL_IN_CONTENT_LEN 5120
 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1560
 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF
-#define MBEDTLS_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
-#endif                           // DIC_ENABLE
+#define MBEDTLS_MPI_MAX_SIZE 512
+#endif // DIC_ENABLE
+
+// Configurations necessary for ot coap cert libs
+#if SL_USE_COAP_CONFIG
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_COOKIE_C
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CCM_C
+#define MBEDTLS_ECJPAKE_C
+#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+#endif // SL_USE_COAP_CONFIG
 
 #define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf
 
diff --git a/src/platform/silabs/efr32/efr32-psa-crypto-config.h b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
index adec31ab4e6237..b5564f88bd3258 100644
--- a/src/platform/silabs/efr32/efr32-psa-crypto-config.h
+++ b/src/platform/silabs/efr32/efr32-psa-crypto-config.h
@@ -18,11 +18,17 @@
 
 #pragma once
 
+// DIC Specific Configurations
 #ifdef DIC_ENABLE
 #define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
 #define PSA_WANT_ALG_CBC_NO_PADDING
 #define PSA_WANT_ALG_RSA_PKCS1V15_SIGN
 #endif // DIC_ENABLE
 
+// Configurations necessary for ot coap cert libs
+#if SL_USE_COAP_CONFIG
+#define PSA_WANT_ALG_CBC_NO_PADDING
+#endif // SL_USE_COAP_CONFIG
+
 // Include Generated fies
 #include "psa_crypto_config.h"
diff --git a/third_party/silabs/BUILD.gn b/third_party/silabs/BUILD.gn
index c2c248fb6da201..bff6ac886bce66 100644
--- a/third_party/silabs/BUILD.gn
+++ b/third_party/silabs/BUILD.gn
@@ -28,7 +28,6 @@ declare_args() {
   # Build target to use for efr32 SDK. Use this to set global SDK defines.
   silabs_sdk_target = ""
 
-  use_thread_coap_lib = false
   sl_matter_version_str = ""
   sl_matter_version = 1
   sl_hardware_version = 1
@@ -125,6 +124,10 @@ if (silabs_board != "BRD4325B") {  # CCP board
           "${sl_openthread_root}/examples/apps/cli/cli_uart.cpp",
           "${sl_openthread_root}/src/cli/cli.cpp",
           "${sl_openthread_root}/src/cli/cli.hpp",
+          "${sl_openthread_root}/src/cli/cli_bbr.cpp",
+          "${sl_openthread_root}/src/cli/cli_bbr.hpp",
+          "${sl_openthread_root}/src/cli/cli_br.cpp",
+          "${sl_openthread_root}/src/cli/cli_br.hpp",
           "${sl_openthread_root}/src/cli/cli_coap.cpp",
           "${sl_openthread_root}/src/cli/cli_coap.hpp",
           "${sl_openthread_root}/src/cli/cli_coap_secure.cpp",
@@ -134,10 +137,14 @@ if (silabs_board != "BRD4325B") {  # CCP board
           "${sl_openthread_root}/src/cli/cli_config.h",
           "${sl_openthread_root}/src/cli/cli_dataset.cpp",
           "${sl_openthread_root}/src/cli/cli_dataset.hpp",
+          "${sl_openthread_root}/src/cli/cli_dns.cpp",
+          "${sl_openthread_root}/src/cli/cli_dns.hpp",
           "${sl_openthread_root}/src/cli/cli_history.cpp",
           "${sl_openthread_root}/src/cli/cli_history.hpp",
           "${sl_openthread_root}/src/cli/cli_joiner.cpp",
           "${sl_openthread_root}/src/cli/cli_joiner.hpp",
+          "${sl_openthread_root}/src/cli/cli_mac_filter.cpp",
+          "${sl_openthread_root}/src/cli/cli_mac_filter.hpp",
           "${sl_openthread_root}/src/cli/cli_network_data.cpp",
           "${sl_openthread_root}/src/cli/cli_network_data.hpp",
           "${sl_openthread_root}/src/cli/cli_output.cpp",
diff --git a/third_party/silabs/efr32_sdk.gni b/third_party/silabs/efr32_sdk.gni
index dd50ca15b80549..d72a875ddb3d7d 100644
--- a/third_party/silabs/efr32_sdk.gni
+++ b/third_party/silabs/efr32_sdk.gni
@@ -35,6 +35,9 @@ declare_args() {
   # Build openthread with prebuilt silabs lib
   use_silabs_thread_lib = false
 
