TF-M provides its own PSA headers for TF-M targets. Single v7-M targets
need to get PSA crypto from Mbed Crypto.
Note that we don't yet move crypto_struct.h to its new location. This is
to avoid breaking v8-M targets for the time being. When TF-M provides
the PSA implementation on v8-M, we will add crypto_struct.h to the
correct place.
Likewise, none of the PSA-implementing source is moved out of
COMPONENT_PSA_SRV_IMPL yet, as still must not be built for PSA NS
targets. When PSA NS targets switch to using TF-M provided
implementations rather than MBED_PSA_SRV, we can take the source out of
COMPONENT_PSA_SRV_IMPL.
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Mbed Crypto has been remerged back into Mbed TLS. Update the
Mbed TLS importer script with the relevant parts of the
Mbed Crypto importer.
Signed-off-by: Darryl Green <darryl.green@arm.com>
Both Mbed TLS and Mbed Crypto libraries doesn't contain
`apache-2.0.txt` anymore. Do not access those files in the importer
script.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
In Mbed OS, there are configuration options with Mbed TLS that we
are more comfortable allowing than we do with Mbed TLS on its own.
Add a check-config adjusting script to enable removing or changing
options in check_config.h
When importing development releases of Mbed TLS into Mbed OS, it is
useful to be able to know a the particular git commit hash that was
imported. This change avoids ever creating a VERSION.txt for Mbed TLS
containing only "development", which is fairly useless since one doesn't
know where the development branch was at the time of import.
Before moving to the new release of Mbed TLS, this moves the default imported
version of Mbed TLS to the development branch, and will import the HEAD of the
branch, not just a specific release.
This commit makes the storage configurations - setting
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and unsetting
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C - dependent on the PSA label being defined for
the target.
Previously these symbols were always defined for all platforms which could
cause problems for targets that don't yet support PSA.
This commit makes the repo used to import new Mbed TLS versions into Mbed OS
a parameter, to allow CI scripts (and any other script or users) to specify
specific repos to use for testing.
Reduce the default size of `MBEDTLS_MPI_MAX_SIZE` to 512 bytes,
as the default 1024 consumes much stack, and supporting RSA 4096 bit
may suffice at the moment.
The new PSA-aware Mbed TLS importer script calls `config.pl` on the
Mbed TLS config.h to set the PSA configuration option
MBEDTLS_PSA_CRYPTO_STORAGE_C which isn't documented in config.h.
config.pl therefore fails, and so does the importer.
This commit fixes this by calling `config.pl` with the `--force`
option which amends the given `config.h` by a `#define` for the
requested option if the option isn't present in the file.
Although "nv_seed" is one of "entropy", it doesn't included to the "!defined" lineup in the following config file.
Therefore, when MBEDTLS_ENTROPY_NV_SEED is defined, it is accidently invoked "mbedtls/config-no-entropy.h".
mbed-os\features\mbedtls\inc\mbedtls\config.h
I think that correct processing should go to line 47, not line 40.
Enable the compile-time option MBEDTLS_AES_ROM_TABLES in the mbed TLS
main config.h file in mbed OS. This option has the effect of labelling
the AES tables as 'const' so they are placed in ROM, which saves some
RAM space.
Darryl Green
Jaeden Amero
Devaraj Ranganna
k-stachowiak
Simon Butcher
Cruz Monrreal
Ron Eldor
Jaeden Amero
Hanno Becker
itayzafrir
Mohammad AboMokh
Krzysztof Stachowiak
TomoYamanaka
Martin Kojtal
Andres Amaya Garcia