Draft
Conversation
github-actions
bot
added
manifest
manifest-trusted-firmware-m
DNM (manifest)
ceolin
force-pushed
the
modules/tfm
branch
5 times, most recently
from
ccebae3 to
6954db3
Compare
Extend manifest adding projects for: - Mbed TLS 4.1 - TF-PSA-Crypto 1.1 - Framework for Mbed TLS. The version is the one being pointed to Mbed TLS in upstream project. - Framework for TF-PSA-Crypto. The version is the one being pointed to TF-PSA-Crypto in upstream project. - Mldsa-native. The version is the one being pointed to TF-PSA-Crypto in upstream project. Previous Mbed TLS (v3.6.5) is kept because it's still required to build TF-M. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add maintainers for "mbedtls-3.6" project. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Include a fix for replacing usage of legacy crypto with PSA Crypto API and to prepare for tf-psa-crypto transition. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
…o 1.x Since Mbed TLS and TF-PSA-Crypto are now build based on CMake files as well, instead of manually selecting source files, include folders and building libraries, simply use "add_subdirectory()" and then link the generated libraries. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
TF-PSA-Crypto now requires a different configuration header file compared to Mbed TLS. This commit adds 2 files: - Kconfig.tf-psa-crypto - config-tf-psa-crypto.h which behave exactly the same as for their Mbed TLS counterparts, but for TF-PSA-Crypto. Kconfigs and #defines were migrated from Mbed TLS to TF-PSA-Crypto. This commit didn't implement any re-organization/cleanup/change, but it's just moving lines between files. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
ENTROPY_C is now an internal module in tf-psa-crypto so it cannot be included directly. So first thing all error codes are changed to standard Zephyr ones. Moreover MBEDTLS_ENTROPY_HARDWARE_ALT, MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES were removed. Now the platform must define MBEDTLS_PSA_DRIVER_GET_ENTROPY when not using MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG. Due to the build symbol name change CONFIG_MBEDTLS_ENTROPY_POLL_ZEPHYR is modified to CONFIG_MBEDTLS_PSA_DRIVER_GET_ENTROPY to make a 1:1 match between Kconfig and build symbol. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
tf-psa-crypto deprecated usage of some build symbols and if they are still specified at build time the build will fail. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
"config-psa.h" contains all the Kconfig -> build symbols matching for the "PSA_WANT_xxx", whereas "config-tf-psa-crypto.h" contains the same mapping for the "MBEDTLS_xxx" stuff. However tf-psa-crypto wants a single file with all the configurations in it, so let the latter include the former. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is necessary to resolve a wrong dependency between build symbols that should be moved to Kconfig in the future. The comments added in this commit explain this in detail. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
DES and elliptic curves secp192r1, secp192k1 and secp224r1 were removed from tf-psa-crypto. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add Kconfigs for major.minor.patch numbers. These information can be helpful to condition some setting of Mbed TLS. New Kconfigs are intentionally added outside of the MBEDTLS guard in order to avoid cyclic dependencies problem. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add a Kconfig which still allows to get access to legacy (now internal) Mbed TLS crypto. Legacy header files are copied out of the private folder into the build directory and the folder is the added to the Zephyr build. Morevoer MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS is also set in the Mbed TLS build in order to access functions and macros that wouldn't be accessible otherwise. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This allows NS app to have these headers available at build time without any need to extend its CMake file to explicitly link to "tfm_api" zephyr library. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Select only PSA_WANT and remove usage of legacy crypto. Extend also Mbed TLS's CMake to build a library which includes legacy Mbed TLS crypto modules that were removed from TF-PSA-Crypto. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Both PK and TLS now rely on PSA generate random to get random data so end users (i.e. sockets_tls in this case) don't need to manually specify this anymore. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Minor changes that are required in order to move from Mbed TLS 3.6.5 to TF-PSA-Crypto 1.x: - "psa_crypto_driver_wrappers.h" has been relocated - some extra include folders are required because they are directly included from "psa_crypto_driver_wrappers.h" but not exported from "mbedTLS" library since they are meant to remain private. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
- replace legacy Kconfigs with corresponding PSA_WANT ones. - extend Mbed TLS' CMake file in order to include these legacy ecdh module that was removed from TF-PSA-Crypto when ESP32 BT and WiFi drivers are built. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This Kconfig enables legacy Mbed TLS crypto support that is now no more available. Kconfig OPENTHREAD_CRYPTO_PSA_CONFIG was already the default and now it's left as the only choice. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is a temporary fix for the time in which file "modules/mbedtls/configs/config-mbedtls-3.6.5.h" is still in the Zephyr codebase. This file is required because TF-M still builds using the old version of Mbed TLS which is v3.6.5. Once TF-M version will be bumped to 2.3 it will rely on TF-PSA-Crypto for its build and therefore this configuration file and this exception can be removed. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
These tests directly reference Mbed TLS/TF-PSA-Crypto include path in their CMakeLists file. This commits adjust the path with new values. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
TF-PSA-Crypto's bignum module includes some assembly optimization for x86, x86_64 and ARM64 platforms. When building for "native_sim/native" on a 64 bit platform the compiler tries to set 32 bit compatibility mode, but of course assembly functions between 32 and 64 bits architectures don't match and therefore the build fails. Disabling optimizations prevents TF-PSA-Crypto from trying to use assembly and the test passes. Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Remove legacy crypto configuration build symbols that are used in: mcux/middleware/wifi_nxp/incl/port/mbedtls/wpa_supp_dcp_mbedtls_config.h Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Bump TF-M upstream targeting TF-M 2.3. Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com> (cherry picked from commit 65395c285f96d24794912ac415e0e85a64945458) (cherry picked from commit 845d04f)
Tell TF-M build system to use PICOLIBC to avoid linkage issues. Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com> (cherry picked from commit 314016c962d671061de5fd7c84ab34492afcbaa2) (cherry picked from commit ca3c2e2)
Update CMSIS_6 to fix a build issue with TF-M. Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com> (cherry picked from commit 6954db3)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bump TF-M upstream targeting TF-M 2.3.