modules: mbedtls: bump to 4.x#104031
modules: mbedtls: bump to 4.x#104031valeriosetti wants to merge 23 commits intozephyrproject-rtos:mainfrom
Conversation
|
The following west manifest projects have changed revision in this Pull Request:
Additional metadata changed:
⛔ DNM label due to: 3 added projects, 5 projects with PR revision and 1 project with metadata changes Note: This message is automatically posted and updated by the Manifest GitHub Action. |
github-actions
bot
added
manifest
manifest-mbedtls-3.6.5
manifest-tf-psa-crypto
manifest-mcuboot
manifest-mbedtls
DNM (manifest)
valeriosetti
force-pushed
the
mbedtls4-integration
branch
3 times, most recently
from
ecc176b to
4ca507c
Compare
valeriosetti
force-pushed
the
mbedtls4-integration
branch
2 times, most recently
from
d0ffe43 to
42b0f80
Compare
valeriosetti
force-pushed
the
mbedtls4-integration
branch
3 times, most recently
from
5aebdcb to
c5e7c8c
Compare
valeriosetti
force-pushed
the
mbedtls4-integration
branch
5 times, most recently
from
42bdbeb to
7bbc1db
Compare
valeriosetti
force-pushed
the
mbedtls4-integration
branch
from
6d91d3c to
2ea866b
Compare
modules/mbedtls/CMakeLists.txt
Outdated
| # and TF_PSA_CRYPTO_CONFIG_FILE) which are used in Mbed TLS build, but | ||
| # which must also be defined when Zephyr code includes headers | ||
| # from Mbed TLS. | ||
| # - it contains public header directories which are provided by Mbed TLS. |
There was a problem hiding this comment.
| # - it contains public header directories which are provided by Mbed TLS. | |
| # - it contains public include directories which are provided by Mbed TLS. |
| - psa.secure_storage | ||
|
|
||
| "West project: mbedtls-framework": | ||
| "West project: mbedtls-3.6": |
There was a problem hiding this comment.
commit message will need fixup
modules/mbedtls/Kconfig
Outdated
|
|
||
| endchoice # MBEDTLS_IMPLEMENTATION | ||
|
|
||
| config TF_PSA_CRYPTO_CFG_FILE |
There was a problem hiding this comment.
How about instead of calling this TF_PSA_CRYPTO_CFG_FILE we align this and MBEDTLS_CFG_FILE to use the actual Mbed TLS naming instead (replacing CFG with CONFIG)?
There was a problem hiding this comment.
Yes, but is this really required for a bumping PR that already has a good number of commits and changes?
| if PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC | ||
| config MBEDTLS_ECP_NIST_OPTIM | ||
| bool "NSIT curves optimization" | ||
|
|
||
| endif |
There was a problem hiding this comment.
depends on instead? Plus should we rather have this in Kconfig.mbedtls?
There was a problem hiding this comment.
Plus should we rather have this in Kconfig.mbedtls?
Why? That's a crypto thing.
modules/mbedtls/Kconfig
Outdated
| help | ||
| Use the default TF-PSA-Crypto configuration header file provided by | ||
| Zephyr. In this header file all the features are selected by means | ||
| of Kconfigs. |
There was a problem hiding this comment.
Doesn't seem to match the fact that this Kconfig option is a string, not a bool. Maybe just remove this help?
There was a problem hiding this comment.
That's actually being used in the CMake file so it's definitely a string. I agree that the description is not correct and perhaps also the location/file. I will change this.
modules/mbedtls/CMakeLists.txt
Outdated
| zephyr_append_cmake_library(mbedx509) | ||
| zephyr_append_cmake_library(tfpsacrypto) | ||
|
|
||
| # Add Mbed TLS public header directories to the "mbedTLS" interface library. |
There was a problem hiding this comment.
| # Add Mbed TLS public header directories to the "mbedTLS" interface library. | |
| # Add Mbed TLS public include directories to the "mbedTLS" interface library. |
modules/mbedtls/CMakeLists.txt
Outdated
| # Add Mbed TLS public header directories to the "mbedTLS" interface library. | ||
| # Doing this way instead of "target_include_directories()" is better because | ||
| # we don't need to manually specify any path and if something is changed in | ||
| # the future in the upstream project in terms of include paths we get that | ||
| # automatically. | ||
| inherit_include_directories(mbedTLS INTERFACE mbedtls) | ||
| inherit_include_directories(mbedTLS INTERFACE mbedx509) | ||
| inherit_include_directories(mbedTLS INTERFACE tfpsacrypto) |
There was a problem hiding this comment.
