RollUp PR Crypto with ITS #9529
Conversation
Obtain the version of Mbed Crypto to use not from the Mbed TLS submodule, but independently through the Mbed Crypto importer instead.
Use the Mbed-Crypto-specific importer script to re-import Mbed Crypto 0.1.0b2 to its new location.
Instead of doing a "pull --rebase" to update to the latest development branch, do a "fetch" followed by a "checkout" to update to the specified release. This enables us to get any new tags created since the last update to the development branch, and removes the noise of updating a local "development" branch.
Update tests in TESTS/mbed-crypto/sanity/main.cpp
Test key handles by adding a test to TESTS/mbed-crypto/sanity/main.cpp
1. Removed obsolete crypto APIs from IPC implementation. 2. Updated existing crypto APIs in IPC implementation. 3. Added new crypto APIs to IPC implemntation (except for psa_hash_clone).
Test hash clone by adding a test to TESTS/mbed-crypto/sanity/main.cpp
ciarmcom
requested review from
alzix,
itayzafrir,
mikisch81,
Patater and
a team
|
@orenc17, thank you for your changes. |
|
running CI to screen for errors while this is reviewed. |
Please fix the PR template. What's the intention with this rollup? Are all PR involved already approved? |
|
@0xc0170 all 5 PR's are inter-dependent and must be run through CI together |
Test run: FAILEDSummary: 4 of 8 test jobs failed Failed test jobs:
|
|
So this is the review status:
|
Test run: SUCCESSSummary: 12 of 12 test jobs passed |
|
The CI has passed for the roll-up PR. if we want to proceed with this we will need review approvals for all of the component PRs (see list above kindly provided by @mikisch81). all reviewers please take a look. |
@bulislaw See this comment from @orenc17, the breaking change was in the relationship between psa-crypto and it's, that's why we needed a roll up PR in the first place. |
|
@mikisch81 |
|
@mikisch81 This req will go live soon ARMmbed/mbed-os-5-docs#933 (check how to describe functionality change), Can you add this description here? This needs to describe every functional change in this PR (look at the docs PR, we need to understand the impact and how users would migrate their code). Why did we decide to break it ? |
|
@orenc17 @itayzafrir @alzix can you address @bulislaw and @0xc0170 concerns. |
| @@ -38,7 +38,7 @@ | |||
| if '_NAME_' not in filename] | |||
| MANIFEST_FILE_PATTERN = '*_psa.json' | |||
| MBED_OS_ROOT = os.path.abspath(path_join(SCRIPT_DIR, os.pardir, os.pardir)) | |||
| SPM_CORE_ROOT = path_join(MBED_OS_ROOT, 'components', 'TARGET_PSA', 'spm') | |||
| SPM_CORE_ROOT = path_join(MBED_OS_ROOT, 'components', 'TARGET_PSA', 'TARGET_MBED_SPM') | |||
There was a problem hiding this comment.
Any concerns with this @theotherjimmy? Thinking about the online compiler. However it may just be limited to the FUTURE_SEQUANA target.
There was a problem hiding this comment.
@orenc17 Also, making sure this doesn't break things inadvertently.
@lrusinowicz thoughts?
(Should be fine, just being cautious)
There was a problem hiding this comment.
No, this tool should only be run by a developer changing PSA partitions
The online compiler doesn't and should never run this tool
|
@bulislaw @0xc0170 I think you are over reacting to a small type change. Yes there are lots of changes in the only customer of this API (crypto), but I think you guys can handle and have handled many changes in crypo already just fine Are there going to be more changes and PR's like this one ? Probably yes. I think you should get a better understanding of PSA, as the comming release probably will hurt everyone like the first thing that come up on a Google search for PSA As for the changes themselves, they have been checked thoroughly by everyone who has been asked for review on the matter, not to mention the next PR's that are already waiting for this one to be merged. So I don't see any reason left not to merge this All aboard the PSA train!!!!!, This ride is going to be bumpy as hell. |
|
@ARMmbed/mbed-os-maintainers Can you please tell us exactly what is missing in this PR to be merged? |
|
Hmm, it looks like a majority of reviews have been completed. I think we're looking for something like this to be ammended to the PR's description: ARMmbed/mbed-os-5-docs#933 (comment) Either that, or I'm missing something else that hopefully @bulislaw can clarify.
@orenc17 Joke unclear. I use duckduckgo 😄 |
|
release notes added P.S. added a link to practical joke. @cmonr on duckduckgo its the 3rd result |
|
Background What is being broken? PSA Crypto API 1.0b1 API breaking changes, added to Mbed OS in this PR
Why is it being broken? Analysis of impact on users Alternatives Mitigation and migration path for users |
|
@bulislaw @ARMmbed/mbed-os-maintainers |
|
The release notes 👍 |
|
@bulislaw approval is needed. |
There was a problem hiding this comment.
Thanks guys for adding the explanations and release notes.
@bulislaw @0xc0170 I think you are over reacting to a small type change.
Yes this a "breaking change" on an API that went from an architect's dream to a public release (@dreemkiller no offense plz)
Yes there are lots of changes in the only customer of this API (crypto), but I think you guys can handle and have handled many changes in crypo already just fine
Are there going to be more changes and PR's like this one ? Probably yes.
I think you should get a better understanding of PSA, as the comming release probably will hurt everyone like the first thing that come up on a Google search for PSA
As for the changes themselves, they have been checked thoroughly by everyone who has been asked for review on the matter, not to mention the next PR's that are already waiting for this one to be merged.
So I don't see any reason left not to merge this
All aboard the PSA train!!!!!, This ride is going to be bumpy as hell.
The problem is that without knowing the details, maintainers and people not involved in this work can't make a meaningful decision. Even small breaking changes can be painful for the wider ecosystem. As a team we are rather trigger happy when it comes to breaking things. Rather than figuring things out before we start coding or later managing the change in meaningful way we just happily break things. I hope that explanation of what is being broken and why is not too big thing to ask for. If anything it should force the submitter to think again whether we really need to break something. And in some cases the answer is yes, but we shouldn't be jumping into conclusions without thinking or understanding why are we doing it and what impact will it have.
|
Because this mentions breaking changes, I'd expect it to affect our documentation. Could someone please work with @Elise-Kaminski and me to update our docs? |
|
@ARMmbed/mbed-os-psa Is someone already working with docs to get the above comment addressed? |
|
Description
This is a Roll up PR that includes the following PR's:
Pull request type
Reviewers
@Patater @alzix @itayzafrir @mikisch81 @ARMmbed/mbed-os-maintainers
Release notes
Crypto
Upon upgrading the version of Mbed Crypto within Mbed OS to Mbed Crypto 1.0.0d1, the following API changes in PSA Crypto are brought into Mbed OS. There is no backwards compatibility with the PSA Crypto alpha APIs as provided for preview purposes in Mbed OS 5.11. Users of the previous PSA Crypto APIs will need to update their code to use the new PSA Crypto APIs (which are still a moving target).
ITS