From 4dea31dc24647c2d969bd678119e23b00bc6dc76 Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 2 Nov 2017 19:45:07 +0000
Subject: [PATCH 1/2] Enable MBEDTLS_FS_IO whenever possible

We enable MBEDTLS_FS_IO whenever MBED_CONF_FILESYSTEM_PRESENT is
defined in mbed OS. It is assumed that MBED_CONF_FILESYSTEM_PRESENT
defines at least the filesystem functionality required by MBEDTLS_FS_IO
---
 features/mbedtls/platform/inc/platform_mbed.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/features/mbedtls/platform/inc/platform_mbed.h b/features/mbedtls/platform/inc/platform_mbed.h
index 8632ec03283..7ad33505a06 100644
--- a/features/mbedtls/platform/inc/platform_mbed.h
+++ b/features/mbedtls/platform/inc/platform_mbed.h
@@ -21,6 +21,10 @@
 #define MBEDTLS_ENTROPY_HARDWARE_ALT
 #endif
 
+#if defined(MBED_CONF_FILESYSTEM_PRESENT)
+#define MBEDTLS_FS_IO
+#endif
+
 #if defined(MBEDTLS_CONFIG_HW_SUPPORT)
 #include "mbedtls_device.h"
 #endif

From f922586dd6e9ebf36f06e79f6fb1567befa7224f Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <Andres.AmayaGarcia@arm.com>
Date: Thu, 2 Nov 2017 19:47:51 +0000
Subject: [PATCH 2/2] Modify mbed TLS config.h to use NV seed

The config.h now takes into consideration whether the mbed TLS NV Seed
feature is present to decide which configuration is actually going to
be used.
---
 features/mbedtls/importer/adjust-config.sh | 42 ++++++++++++----------
 features/mbedtls/inc/mbedtls/config.h      | 14 +++++---
 2 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh
index a41cf72dcfb..59deb4e8c10 100755
--- a/features/mbedtls/importer/adjust-config.sh
+++ b/features/mbedtls/importer/adjust-config.sh
@@ -37,28 +37,33 @@ add_code() {
 
 # add an #ifndef to include config-no-entropy.h when the target does not have
 # an entropy source we can use.
-add_code                                                                                  \
-    "#ifndef MBEDTLS_CONFIG_H\n"                                                          \
-    "\n"                                                                                  \
-    "#include \"platform\/inc\/platform_mbed.h\"\n"                                       \
-    "\n"                                                                                  \
-    "\/*\n"                                                                               \
-    " * Only use features that do not require an entropy source when\n"                   \
-    " * DEVICE_ENTROPY_SOURCE is not defined in mbed OS.\n"                               \
-    " *\/\n"                                                                              \
-    "#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY)\n" \
-    "#include \"mbedtls\/config-no-entropy.h\"\n"                                         \
-    "\n"                                                                                  \
-    "#if defined(MBEDTLS_USER_CONFIG_FILE)\n"                                             \
-    "#include MBEDTLS_USER_CONFIG_FILE\n"                                                 \
-    "#endif\n"                                                                            \
-    "\n"                                                                                  \
+add_code                                                                \
+    "#ifndef MBEDTLS_CONFIG_H\n"                                        \
+    "\n"                                                                \
+    "#include \"platform\/inc\/platform_mbed.h\"\n"                     \
+    "\n"                                                                \
+    "\/*\n"                                                             \
+    " * Only use features that do not require an entropy source when\n" \
+    " * this is not available in Mbed OS. For more information on\n"    \
+    " * Mbed TLS entropy options please refer to entropy.h\n"           \
+    " *\/\n"                                                            \
+    "#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && \\\\\n"              \
+    "    !defined(MBEDTLS_TEST_NULL_ENTROPY) && \\\\\n"                 \
+    "    !defined(MBEDTLS_ENTROPY_NV_SEED)\n"                           \
+    "#include \"mbedtls\/config-no-entropy.h\"\n"                       \
+    "\n"                                                                \
+    "#if defined(MBEDTLS_USER_CONFIG_FILE)\n"                           \
+    "#include MBEDTLS_USER_CONFIG_FILE\n"                               \
+    "#endif\n"                                                          \
+    "\n"                                                                \
     "#else\n"
 
 add_code                                                                              \
     "#include \"check_config.h\"\n"                                                   \
     "\n"                                                                              \
-    "#endif \/* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY *\/\n"    \
+    "#endif \/* !MBEDTLS_ENTROPY_HARDWARE_ALT &&\n"                                   \
+    "        * !MBEDTLS_TEST_NULL_ENTROPY &&\n"                                       \
+    "        * !MBEDTLS_ENTROPY_NV_SEED *\/\n"                                        \
     "\n"                                                                              \
     "#if defined(MBEDTLS_TEST_NULL_ENTROPY)\n"                                        \
     "#warning \"MBEDTLS_TEST_NULL_ENTROPY has been enabled. This \" \\\\\n"           \
@@ -66,7 +71,8 @@ add_code
     "#endif\n"                                                                        \
     "\n"                                                                              \
     "#if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \\\\\n" \
-    "    !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)\n"                                    \
+    "    !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && \\\\\n"                            \
+    "    !defined(MBEDTLS_ENTROPY_NV_SEED)\n"                                         \
     "#error \"No entropy source was found at build time, so TLS \" \\\\\n"            \
     "    \"functionality is not available\"\n"                                        \
     "#endif\n"
diff --git a/features/mbedtls/inc/mbedtls/config.h b/features/mbedtls/inc/mbedtls/config.h
index 7c8c2fade35..063176784cb 100644
--- a/features/mbedtls/inc/mbedtls/config.h
+++ b/features/mbedtls/inc/mbedtls/config.h
@@ -31,9 +31,12 @@
 
 /*
  * Only use features that do not require an entropy source when
- * DEVICE_ENTROPY_SOURCE is not defined in mbed OS.
+ * this is not available in Mbed OS. For more information on
+ * Mbed TLS entropy options please refer to entropy.h
  */
-#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && !defined(MBEDTLS_TEST_NULL_ENTROPY)
+#if !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && \
+    !defined(MBEDTLS_TEST_NULL_ENTROPY) && \
+    !defined(MBEDTLS_ENTROPY_NV_SEED)
 #include "mbedtls/config-no-entropy.h"
 
 #if defined(MBEDTLS_USER_CONFIG_FILE)
@@ -2731,7 +2734,9 @@
 
 #include "check_config.h"
 
-#endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT && !MBEDTLS_TEST_NULL_ENTROPY */
+#endif /* !MBEDTLS_ENTROPY_HARDWARE_ALT &&
+        * !MBEDTLS_TEST_NULL_ENTROPY &&
+        * !MBEDTLS_ENTROPY_NV_SEED */
 
 #if defined(MBEDTLS_TEST_NULL_ENTROPY)
 #warning "MBEDTLS_TEST_NULL_ENTROPY has been enabled. This " \
@@ -2739,7 +2744,8 @@
 #endif
 
 #if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-    !defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+    !defined(MBEDTLS_ENTROPY_HARDWARE_ALT) && \
+    !defined(MBEDTLS_ENTROPY_NV_SEED)
 #error "No entropy source was found at build time, so TLS " \
     "functionality is not available"
 #endif