diff options
| author | Manish V Badarkhe <Manish.Badarkhe@arm.com> | 2023-09-06 09:08:28 +0100 |
|---|---|---|
| committer | Manish V Badarkhe <Manish.Badarkhe@arm.com> | 2023-10-04 08:51:40 +0100 |
| commit | 5782b890d29646924d8bd3f46acdc73a6e02feb2 (patch) | |
| tree | aa50701052fad5e5dc3bf3b55d404157a15c2fbf | |
| parent | 902e94cad45ad9f009a4c61ac31d3a210ec69668 (diff) | |
feat(mbedtls-psa): introduce PSA_CRYPTO build option
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.
Also, marked PSA_CRYPTO as an experimental feature.
Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | docs/getting_started/build-options.rst | 7 | ||||
| -rw-r--r-- | drivers/auth/mbedtls/mbedtls_common.mk | 18 | ||||
| -rw-r--r-- | include/drivers/auth/mbedtls/psa_mbedtls_config.h | 14 | ||||
| -rw-r--r-- | make_helpers/defaults.mk | 3 |
5 files changed, 47 insertions, 1 deletions
@@ -1036,6 +1036,10 @@ ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0) # Determine if FEAT_SB is supported ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) +ifeq ($(PSA_CRYPTO),1) + $(info PSA_CRYPTO is an experimental feature) +endif + ################################################################################ # Process platform overrideable behaviour ################################################################################ @@ -1217,6 +1221,7 @@ $(eval $(call assert_booleans,\ ERRATA_NON_ARM_INTERCONNECT \ CONDITIONAL_CMO \ RAS_FFH_SUPPORT \ + PSA_CRYPTO \ ))) # Numeric_Flags @@ -1407,6 +1412,7 @@ $(eval $(call add_defines,\ IMPDEF_SYSREG_TRAP \ SVE_VECTOR_LEN \ ENABLE_SPMD_LP \ + PSA_CRYPTO \ ))) ifeq (${SANITIZE_UB},trap) diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 7c84ef163..34d83f255 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -1185,6 +1185,12 @@ Common build options errata mitigation for platforms with a non-arm interconnect using the errata ABI. By default its disabled (``0``). +- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support. + The platform will use PSA compliant Crypto APIs during authentication and + image measurement process by enabling this option. It uses APIs defined as + per the `PSA Crypto API specification`_. This feature is only supported if + using MbedTLS 3.x version. By default it is disabled (``0``). + GICv3 driver options -------------------- @@ -1306,3 +1312,4 @@ Firmware update options .. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html .. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html .. _Firmware Handoff specification: https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v0.9 +.. _PSA Crypto API specification: https://armmbed.github.io/mbed-crypto/html/ diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk index 79c45126a..376b6b7ca 100644 --- a/drivers/auth/mbedtls/mbedtls_common.mk +++ b/drivers/auth/mbedtls/mbedtls_common.mk @@ -23,7 +23,11 @@ $(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${M ifeq (${MBEDTLS_MAJOR}, 2) MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>" else ifeq (${MBEDTLS_MAJOR}, 3) - MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>" + ifeq (${PSA_CRYPTO},1) + MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>" + else + MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>" + endif endif $(eval $(call add_define,MBEDTLS_CONFIG_FILE)) @@ -77,6 +81,18 @@ else ifeq (${MBEDTLS_MAJOR}, 3) LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls endif +ifeq (${PSA_CRYPTO},1) +LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \ + psa_crypto.c \ + psa_crypto_client.c \ + psa_crypto_driver_wrappers.c \ + psa_crypto_hash.c \ + psa_crypto_rsa.c \ + psa_crypto_ecp.c \ + psa_crypto_slot_management.c \ + ) +endif + # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key # algorithm to use. If the variable is not defined, select it based on # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined, diff --git a/include/drivers/auth/mbedtls/psa_mbedtls_config.h b/include/drivers/auth/mbedtls/psa_mbedtls_config.h new file mode 100644 index 000000000..65df2d4da --- /dev/null +++ b/include/drivers/auth/mbedtls/psa_mbedtls_config.h @@ -0,0 +1,14 @@ +/* + * Copyright (c) 2023, Arm Ltd. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef PSA_MBEDTLS_CONFIG_H +#define PSA_MBEDTLS_CONFIG_H + +#include "mbedtls_config-3.h" + +#define MBEDTLS_PSA_CRYPTO_C + +#endif /* PSA_MBEDTLS_CONFIG_H */ diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk index b7e6f9917..321ae9fd1 100644 --- a/make_helpers/defaults.mk +++ b/make_helpers/defaults.mk @@ -359,3 +359,6 @@ CONDITIONAL_CMO := 0 # By default, disable SPMD Logical partitions ENABLE_SPMD_LP := 0 + +# By default, disable PSA crypto (use MbedTLS legacy crypto API). +PSA_CRYPTO := 0 |