Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-25 14:25:44 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(mbedtls-psa): introduce PSA_CRYPTO build option

Browse source 
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -

1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
   Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
   when PSA_CRYPTO=1.

Also, marked PSA_CRYPTO as an experimental feature.

Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This commit is contained in:
Manish V Badarkhe 2023-09-06 09:08:28 +01:00
parent 902e94cad4
commit 5782b890d2
5 changed files with 47 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Makefile
View file

@ -1036,6 +1036,10 @@ ENABLE_FEAT_RNG = $(if $(findstring rng,${arch-features}),1,0)
# Determine if FEAT_SB is supported # Determine if FEAT_SB is supported
ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0) ENABLE_FEAT_SB = $(if $(findstring sb,${arch-features}),1,0)
ifeq ($(PSA_CRYPTO),1)
$(info PSA_CRYPTO is an experimental feature)
endif
################################################################################ ################################################################################
# Process platform overrideable behaviour # Process platform overrideable behaviour
################################################################################ ################################################################################
@ -1217,6 +1221,7 @@ $(eval $(call assert_booleans,\
ERRATA_NON_ARM_INTERCONNECT \ ERRATA_NON_ARM_INTERCONNECT \
CONDITIONAL_CMO \ CONDITIONAL_CMO \
RAS_FFH_SUPPORT \ RAS_FFH_SUPPORT \
PSA_CRYPTO \
))) )))
# Numeric_Flags # Numeric_Flags
@ -1407,6 +1412,7 @@ $(eval $(call add_defines,\
IMPDEF_SYSREG_TRAP \ IMPDEF_SYSREG_TRAP \
SVE_VECTOR_LEN \ SVE_VECTOR_LEN \
ENABLE_SPMD_LP \ ENABLE_SPMD_LP \
PSA_CRYPTO \
))) )))
ifeq (${SANITIZE_UB},trap) ifeq (${SANITIZE_UB},trap)

7
docs/getting_started/build-options.rst
View file

@ -1185,6 +1185,12 @@ Common build options
errata mitigation for platforms with a non-arm interconnect using the errata errata mitigation for platforms with a non-arm interconnect using the errata
ABI. By default its disabled (``0``). ABI. By default its disabled (``0``).
- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
The platform will use PSA compliant Crypto APIs during authentication and
image measurement process by enabling this option. It uses APIs defined as
per the `PSA Crypto API specification`_. This feature is only supported if
using MbedTLS 3.x version. By default it is disabled (``0``).
GICv3 driver options GICv3 driver options
-------------------- --------------------
@ -1306,3 +1312,4 @@ Firmware update options
.. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html .. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
.. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html .. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html
.. _Firmware Handoff specification: https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v0.9 .. _Firmware Handoff specification: https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v0.9
.. _PSA Crypto API specification: https://armmbed.github.io/mbed-crypto/html/

18
drivers/auth/mbedtls/mbedtls_common.mk
View file

@ -23,7 +23,11 @@ $(info MBEDTLS_VERSION_MAJOR is [${MBEDTLS_MAJOR}] MBEDTLS_VERSION_MINOR is [${M
ifeq (${MBEDTLS_MAJOR}, 2) ifeq (${MBEDTLS_MAJOR}, 2)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>" MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
else ifeq (${MBEDTLS_MAJOR}, 3) else ifeq (${MBEDTLS_MAJOR}, 3)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>" ifeq (${PSA_CRYPTO},1)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
else
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-3.h>"
endif
endif endif
$(eval $(call add_define,MBEDTLS_CONFIG_FILE)) $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
@ -77,6 +81,18 @@ else ifeq (${MBEDTLS_MAJOR}, 3)
LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
endif endif
ifeq (${PSA_CRYPTO},1)
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
psa_crypto.c \
psa_crypto_client.c \
psa_crypto_driver_wrappers.c \
psa_crypto_hash.c \
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
)
endif
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
# algorithm to use. If the variable is not defined, select it based on # algorithm to use. If the variable is not defined, select it based on
# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined, # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,

14
include/drivers/auth/mbedtls/psa_mbedtls_config.h Normal file
View file

@ -0,0 +1,14 @@
/*
* Copyright (c) 2023, Arm Ltd. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
#ifndef PSA_MBEDTLS_CONFIG_H
#define PSA_MBEDTLS_CONFIG_H
#include "mbedtls_config-3.h"
#define MBEDTLS_PSA_CRYPTO_C
#endif /* PSA_MBEDTLS_CONFIG_H */

3
make_helpers/defaults.mk
View file

@ -359,3 +359,6 @@ CONDITIONAL_CMO := 0
# By default, disable SPMD Logical partitions # By default, disable SPMD Logical partitions
ENABLE_SPMD_LP := 0 ENABLE_SPMD_LP := 0
# By default, disable PSA crypto (use MbedTLS legacy crypto API).
PSA_CRYPTO := 0