New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v4] Rem core mbedtls #6317
[v4] Rem core mbedtls #6317
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
for the series.
This is unfortunate. We run with mbedtls in the core for its superior RSA performance. |
The RSA implementation in MBedTLS 3.x is unfortunately incompatible with GlobalPlatform TEE Internal Core API, see jenswi-linaro#9. Speaking of performance, I've been toying with the idea of using OpenSSL now that it has a permissive license. But that's not in scope here and will likely not happen either unless someone starts to push for it. |
Removes build test of CFG_CRYPTOLIB_NAME=mbedtls since support for mbedtls in core is about to be removed. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Removes support for MbedTLS as main crypto library. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Removes support for using MbedTLS as crypto lib in core. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
d7c1a2e
to
9870f97
Compare
Tag applied. |
Improved blinding is very much appreciated and necessary to counter the ever improving techniques for extracting keys over side channels. The GP API is the way it is, but if the user provides a key with too few components, we can always hit them with the runtime penalty of calling mbedtls_rsa_complete(). All in the name of improved security. |
I wasn't aware of the |
I intend to keep the [v4] PRs open for a bit more time than usual if that's OK with you. I think we need to leave enough time for people to give feedback. |
Makes sense, we only need to merge them before tagging the rc1. |
@larper2axis Here's take 3 for updating to MbedTLS 3.4.0. jenswi-linaro#12 If it makes sense, please review the few commits without review tags. I'll push the branch to |
Doing #6351 instead. |
This is a part of jenswi-linaro#11.
As a first step, we remove support for mbedtls in OP-TEE core, except we still use the bignum implementation with LTC.
Another pull request will follow to update mbedtls to version 3.4.0.