mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 09:40:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #8623 from daverodgman/verbatim-tfm

Browse Source 
Use TF-M config verbatim
This commit is contained in:
Manuel Pégourié-Gonnard 2024-01-04 08:08:06 +00:00 committed by GitHub
commit 66b1ded73a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 89 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
configs/config-tfm.h
View File

@ -21,9 +21,6 @@
/* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */ /* MBEDTLS_PSA_CRYPTO_SPM needs third-party files, so disable it. */
#undef MBEDTLS_PSA_CRYPTO_SPM #undef MBEDTLS_PSA_CRYPTO_SPM
/* Use built-in platform entropy functions (TF-M provides its own). */
#undef MBEDTLS_NO_PLATFORM_ENTROPY
/* Disable buffer-based memory allocator. This isn't strictly required, /* Disable buffer-based memory allocator. This isn't strictly required,
* but using the native allocator is faster and works better with * but using the native allocator is faster and works better with
* memory management analysis frameworks such as ASan. */ * memory management analysis frameworks such as ASan. */
@ -45,18 +42,17 @@
#undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS #undef MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
#undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE #undef MBEDTLS_PLATFORM_STD_EXIT_FAILURE
/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
* does not need CIPHER_C to be enabled, so we can disable it in order
* to reduce code size further. */
#undef MBEDTLS_CIPHER_C
/* /*
* In order to get an example config that works cleanly out-of-the-box * In order to get an example config that works cleanly out-of-the-box
* for both baremetal and non-baremetal builds, we detect baremetal builds * for both baremetal and non-baremetal builds, we detect baremetal builds
* and set this variable automatically. * (either IAR, Arm compiler or __ARM_EABI__ defined), and adjust some
* variables accordingly.
*/ */
#if defined(__IAR_SYSTEMS_ICC__) || defined(__ARM_EABI__) #if defined(__IAR_SYSTEMS_ICC__) || defined(__ARMCC_VERSION) || defined(__ARM_EABI__)
#define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_NO_PLATFORM_ENTROPY
#else
/* Use built-in platform entropy functions (TF-M provides its own). */
#undef MBEDTLS_NO_PLATFORM_ENTROPY
#endif #endif
/*********************************************************************** /***********************************************************************
@ -65,3 +61,8 @@
// We expect TF-M to pick this up soon // We expect TF-M to pick this up soon
#define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT #define MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
/* CCM is the only cipher/AEAD enabled in TF-M configuration files, but it
* does not need CIPHER_C to be enabled, so we can disable it in order
* to reduce code size further. */
#undef MBEDTLS_CIPHER_C

25
configs/ext/README.md Normal file
View File

@ -0,0 +1,25 @@
Summary
-------
The two files:
* crypto_config_profile_medium.h
* tfm_mbedcrypto_config_profile_medium.h
are copyright The Mbed TLS Contributors, and are distributed under the license normally
used by Mbed TLS: a dual Apache 2.0 or GPLv2-or-later license.
Background
----------
The two files crypto_config_profile_medium.h and tfm_mbedcrypto_config_profile_medium.h
are taken verbatim from the TF-M source code here:
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/lib/ext/mbedcrypto/mbedcrypto_config
In TF-M, they are distributed under a 3-Clause BSD license, as noted at the top of the files.
In Mbed TLS, with permission from the TF-M project, they are distributed under a dual [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) license, with copyright assigned to The Mbed TLS Contributors.
We only retain the note at the top of the files because we are taking the files verbatim, for ease of
maintenance.

13
configs/ext/config_tfm.h Normal file
View File

@ -0,0 +1,13 @@
/*
* Empty placeholder
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This file is intentionally empty.
*
* Having an empty file here allows us to build the TF-M config, which references this file,
* without making any changes to the TF-M config.
*/

11
configs/ext/crypto_config_profile_medium.h
View File

@ -1,13 +1,14 @@
/*
* Copyright (c) 2018-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
/** /**
* \file psa/crypto_config.h * \file psa/crypto_config.h
* \brief PSA crypto configuration options (set of defines) * \brief PSA crypto configuration options (set of defines)
* *
*/ */
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
/** /**
* When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,

13
configs/ext/mbedtls_entropy_nv_seed_config.h Normal file
View File

@ -0,0 +1,13 @@
/*
* Empty placeholder
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
/*
* This file is intentionally empty.
*
* Having an empty file here allows us to build the TF-M config, which references this file,
* without making any changes to the TF-M config.
*/

22
configs/ext/tfm_mbedcrypto_config_profile_medium.h
View File

@ -8,14 +8,28 @@
* memory footprint. * memory footprint.
*/ */
/* /*
* Copyright The Mbed TLS Contributors * Copyright (C) 2006-2023, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* This file is part of mbed TLS (https://tls.mbed.org)
*/ */
#ifndef PROFILE_M_MBEDTLS_CONFIG_H #ifndef PROFILE_M_MBEDTLS_CONFIG_H
#define PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H
//#include "config_tfm.h" #include "config_tfm.h"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1 #define _CRT_SECURE_NO_DEPRECATE 1
@ -549,7 +563,7 @@
#endif /* CRYPTO_NV_SEED */ #endif /* CRYPTO_NV_SEED */
#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) #if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
//#include "mbedtls_entropy_nv_seed_config.h" #include "mbedtls_entropy_nv_seed_config.h"
#endif #endif
#ifdef CRYPTO_HW_ACCELERATOR #ifdef CRYPTO_HW_ACCELERATOR

5
tests/scripts/check_files.py
View File

@ -373,8 +373,9 @@ class LicenseIssueTracker(LineIssueTracker):
r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z', r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
# Files imported from TF-M, and not used except in test builds, # Files imported from TF-M, and not used except in test builds,
# may be under a different license. # may be under a different license.
r'configs/crypto_config_profile_medium\.h\Z', r'configs/ext/crypto_config_profile_medium\.h\Z',
r'configs/tfm_mbedcrypto_config_profile_medium\.h\Z', r'configs/ext/tfm_mbedcrypto_config_profile_medium\.h\Z',
r'configs/ext/README\.md\Z',
# Third-party file. # Third-party file.
r'dco\.txt\Z', r'dco\.txt\Z',
] ]