From 2ea42fec358a502bec0a0e24ee12e3e0352af32c Mon Sep 17 00:00:00 2001
From: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Date: Thu, 26 Oct 2023 11:06:23 +0100
Subject: [PATCH 1/2] refactor(tbbr): enforce compile-time error for invalid
 algorithm selection

Enforced compile-time error on invalid algorithm selection.

Change-Id: I517aa11c9fa9fda49483f95587f43529085c9d5d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
---
 include/common/tbbr/cot_def.h | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/common/tbbr/cot_def.h b/include/common/tbbr/cot_def.h
index 1d28772c9..0e007c58f 100644
--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
@@ -45,7 +45,7 @@
 #else
 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
 #endif
-#else /* Only using ECDSA keys. */
+#elif TF_MBEDTLS_USE_ECDSA
 #if TF_MBEDTLS_KEY_SIZE == 384
 #define PK_DER_LEN                      120
 #elif TF_MBEDTLS_KEY_SIZE == 256
@@ -53,7 +53,9 @@
 #else
 #error "Invalid value for TF_MBEDTLS_KEY_SIZE"
 #endif
-#endif
+#else
+#error "Invalid value of algorithm"
+#endif /* TF_MBEDTLS_USE_RSA */
 
 #if TF_MBEDTLS_HASH_ALG_ID == TF_MBEDTLS_SHA256
 #define HASH_DER_LEN                    51

From 81c2e1566dc4484c23d293961744489a9a6ea3f0 Mon Sep 17 00:00:00 2001
From: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Date: Fri, 20 Oct 2023 10:53:42 +0100
Subject: [PATCH 2/2] fix(tbbr): guard defines under MBEDTLS_CONFIG_FILE

Several platforms, such as NXP platforms, employ Trusted Boot support
without relying on MBEDTLS_CONFIG. This patch addresses the build
issues that arose on such platforms as a result of recent change
c1ec23dd60 [1].

[1]: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/23730

Change-Id: Idfbeeafb8a30dc15bb0060beb5b17819a8807084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
---
 include/common/tbbr/cot_def.h | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/common/tbbr/cot_def.h b/include/common/tbbr/cot_def.h
index 0e007c58f..bf23917bb 100644
--- a/include/common/tbbr/cot_def.h
+++ b/include/common/tbbr/cot_def.h
@@ -32,7 +32,12 @@
  * buffers must be big enough to hold either. As RSA keys are bigger than ECDSA
  * ones for all key sizes we support, they impose the minimum size of these
  * buffers.
+ *
+ * If the platform employs its own mbedTLS configuration, it is the platform's
+ * responsibility to define TF_MBEDTLS_USE_RSA or TF_MBEDTLS_USE_ECDSA to
+ * establish the appropriate PK_DER_LEN size.
  */
+#ifdef MBEDTLS_CONFIG_FILE
 #if TF_MBEDTLS_USE_RSA
 #if TF_MBEDTLS_KEY_SIZE == 1024
 #define PK_DER_LEN                      162
@@ -66,5 +71,6 @@
 #else
 #error "Invalid value for TF_MBEDTLS_HASH_ALG_ID"
 #endif
+#endif /* MBEDTLS_CONFIG_FILE */
 
 #endif /* COT_DEF_H */