Here doesn't target_link_libraries(mbedTLS INTERFACE tfpsacrypto) (and so on) work?
There was a problem hiding this comment.
nope that creates a dependency loop in Cmake
modules/mbedtls/CMakeLists.txt
Outdated
| # in some scenarios. | ||
| include(${CMAKE_CURRENT_LIST_DIR}/legacy_support.cmake) | ||
|
|
||
| # Add another library to provide Zephyr support |
There was a problem hiding this comment.
| # Add another library to provide Zephyr support | |
| # Add another library to provide Zephyr-specific support |
modules/mbedtls/CMakeLists.txt
Outdated
| include(${CMAKE_CURRENT_LIST_DIR}/legacy_support.cmake) | ||
|
|
||
| # Add another library to provide Zephyr support | ||
| zephyr_library_named(zephyr_mbedtls_support) |
There was a problem hiding this comment.
Do we need to name it? it doesn't seem so
| zephyr_library_named(zephyr_mbedtls_support) | |
| zephyr_library() |
modules/mbedtls/CMakeLists.txt
Outdated
| zephyr_library_include_directories(zephyr_mbedtls_support PRIVATE | ||
| ${CMAKE_CURRENT_SOURCE_DIR}/configs | ||
| ${CMAKE_CURRENT_SOURCE_DIR}/include | ||
| ) |
There was a problem hiding this comment.
Couldn't we just do
| zephyr_library_include_directories(zephyr_mbedtls_support PRIVATE | |
| ${CMAKE_CURRENT_SOURCE_DIR}/configs | |
| ${CMAKE_CURRENT_SOURCE_DIR}/include | |
| ) | |
| zephyr_library_link_libraries(mbedTLS) |
?
west.yml
Outdated
| - tee | ||
| - name: tf-psa-crypto | ||
| revision: pull/1/head | ||
| path: modules/crypto/mbedtls-4/tf-psa-crypto |
There was a problem hiding this comment.
this places one west project inside another one.
iirc there are some risks associated with this approach, though I don't fully remember.
@mbolivar do you remember anything in this regard ?
| # Linking to "zephyr_interface" doesn't work in these case because these | ||
| # are object libraries so properties are NOT propagated from "zephyr_interface". | ||
| # We need to explicitly do this. | ||
| propagate_from_zephyr_interface(builtin) |
There was a problem hiding this comment.
this comment makes no sense.
Object libraries can link to interface libraries and compiling the sources in the object lib will inherit the properties of the interface lib.
So if that doesn't work, then there is something else wrong in the CMake code / design, and that should be fixed instead.
I can help, but you need to explain the issues in order for me to assist.
There was a problem hiding this comment.
this comment makes no sense.
Object libraries can link to interface libraries and compiling the sources in the object lib will inherit the properties of the interface lib.
I apologize for the wrong comment, but this was based on my empirical knowledge while working on this topic.
The thing is that differently form mbedtls and mbedx509 libraries, tfpsacrypto is made of several object libraries (the ones you see listed here). The problem that I saw is that zephyr_interface properties like CFLAGS or imacros were not propagated to those object libraries.
So if that doesn't work, then there is something else wrong in the CMake code / design, and that should be fixed instead.
Perhaps the problem is in the Mbed TLS/TF-PSA-Crypto CMake files, but fixing that means investigating the problem, creating the upstream PR, having it reviewed and merged. Based on experience and on the fact that they are busy with their own code freeze, quite for sure this PR won't be merged before some week, making this PR missing the 4.4 code freeze deadline for sure.
Not sure @frkv is OK with this.
| # This is used on Secure Storage compilation. | ||
| target_compile_definitions(tfpsacrypto PRIVATE BUILDING_MBEDTLS_CRYPTO) | ||
|
|
||
| # Append built libraries to the list of Zephyr ones. |
There was a problem hiding this comment.
why is this needed ?
The mbedTLS libraries are standard CMake static libs, why do we need them in ZEPHYR_LIBS ?
There was a problem hiding this comment.