+  # Use the ot coap prebuilt silabs lib
+  use_thread_coap_lib = false
+
   # enable by default for thread/non-wifi-ncp builds
   enable_openthread_cli = !(use_rs9116 || use_wf200 || use_SiWx917)
   kvs_max_entries = 255
@@ -146,10 +149,11 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/radio/rail_lib/chip/efr32",
       "${efr32_sdk_root}/platform/radio/rail_lib/chip/efr32/rf/common/cortex",
       "${efr32_sdk_root}/platform/radio/rail_lib/protocol/ieee802154",
+      "${efr32_sdk_root}/platform/radio/rail_lib/protocol/ble",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/pa-conversions",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_power_manager_init",
       "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_pti",
-      "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_rf_path",
+      "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_power_manager_init",
       "${efr32_sdk_root}/platform/service/device_init/inc",
       "${efr32_sdk_root}/platform/service/hfxo_manager/inc",
       "${efr32_sdk_root}/platform/service/hfxo_manager/src",
@@ -233,10 +237,18 @@ template("efr32_sdk") {
       "SL_COMPONENT_CATALOG_PRESENT=1",
       "PLATFORM_HEADER=\"platform-header.h\"",
       "USE_NVM3=1",
+      "SL_RAIL_LIB_MULTIPROTOCOL_SUPPORT=1",
+      "SL_RAIL_UTIL_PA_CONFIG_HEADER=<sl_rail_util_pa_config.h>",
+      "RADIO_CONFIG_DMP_SUPPORT=1",
 
       #"__STACK_SIZE=0",
     ]
 
+    # Temporary configuration to enable COAP specific configurations
+    if (use_thread_coap_lib) {
+      defines += [ "SL_USE_COAP_CONFIG=1" ]
+    }
+
     if (sl_uart_log_output) {
       defines += [
         "SILABS_LOG_OUT_UART=1",
@@ -410,6 +422,11 @@ template("efr32_sdk") {
         "${efr32_sdk_root}/platform/emdrv/spidrv/inc",
       ]
 
+      if (silabs_board == "BRD4304A") {
+        _include_dirs +=
+            [ "${efr32_sdk_root}/platform/radio/rail_lib/plugin/fem_util/" ]
+      }
+
       libs += [
         "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_multiprotocol_efr32xg12_gcc_release.a",
         "${sdk_support_root}/platform/emdrv/nvm3/lib/libnvm3_CM4_gcc.a",
@@ -451,8 +468,6 @@ template("efr32_sdk") {
         "${efr32_sdk_root}/platform/Device/SiliconLabs/MGM24/Include",
         "${efr32_sdk_root}/platform/driver/debug/inc/",
         "${efr32_sdk_root}/platform/radio/rail_lib/chip/efr32/efr32xg2x",
-        "${efr32_sdk_root}/platform/radio/rail_lib/protocol/ble",
-        "${efr32_sdk_root}/platform/radio/rail_lib/protocol/ieee802154",
         "${efr32_sdk_root}/util/third_party/freertos/kernel/portable/GCC/ARM_CM33_NTZ/non_secure",
         "${efr32_sdk_root}/platform/radio/rail_lib/plugin/fem_util/",
         "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_rssi/",
@@ -470,22 +485,13 @@ template("efr32_sdk") {
 
       if (silabs_mcu == "MGM240PB32VNA") {
         libs += [ "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_config_mgm240pb32vna_gcc.a" ]
-        defines += [
-          "SL_RAIL_LIB_MULTIPROTOCOL_SUPPORT=1",
-          "RADIO_CONFIG_DMP_SUPPORT=1",
-        ]
       } else if (silabs_mcu == "MGM240PB22VNA") {
         libs += [ "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_config_mgm240pb22vna_gcc.a" ]
       } else if (silabs_mcu == "MGM240L022RNF") {
         libs += [ "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_config_mgm240l022rnf_gcc.a" ]
       } else if (silabs_mcu == "MGM240SD22VNA") {
         libs += [ "${sdk_support_root}/platform/radio/rail_lib/autogen/librail_release/librail_config_mgm240sd22vna_gcc.a" ]
-        defines += [
-          "SL_RAIL_LIB_MULTIPROTOCOL_SUPPORT=1",
-          "RADIO_CONFIG_DMP_SUPPORT=1",
-          "SLI_RADIOAES_REQUIRES_MASKING=1",
-          "SL_RAIL_UTIL_PA_CONFIG_HEADER=<sl_rail_util_pa_config.h>",
-        ]
+        defines += [ "SLI_RADIOAES_REQUIRES_MASKING=1" ]
       }
 
