Import Mbed TLS v2.15.0 with Mbed Crypto #8859
Conversation
Patater
changed the title
|
Who should review this one? |
Patater
changed the title
Patater
force-pushed
the
dev/Patater/import-mbed-tls-and-crypto
branch
from
c3136de
to
6802df9
Compare
|
Rebased to use the official Mbed TLS 2.15.0 release instead of a release candidate. |
Patater
force-pushed
the
dev/Patater/import-mbed-tls-and-crypto
branch
from
6802df9
to
d498c25
Compare
features/mbedtls/importer/Makefile
Outdated
| # New folder structure is introduced here for targets with Secured-Partition-Environment | ||
| # and Non-Secured-Partition-Environment, below documentation for each folder: | ||
| # COMPONENT_PSA_SRV_IMPL - include secure service business logic implementation | ||
| # code. For example mbedCrytpo or secure time core logic |
Patater
changed the title
Patater
force-pushed
the
dev/Patater/import-mbed-tls-and-crypto
branch
from
5db8396
to
0493f2e
Compare
features/mbedtls/importer/Makefile
Outdated
| TARGET_SPE:=$(TARGET_PREFIX_CRYPTO)/platform/TARGET_PSA/COMPONENT_SPE | ||
| # The folder contain specific target implementation using hardware. | ||
| TARGET_PSA_DRIVERS:=$(TARGET_PREFIX_CRYPTO)/targets | ||
| # COMPONENT_NSPE - include code that compiles ONLY to snon-secure image and |
There was a problem hiding this comment.
Should probably be non-secure, unless snon has some meaning
There was a problem hiding this comment.
Fixed in original commit that made the mistake
| TARGET_SRC:=$(TARGET_PREFIX)src | ||
| TARGET_INC:=$(TARGET_PREFIX)inc | ||
| TARGET_TESTS:=$(TARGET_PREFIX)TESTS | ||
|
|
||
| # New folder structure is introduced here for targets with Secured-Partition-Environment |
There was a problem hiding this comment.
What about targets that don't have an SPM? Won't they be missing some files?
There was a problem hiding this comment.
Jaeden points me to https://github.com/ARMmbed/Mbed-PSA-Services-Docs/blob/master/build-system/rfc.md which says that those targets will get the files via PSA_SRV_IMPL. Looks ok then. CI should catch a missing file anyway.
There was a problem hiding this comment.
It's complicated how files are includes on targets with or without SPM. See https://github.com/ARMmbed/Mbed-PSA-Services-Docs/blob/master/build-system/rfc.md for details on the labeling and component system used.
Record the version of Mbed Crypto into VERSION.txt for easy reference.
In adjust-config.h, set and unset Mbed Crypto storage configuration options in order to use persistent keys with PSA ITS storage.
The new PSA-aware Mbed TLS importer script calls `config.pl` on the Mbed TLS config.h to set the PSA configuration option MBEDTLS_PSA_CRYPTO_STORAGE_C which isn't documented in config.h. config.pl therefore fails, and so does the importer. This commit fixes this by calling `config.pl` with the `--force` option which amends the given `config.h` by a `#define` for the requested option if the option isn't present in the file.
Patater
force-pushed
the
dev/Patater/import-mbed-tls-and-crypto
branch
from
0493f2e
to
3900b81
Compare
CI job triggered |
0xc0170
added
release-version: 5.11.0-rc1
priority: high
and removed
needs: review
labels
Test run: SUCCESSSummary: 4 of 4 test jobs passed |
Description
This PR supercedes #8723 and imports Mbed TLS and Mbed Crypto into Mbed OS.
This PR depends on:
Note that it's okay to merge this without #8730, it just means that when an application opts in to use PSA, they can't use persistent keys with the PSA ITS backend (only files).
Pull request type