I basically "copied" what zephyr_library_named is doing:
add_libraryzephyr_append_cmake_library
Of course in my case I skipped the first step because add_library is being done by Mbed TLS build system
|
|
||
| # Inherit include directories from "source_lib" to "target_lib" using the defined "scope" | ||
| function (inherit_include_directories target_lib scope source_lib) | ||
| get_target_property(source_inc_dirs ${source_lib} INTERFACE_INCLUDE_DIRECTORIES) |
There was a problem hiding this comment.
this is broken.
Using get_target_property() like this will only get the value of the property as it looks at configure time at this moment, and thus any later calls, such as target_include_directories(<target> PUBLIC/INTERFACE <value>) will not be part of this get_target_property().
There was a problem hiding this comment.
Ok, so what's the proper way that I can use to pass the include public directories from mbedtls, mbedx509 and tfpsacrypto to mbedTLS interface lib?
| inherit_include_directories(mbedTLS INTERFACE mbedtls) | ||
| inherit_include_directories(mbedTLS INTERFACE mbedx509) | ||
| inherit_include_directories(mbedTLS INTERFACE tfpsacrypto) |
There was a problem hiding this comment.
do not create functions for this, especially not when such functions are not working correctly.
This can lead to hard-to-debug issues in the future because the code is now very fragile.
| target_sources(builtin PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/tf-psa-crypto/removed/dhm.c) | ||
| target_sources(builtin PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/tf-psa-crypto/removed/des.c) |
There was a problem hiding this comment.
if legacy files are needed, then those should be added in Zephyr repo, not the Zephyr module, see also: zephyrproject-rtos/TF-PSA-Crypto#1 (review)
There was a problem hiding this comment.
Initially I placed them in Zephyr indeed, but then IIRC I got complains from the CI for license issues. I can try to return back to the original implementation, but by any change do you know if Apache-2.0 OR GPL-2.0-or-later is OK for Zephyr?
| # This is required because ESP32 drivers for BT and WiFi still rely on legacy | ||
| # crypto. | ||
| if(CONFIG_ESP32_BT_LE_CRYPTO_STACK_MBEDTLS OR CONFIG_ESP32_WIFI_MBEDTLS_CRYPTO) | ||
| target_sources(builtin PRIVATE ${ZEPHYR_MBEDTLS_MODULE_DIR}/tf-psa-crypto/removed/ecdh.c) |
There was a problem hiding this comment.
is builtin a mbedTLS target or one created by Zephyr ?
Why are we not creating a dedicated legacy lib with the legacy files needed and compile flags, and then link that lib to the new one, to keep things separate and apply extra compile definitions to files which should not have it ?
There was a problem hiding this comment.
builtin is being created by TF-PSA-Crypto.
Why are we not creating a dedicated legacy lib with the legacy files needed and compile flags, and then link that lib to the new one, to keep things separate and apply extra compile definitions to files which should not have it ?
Just tried but it doesn't work. The reason is that even though des, dhm and ecdh belong to the builtin object library, they include files such as tf_psa_crypto_common.h which are in tf-psa-crypto/core folder and that are not exported publicly (so not added to mbedTLS library).
| target_include_directories(app PRIVATE ${ZEPHYR_BASE}/include/) | ||
| target_include_directories(app PRIVATE ${ZEPHYR_BASE}/subsys/net/lib/lwm2m/) | ||
| target_include_directories(app PRIVATE ${ZEPHYR_BASE}/../modules/crypto/mbedtls/include/) | ||
| target_include_directories(app PRIVATE ${ZEPHYR_BASE}/../modules/crypto/mbedtls-4/include/) |
There was a problem hiding this comment.
use the ZEPHYR_<module-name>_MODULE_DIR syntax here and below.
| zephyr_include_directories(${ZEPHYR_BASE}/subsys/net/lib/wifi_credentials/) | ||
| zephyr_include_directories(${ZEPHYR_TRUSTED_FIRMWARE_M_MODULE_DIR}/interface/include/) | ||
| zephyr_include_directories(${ZEPHYR_BASE}/../modules/crypto/mbedtls/include/) | ||
| zephyr_include_directories(${ZEPHYR_BASE}/../modules/crypto/mbedtls-3.6/include/) |
There was a problem hiding this comment.
use the ZEPHYR_<module-name>_MODULE_DIR syntax here.
There was a problem hiding this comment.
