-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix warning in Crypto when using boot seed injection #9566
Conversation
@alzix, thank you for your changes. |
#ifndef __PLATFORM_MBED__H__ | ||
#define __PLATFORM_MBED__H__ | ||
|
||
#include "default_random_seed.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need to include this header?
There should be no "default random seed". That sounds really dangerous. (And not very random).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This header contains the default read/write functions that supposed to be registered with the Mbed TLS NV_SEED
feature.
Maintainers - I'm too busy to approve this, so I'd like to delegate this to @andresag01. When he's approved it, it's fine by me. |
#ifndef __PLATFORM_MBED__H__ | ||
#define __PLATFORM_MBED__H__ | ||
|
||
#include "default_random_seed.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This default_random_seed.h
seems to be TARGET_PSA
specific. How will the compiler find it when the target is not TARGET_PSA
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
|
||
#if (defined(TARGET_PSA) && defined(MBEDTLS_ENTROPY_NV_SEED)) | ||
|
||
#include "default_random_seed.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this possible to be in target PSA with NV_SEED but in the non-secure side?
If yes, we will have compilation error on default_random_seed.h file would not found
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two use cases:
- PSA target (with SPE and NSPE) and we are building for NSPE. e.g.
FUTURE_SEQUANA_PSA
for such a targets it is not expected to haveMBEDTLS_ENTROPY_NV_SEED
macro enabled. - PSA compliant target (NSPE only). e.g. K64F. IIRC you have tested it on such a target yourself :)
Fix warning in entropy.c caused by injecting seed read & write callbacks
Move NVSEED callbacks configuration to a header file
@0xc0170 can we proceed with it? |
@alzix martin is ooo today |
starting CI |
Restarted CI |
Test run: SUCCESSSummary: 12 of 12 test jobs passed |
Labeled for 5.12 (adding new config - stated as refactor above). One additional question - this is changing mbedtls file, is this intentional (we do not accept changes besides doing version updates) and won't be overriden by next mbedtls update? |
The files in the |
Description
When enabling boot seed injection (e.g. FUTURE_SEQUANA_M0_PSA) entropy read & write callbacks are injected via macros and cause implicit declaration compilation warning.
This PR fixes the warning by adding include to a
platfrom_mbed.h
In addition this PR suggests simplified and user friendly way of wiring NVSEED read/write callbacks.
MBEDTLS_ENTROPY_NV_SEED
macro is sufficient since the callbacks have fixed values for all PSA targets.The option for advanced user to inject custom version of
MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
andMBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
is preserved.Pull request type
Reviewers
@netanelgonen @Patater @avolinski @sbutcher-arm