-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import Mbed TLS v2.15.0 with Mbed Crypto #8859
Import Mbed TLS v2.15.0 with Mbed Crypto #8859
Conversation
Who should review this one? |
c3136de
to
6802df9
Compare
Rebased to use the official Mbed TLS 2.15.0 release instead of a release candidate. |
6802df9
to
d498c25
Compare
features/mbedtls/importer/Makefile
Outdated
# New folder structure is introduced here for targets with Secured-Partition-Environment | ||
# and Non-Secured-Partition-Environment, below documentation for each folder: | ||
# COMPONENT_PSA_SRV_IMPL - include secure service business logic implementation | ||
# code. For example mbedCrytpo or secure time core logic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: mbedCrypto
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
5db8396
to
0493f2e
Compare
features/mbedtls/importer/Makefile
Outdated
TARGET_SPE:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_SPE | ||
# The folder contain specific target implementation using hardware. | ||
TARGET_PSA_DRIVERS:=$(TARGET_PREFIX_CRYPTO)/targets | ||
# COMPONENT_NSPE - include code that compiles ONLY to snon-secure image and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably be non-secure, unless snon has some meaning
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in original commit that made the mistake
TARGET_SRC:=$(TARGET_PREFIX)src | ||
TARGET_INC:=$(TARGET_PREFIX)inc | ||
TARGET_TESTS:=$(TARGET_PREFIX)TESTS | ||
|
||
# New folder structure is introduced here for targets with Secured-Partition-Environment |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about targets that don't have an SPM? Won't they be missing some files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jaeden points me to https://github.com/ARMmbed/Mbed-PSA-Services-Docs/blob/master/build-system/rfc.md which says that those targets will get the files via PSA_SRV_IMPL
. Looks ok then. CI should catch a missing file anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's complicated how files are includes on targets with or without SPM. See https://github.com/ARMmbed/Mbed-PSA-Services-Docs/blob/master/build-system/rfc.md for details on the labeling and component system used.
Record the version of Mbed Crypto into VERSION.txt for easy reference.
In adjust-config.h, set and unset Mbed Crypto storage configuration options in order to use persistent keys with PSA ITS storage.
The new PSA-aware Mbed TLS importer script calls `config.pl` on the Mbed TLS config.h to set the PSA configuration option MBEDTLS_PSA_CRYPTO_STORAGE_C which isn't documented in config.h. config.pl therefore fails, and so does the importer. This commit fixes this by calling `config.pl` with the `--force` option which amends the given `config.h` by a `#define` for the requested option if the option isn't present in the file.
0493f2e
to
3900b81
Compare
CI job triggered |
Test run: SUCCESSSummary: 4 of 4 test jobs passed |
Description
This PR supercedes #8723 and imports Mbed TLS and Mbed Crypto into Mbed OS.
This PR depends on:
Note that it's okay to merge this without #8730, it just means that when an application opts in to use PSA, they can't use persistent keys with the PSA ITS backend (only files).
Pull request type