Merge changes from topic "mbedtls-config-cleanup" into integration

* changes: chore(qemu): remove duplicate define chore(imx): remove duplicate define chore(arm): remove duplicate defines chore(mbedtls): remove hash configs
2025-04-26 23:04:50 +00:00 · 2024-09-04 12:18:36 +02:00 · 2024-09-04 12:18:36 +02:00 · 0c755a2c66
commit 0c755a2c66
parent fb3314d9e3 1f3ca0ef5b
5 changed files with 21 additions and 29 deletions
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@ -118,6 +118,14 @@ else
    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
 endif

+ifeq (${MBOOT_EL_HASH_ALG}, sha256)
+    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA256))
+else ifeq (${MBOOT_EL_HASH_ALG}, sha384)
+    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA384))
+else ifeq (${MBOOT_EL_HASH_ALG}, sha512)
+    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
+endif
+
 ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
 else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h
@ -73,23 +73,17 @@
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 #endif

-/* The library does not currently support enabling SHA-256 without SHA-224. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-/*
- * If either Trusted Boot or Measured Boot require a stronger algorithm than
- * SHA-256, pull in SHA-512 support. Library currently needs to have SHA_384
- * support when enabling SHA-512.
- */
-#if (TF_MBEDTLS_HASH_ALG_ID != TF_MBEDTLS_SHA256) /* TBB hash algo */
-#define MBEDTLS_SHA384_C
-#define	MBEDTLS_SHA512_C
-#else
-   /* TBB uses SHA-256, what about measured boot? */
-#if defined(TF_MBEDTLS_MBOOT_USE_SHA512)
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
+/* Enable hash algorithms based on TBB or Measured Boot */
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256) || defined(TF_MBEDTLS_MBOOT_USE_SHA256)
+    #define MBEDTLS_SHA256_C
 #endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA384) || defined(TF_MBEDTLS_MBOOT_USE_SHA384)
+    #define MBEDTLS_SHA384_C
+#endif
+
+#if (TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA512) || defined(TF_MBEDTLS_MBOOT_USE_SHA512)
+    #define MBEDTLS_SHA512_C
 #endif

 #define MBEDTLS_VERSION_C
@ -104,7 +98,9 @@
 #endif

 /* MPI / BIGNUM options */
-#define MBEDTLS_MPI_WINDOW_SIZE			2
+
+/* Note: Lower numbers trade longer execution time for less RAM allocation */
+#define MBEDTLS_MPI_WINDOW_SIZE			1

 #if TF_MBEDTLS_USE_RSA
 #if TF_MBEDTLS_KEY_SIZE <= 2048
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@ -432,10 +432,6 @@ ifneq ($(filter 1,${MEASURED_BOOT} ${DRTM_SUPPORT}),)
    $(info Including ${MEASURED_BOOT_MK})
    include ${MEASURED_BOOT_MK}

-    ifneq (${MBOOT_EL_HASH_ALG}, sha256)
-        $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
-    endif
-
    ifeq (${MEASURED_BOOT},1)
         BL1_SOURCES		+= 	${EVENT_LOG_SOURCES}
         BL2_SOURCES		+= 	${EVENT_LOG_SOURCES}
--- a/plat/imx/imx8m/imx8mm/platform.mk
+++ b/plat/imx/imx8m/imx8mm/platform.mk
@ -188,10 +188,6 @@ ifeq (${MEASURED_BOOT},1)
    $(info Including ${MEASURED_BOOT_MK})
    include ${MEASURED_BOOT_MK}

-ifneq (${MBOOT_EL_HASH_ALG}, sha256)
-    $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
-endif
-
 BL2_SOURCES		+=	plat/imx/imx8m/imx8m_measured_boot.c	\
 				plat/imx/imx8m/imx8m_dyn_cfg_helpers.c	\
 				${EVENT_LOG_SOURCES}
--- a/plat/qemu/qemu/platform.mk
+++ b/plat/qemu/qemu/platform.mk
@ -96,10 +96,6 @@ ifeq (${MEASURED_BOOT},1)
    $(info Including ${MEASURED_BOOT_MK})
    include ${MEASURED_BOOT_MK}

-    ifneq (${MBOOT_EL_HASH_ALG}, sha256)
-        $(eval $(call add_define,TF_MBEDTLS_MBOOT_USE_SHA512))
-    endif
-
    BL2_SOURCES		+=	plat/qemu/qemu/qemu_measured_boot.c	\
 				plat/qemu/qemu/qemu_helpers.c		\
 				${EVENT_LOG_SOURCES}