mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-29 00:33:49 +00:00
014975cea4
The default mbedTLS configuration enables hash algorithms based on the HASH_ALG or MBOOT_EL_HASH_ALG selected. However, the Arm ROTPK is always embedded as a SHA256 hash in BL1 and BL2. In the future, we may need to adjust this to use the HASH_ALG algorithm for embedding the ROTPK hash. As a temporary workaround, a separate mbedTLS configuration has been created for Arm platforms to explicitly set SHA256 defines, rather than relying on the default configuration. This adjustment is reflected in the mbedTLS configuration file for the TC platform as well as in the PSA Crypto configuration file. Change-Id: Ib3128ce7b0fb5c0858624ecbc998d456968beddf Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
26 lines
631 B
C
26 lines
631 B
C
/*
|
|
* Copyright (c) 2024, Arm Ltd. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef PLAT_ARM_MBEDTLS_CONFIG_H
|
|
#define PLAT_ARM_MBEDTLS_CONFIG_H
|
|
|
|
#include <mbedtls_config-3.h>
|
|
|
|
/**
|
|
* On Arm platforms, the ROTPK is always hashed using the SHA-256
|
|
* algorithm.
|
|
* TODO: Update to hash the ROTPK with the selected HASH_ALG to avoid
|
|
* the need for explicitly enabling the SHA-256 configuration in mbedTLS.
|
|
*/
|
|
#define MBEDTLS_SHA256_C
|
|
|
|
/*
|
|
* Use an implementation of SHA-256 with a smaller memory footprint
|
|
* but reduced speed.
|
|
*/
|
|
#define MBEDTLS_SHA256_SMALLER
|
|
|
|
#endif /* PLAT_ARM_MBEDTLS_CONFIG_H */
|