Nope, that's targetting Mbed TLS 3.6 (build with TF-M) and if zephyrproject-rtos/mbedtls#82 is merged then mbedtls-3.6 won´t be a module
| # Remove optimization otherwise the build will fail when building on 64 bits | ||
| # platforms. Reason: TF-PSA-Crypto includes some assembly optimizations in bignum | ||
| # module. When building for "native_sim/native" the compiler tries to build | ||
| # with 32 bit compatible mode, but assembly function doesn't match and the build | ||
| # just fails. | ||
| CONFIG_NO_OPTIMIZATIONS=y |
|
#AutoPTS run zephyr SM |
|
Scheduled PR #104031 (comment), board: native+nrf54, estimated start time: 16:53:42, test case count: 67, estimated duration: 0:32:40 Test cases to be runSM/CEN/PROT/BV-01-CSM/CEN/JW/BV-01-C SM/CEN/JW/BV-05-C SM/CEN/JW/BI-04-C SM/CEN/JW/BI-01-C SM/CEN/JW/BI-06-C SM/CEN/PKE/BV-01-C SM/CEN/PKE/BV-04-C SM/CEN/PKE/BI-01-C SM/CEN/PKE/BI-02-C SM/CEN/PKE/BI-03-C SM/CEN/OOB/BV-01-C SM/CEN/OOB/BV-03-C SM/CEN/OOB/BV-09-C SM/CEN/OOB/BI-01-C SM/CEN/EKS/BV-01-C SM/CEN/EKS/BI-01-C SM/CEN/KDU/BV-05-C SM/CEN/KDU/BV-06-C SM/CEN/KDU/BV-10-C SM/CEN/KDU/BI-04-C SM/CEN/PIS/BV-02-C SM/CEN/PIS/BV-03-C SM/CEN/SCJW/BV-01-C SM/CEN/SCJW/BV-04-C SM/CEN/SCJW/BI-01-C SM/CEN/SCPK/BV-01-C SM/CEN/SCPK/BV-04-C SM/CEN/SCPK/BI-01-C SM/CEN/SCPK/BI-02-C SM/CEN/SCOB/BV-01-C SM/CEN/SCOB/BV-04-C SM/CEN/SCOB/BI-01-C SM/CEN/SCOB/BI-04-C SM/PER/PROT/BV-02-C SM/PER/JW/BV-02-C SM/PER/JW/BI-03-C SM/PER/JW/BI-02-C SM/PER/PKE/BV-02-C SM/PER/PKE/BV-05-C SM/PER/PKE/BI-03-C SM/PER/OOB/BV-02-C SM/PER/OOB/BV-04-C SM/PER/OOB/BV-10-C SM/PER/OOB/BI-02-C SM/PER/EKS/BV-02-C SM/PER/EKS/BI-02-C SM/PER/KDU/BV-01-C SM/PER/KDU/BV-02-C SM/PER/KDU/BV-07-C SM/PER/KDU/BV-08-C SM/PER/KDU/BI-02-C SM/PER/KDU/BI-03-C SM/PER/KDU/BI-04-C SM/PER/PIS/BV-01-C SM/PER/PIS/BV-02-C SM/PER/SCJW/BV-02-C SM/PER/SCJW/BV-03-C SM/PER/SCJW/BI-02-C SM/PER/SCPK/BV-02-C SM/PER/SCPK/BV-03-C SM/PER/SCPK/BI-03-C SM/PER/SCPK/BI-04-C SM/PER/SCOB/BV-02-C SM/PER/SCOB/BV-03-C SM/PER/SCOB/BI-02-C SM/PER/SCOB/BI-03-C |
|
AutoPTS Bot results: Successful tests (67)SM SM/CEN/EKS/BI-01-C PASSSM SM/CEN/EKS/BV-01-C PASS SM SM/CEN/JW/BI-01-C PASS SM SM/CEN/JW/BI-04-C PASS SM SM/CEN/JW/BI-06-C PASS SM SM/CEN/JW/BV-01-C PASS SM SM/CEN/JW/BV-05-C PASS SM SM/CEN/KDU/BI-04-C PASS SM SM/CEN/KDU/BV-05-C PASS SM SM/CEN/KDU/BV-06-C PASS SM SM/CEN/KDU/BV-10-C PASS SM SM/CEN/OOB/BI-01-C PASS SM SM/CEN/OOB/BV-01-C PASS (2) SM SM/CEN/OOB/BV-03-C PASS SM SM/CEN/OOB/BV-09-C PASS SM SM/CEN/PIS/BV-02-C PASS SM SM/CEN/PIS/BV-03-C PASS SM SM/CEN/PKE/BI-01-C PASS SM SM/CEN/PKE/BI-02-C PASS SM SM/CEN/PKE/BI-03-C PASS SM SM/CEN/PKE/BV-01-C PASS SM SM/CEN/PKE/BV-04-C PASS SM SM/CEN/PROT/BV-01-C PASS SM SM/CEN/SCJW/BI-01-C PASS SM SM/CEN/SCJW/BV-01-C PASS SM SM/CEN/SCJW/BV-04-C PASS SM SM/CEN/SCOB/BI-01-C PASS (2) SM SM/CEN/SCOB/BI-04-C PASS SM SM/CEN/SCOB/BV-01-C PASS SM SM/CEN/SCOB/BV-04-C PASS SM SM/CEN/SCPK/BI-01-C PASS SM SM/CEN/SCPK/BI-02-C PASS SM SM/CEN/SCPK/BV-01-C PASS SM SM/CEN/SCPK/BV-04-C PASS SM SM/PER/EKS/BI-02-C PASS SM SM/PER/EKS/BV-02-C PASS SM SM/PER/JW/BI-02-C PASS SM SM/PER/JW/BI-03-C PASS SM SM/PER/JW/BV-02-C PASS SM SM/PER/KDU/BI-02-C PASS SM SM/PER/KDU/BI-03-C PASS SM SM/PER/KDU/BI-04-C PASS SM SM/PER/KDU/BV-01-C PASS SM SM/PER/KDU/BV-02-C PASS SM SM/PER/KDU/BV-07-C PASS SM SM/PER/KDU/BV-08-C PASS SM SM/PER/OOB/BI-02-C PASS SM SM/PER/OOB/BV-02-C PASS SM SM/PER/OOB/BV-04-C PASS SM SM/PER/OOB/BV-10-C PASS SM SM/PER/PIS/BV-01-C PASS SM SM/PER/PIS/BV-02-C PASS SM SM/PER/PKE/BI-03-C PASS SM SM/PER/PKE/BV-02-C PASS SM SM/PER/PKE/BV-05-C PASS SM SM/PER/PROT/BV-02-C PASS SM SM/PER/SCJW/BI-02-C PASS SM SM/PER/SCJW/BV-02-C PASS SM SM/PER/SCJW/BV-03-C PASS SM SM/PER/SCOB/BI-02-C PASS SM SM/PER/SCOB/BI-03-C PASS SM SM/PER/SCOB/BV-02-C PASS SM SM/PER/SCOB/BV-03-C PASS SM SM/PER/SCPK/BI-03-C PASS SM SM/PER/SCPK/BI-04-C PASS SM SM/PER/SCPK/BV-02-C PASS SM SM/PER/SCPK/BV-03-C PASS |