       defines += [
@@ -584,14 +590,13 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sl_entropy_hardware.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sl_mbedtls.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/sli_psa_crypto.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_protocol_crypto_radioaes.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sl_psa_its_nvm3.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_driver_common.c",
-      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_version_dependencies.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_driver_init.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_psa_trng.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_driver_builtin_keys.c",
       "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_driver_signature.c",
+      "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_version_dependencies.c",
       "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_lfrco.c",
       "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_nvic.c",
       "${efr32_sdk_root}/platform/service/hfxo_manager/src/sl_hfxo_manager.c",
@@ -629,23 +634,19 @@ template("efr32_sdk") {
       "${efr32_sdk_root}/util/third_party/mbedtls/library/cipher_wrap.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/cmac.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/constant_time.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/ctr_drbg.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecdh.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecdsa.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecjpake.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecp.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/ecp_curves.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy_poll.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/hkdf.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/hmac_drbg.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/md.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/oid.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pem.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pk.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pk_wrap.c",
-      "${efr32_sdk_root}/util/third_party/mbedtls/library/pkparse.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pkcs5.c",
+      "${efr32_sdk_root}/util/third_party/mbedtls/library/pkparse.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/pkwrite.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/platform.c",
       "${efr32_sdk_root}/util/third_party/mbedtls/library/platform_util.c",
@@ -813,12 +814,28 @@ template("efr32_sdk") {
       sources += [
         "${efr32_sdk_root}/platform/Device/SiliconLabs/EFR32MG12P/Source/startup_efr32mg12p.c",
         "${efr32_sdk_root}/platform/Device/SiliconLabs/EFR32MG12P/Source/system_efr32mg12p.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/crypto_aes.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_protocol_crypto_crypto.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/crypto_management.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_aead.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_cipher.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_hash.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_transparent_driver_mac.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_crypto_trng_driver.c",
         "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_dcdc_s1.c",
         "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_emu_s1.c",
         "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_hfxo_s1.c",
         "${efr32_sdk_root}/platform/service/device_init/src/sl_device_init_lfxo_s1.c",
         "${efr32_sdk_root}/util/third_party/freertos/kernel/portable/GCC/ARM_CM4F/port.c",
+        "${efr32_sdk_root}/util/third_party/mbedtls/library/ctr_drbg.c",
+        "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy.c",
+        "${efr32_sdk_root}/util/third_party/mbedtls/library/entropy_poll.c",
+        "${efr32_sdk_root}/util/third_party/mbedtls/library/hmac_drbg.c",
       ]
+
+      if (silabs_board == "BRD4304A") {
+        sources += [ "${efr32_sdk_root}/platform/radio/rail_lib/plugin/fem_util/sl_fem_util.c" ]
+      }
     } else if (silabs_family == "efr32mg24") {
       sources += [
         "${efr32_sdk_root}/platform/Device/SiliconLabs/EFR32MG24/Source/startup_efr32mg24.c",
@@ -838,6 +855,7 @@ template("efr32_sdk") {
 
     if (silabs_family == "mgm24" || silabs_family == "efr32mg24") {
       sources += [
+        "${efr32_sdk_root}/platform/radio/rail_lib/plugin/rail_util_sequencer/sl_rail_util_sequencer.c",
         "${efr32_sdk_root}/platform/security/sl_component/se_manager/src/sl_se_manager.c",
         "${efr32_sdk_root}/platform/security/sl_component/se_manager/src/sl_se_manager_attestation.c",
         "${efr32_sdk_root}/platform/security/sl_component/se_manager/src/sl_se_manager_cipher.c",
@@ -849,6 +867,7 @@ template("efr32_sdk") {
         "${efr32_sdk_root}/platform/security/sl_component/se_manager/src/sl_se_manager_util.c",
         "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/se_aes.c",
         "${efr32_sdk_root}/platform/security/sl_component/sl_mbedtls_support/src/se_jpake.c",
+        "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_protocol_crypto_radioaes.c",
         "${efr32_sdk_root}/platform/security/sl_component/sl_protocol_crypto/src/sli_radioaes_management.c",
         "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_driver_aead.c",
         "${efr32_sdk_root}/platform/security/sl_component/sl_psa_driver/src/sli_se_driver_cipher.c",
diff --git a/third_party/silabs/matter_support b/third_party/silabs/matter_support
index 313d4efc465d0e..05dc47da941d6a 160000
--- a/third_party/silabs/matter_support
+++ b/third_party/silabs/matter_support
@@ -1 +1 @@
-Subproject commit 313d4efc465d0e5ce5e29d9c5c0e19e4f5e4e732
+Subproject commit 05dc47da941d6a5e4a578f167da0fbdb5c651ec7