From 5e18b90c95068efd1f3e872707b88994758af09c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Dec 2023 12:07:30 +0100 Subject: [PATCH] config-tfm: disable CIPHER_C We also add a check in "all.sh" components: - component_test_tfm_config_p256m_driver_accel_ec - component_test_tfm_config to ensure that CIPHER_C was not re-enabled accidentally. Signed-off-by: Valerio Setti --- configs/config-tfm.h | 5 +++++ tests/scripts/all.sh | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/configs/config-tfm.h b/configs/config-tfm.h index 85b677b4cc..f6f527e006 100644 --- a/configs/config-tfm.h +++ b/configs/config-tfm.h @@ -45,6 +45,11 @@ #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE +/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it + * does not need CIPHER_C to be enabled, so we can disabled it in order + * to reduce code size further. */ +#undef MBEDTLS_CIPHER_C + /* * In order to get an example config that works cleanly out-of-the-box * for both baremetal and non-baremetal builds, we detect baremetal builds diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 462597ba6e..a2dc841988 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3265,6 +3265,10 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Check that p256m was built grep -q p256_ecdsa_ library/libmbedcrypto.a + # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration + # files, so we want to ensure that it has not be re-enabled accidentally. + not grep mbedtls_cipher library/cipher.o + # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" make test @@ -3286,6 +3290,10 @@ component_test_tfm_config() { # Check that p256m was not built not grep p256_ecdsa_ library/libmbedcrypto.a + # In "config-tfm.h" we disabled CIPHER_C tweaking TF-M's configuration + # files, so we want to ensure that it has not be re-enabled accidentally. + not grep mbedtls_cipher library/cipher.o + msg "test: TF-M config" make test }