|
Rebased to fix CI failures. |
Extend manifest adding projects for: - Mbed TLS 4.1 - TF-PSA-Crypto 1.1 - Framework for Mbed TLS. The version is the one being pointed to Mbed TLS in upstream project. - Framework for TF-PSA-Crypto. The version is the one being pointed to TF-PSA-Crypto in upstream project. - Mldsa-native. The version is the one being pointed to TF-PSA-Crypto in upstream project. Previous Mbed TLS (v3.6.5) is kept because it's still required to build TF-M. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add maintainers for "mbedtls-3.6" project. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Include a fix for replacing usage of legacy crypto with PSA Crypto API and to prepare for tf-psa-crypto transition. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
…o 1.x Since Mbed TLS and TF-PSA-Crypto are now build based on CMake files as well, instead of manually selecting source files, include folders and building libraries, simply use "add_subdirectory()" and then link the generated libraries. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
TF-PSA-Crypto now requires a different configuration header file compared to Mbed TLS. This commit adds 2 files: - Kconfig.tf-psa-crypto - config-tf-psa-crypto.h which behave exactly the same as for their Mbed TLS counterparts, but for TF-PSA-Crypto. Kconfigs and #defines were migrated from Mbed TLS to TF-PSA-Crypto. This commit didn't implement any re-organization/cleanup/change, but it's just moving lines between files. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
ENTROPY_C is now an internal module in tf-psa-crypto so it cannot be included directly. So first thing all error codes are changed to standard Zephyr ones. Moreover MBEDTLS_ENTROPY_HARDWARE_ALT, MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES were removed. Now the platform must define MBEDTLS_PSA_DRIVER_GET_ENTROPY when not using MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. Due to the build symbol name change CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR is modified to CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY to make a 1:1 match between Kconfig and build symbol. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
tf-psa-crypto deprecated usage of some build symbols and if they are still specified at build time the build will fail. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
"config-psa.h" contains all the Kconfig -> build symbols matching for the "PSA_WANT_xxx", whereas "config-tf-psa-crypto.h" contains the same mapping for the "MBEDTLS_xxx" stuff. However tf-psa-crypto wants a single file with all the configurations in it, so let the latter include the former. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is necessary to resolve a wrong dependency between build symbols that should be moved to Kconfig in the future. The comments added in this commit explain this in detail. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
DES and elliptic curves secp192r1, secp192k1 and secp224r1 were removed from tf-psa-crypto. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add Kconfigs for major.minor.patch numbers. These information can be helpful to condition some setting of Mbed TLS. New Kconfigs are intentionally added outside of the MBEDTLS guard in order to avoid cyclic dependencies problem. