The config.py script that adjusts config.h in Mbed TLS doesn't
handle having configurations being defined in it multiple times
very well. As Mbed OS needs to have certain configurations settings
based on what features are set, these code additions to config.h
are moved to being added after the rest of the configuration is
adjusted.
Configure Mbed TLS to automatically enable PSA as needed. When Mbed OS
is configured to use PSA, configure Mbed TLS to use PSA. This prevents
leaking of the "how to make Mbed TLS use PSA" knowledge up into
targets.json, and thus makes porting simpler. There is now one place
where "how to make TLS use PSA" exists rather than repeated throughout
targets.json for each target that can't inherit from PSA_Target.
The Mbed TLS import script is quite fragile, and depends on certain lines to be
present in the files it adjusts to be able to do the modifications it needs to
to allow Mbed TLS to build within Mbed OS.
Thsi commit changes the `adjust-config.sh` script to look for a the end of the
config.h file, defined as "#endif /* MBEDTLS_CONFIG_H */" rather than the
include line for "check_config.h".
That's because the inclusion of "check_config.h" is being removed upstream in
Mbed TLS to fix another issue.
Mbed Crypto has been remerged back into Mbed TLS. Update the
Mbed TLS importer script with the relevant parts of the
Mbed Crypto importer.
Signed-off-by: Darryl Green <darryl.green@arm.com>
This commit makes the storage configurations - setting
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and unsetting
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C - dependent on the PSA label being defined for
the target.
Previously these symbols were always defined for all platforms which could
cause problems for targets that don't yet support PSA.
Reduce the default size of `MBEDTLS_MPI_MAX_SIZE` to 512 bytes,
as the default 1024 consumes much stack, and supporting RSA 4096 bit
may suffice at the moment.
The new PSA-aware Mbed TLS importer script calls `config.pl` on the
Mbed TLS config.h to set the PSA configuration option
MBEDTLS_PSA_CRYPTO_STORAGE_C which isn't documented in config.h.
config.pl therefore fails, and so does the importer.
This commit fixes this by calling `config.pl` with the `--force`
option which amends the given `config.h` by a `#define` for the
requested option if the option isn't present in the file.
Although "nv_seed" is one of "entropy", it doesn't included to the "!defined" lineup in the following config file.
Therefore, when MBEDTLS_ENTROPY_NV_SEED is defined, it is accidently invoked "mbedtls/config-no-entropy.h".
mbed-os\features\mbedtls\inc\mbedtls\config.h
I think that correct processing should go to line 47, not line 40.
Enable the compile-time option MBEDTLS_AES_ROM_TABLES in the mbed TLS
main config.h file in mbed OS. This option has the effect of labelling
the AES tables as 'const' so they are placed in ROM, which saves some
RAM space.
Darryl Green
Jaeden Amero
Simon Butcher
Ron Eldor
Hanno Becker
itayzafrir
Cruz Monrreal
Krzysztof Stachowiak
TomoYamanaka
Andres Amaya Garcia
Sam Grove