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a Kconfig which still allows to get access to legacy (now internal) Mbed TLS crypto. Legacy header files are copied out of the private folder into the build directory and the folder is the added to the Zephyr build. Morevoer MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS is also set in the Mbed TLS build in order to access functions and macros that wouldn't be accessible otherwise. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is temporary as TF-M is supposed to jump to TF-PSA-Crypto soon. However since also Zephyr is transitioning to Mbed TLS/TF-PSA-Crypto right now, it's better to limit to number of simultaneous changes, so for the time keep TF-M relying on Mbed TLS 3.6. In order to keep building with Mbed TLS 3.6 the previous configuration header file is resumed and renamed appropriately. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This allows NS app to have these headers available at build time without any need to extend its CMake file to explicitly link to "tfm_api" zephyr library. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Select only PSA_WANT and remove usage of legacy crypto. Extend also Mbed TLS's CMake to build a library which includes legacy Mbed TLS crypto modules that were removed from TF-PSA-Crypto. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Both PK and TLS now rely on PSA generate random to get random data so end users (i.e. sockets_tls in this case) don't need to manually specify this anymore. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Minor changes that are required in order to move from Mbed TLS 3.6.5 to TF-PSA-Crypto 1.x: - "psa_crypto_driver_wrappers.h" has been relocated - some extra include folders are required because they are directly included from "psa_crypto_driver_wrappers.h" but not exported from "mbedTLS" library since they are meant to remain private. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
- replace legacy Kconfigs with corresponding PSA_WANT ones. - extend Mbed TLS' CMake file in order to include these legacy ecdh module that was removed from TF-PSA-Crypto when ESP32 BT and WiFi drivers are built. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This Kconfig enables legacy Mbed TLS crypto support that is now no more available. Kconfig OPENTHREAD_CRYPTO_PSA_CONFIG was already the default and now it's left as the only choice. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is a temporary fix for the time in which file "modules/mbedtls/configs/config-mbedtls-3.6.5.h" is still in the Zephyr codebase. This file is required because TF-M still builds using the old version of Mbed TLS which is v3.6.5. Once TF-M version will be bumped to 2.3 it will rely on TF-PSA-Crypto for its build and therefore this configuration file and this exception can be removed. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
These tests directly reference Mbed TLS/TF-PSA-Crypto include path in their CMakeLists file. This commits adjust the path with new values. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
TF-PSA-Crypto's bignum module includes some assembly optimization for x86, x86_64 and ARM64 platforms. When building for "native_sim/native" on a 64 bit platform the compiler tries to set 32 bit compatibility mode, but of course assembly functions between 32 and 64 bits architectures don't match and therefore the build fails. Disabling optimizations prevents TF-PSA-Crypto from trying to use assembly and the test passes. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Remove legacy crypto configuration build symbols that are used in: mcux/middleware/wifi_nxp/incl/port/mbedtls/wpa_supp_dcp_mbedtls_config.h Signed-off-by: Valerio Setti <vsetti@baylibre.com>
|
13 participants
Implement all the necessary changes which are required to transition from Mbed TLS 3.6.5 to Mbed TLS 4.x:
So far only HostAP work need to be finalized.