-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Patchset: Align TFM to mbedTLS #92
Merged
microbuilder
merged 5 commits into
zephyrproject-rtos:master
from
rajkan01:patch_critical_fix_from_TFM_1.8.0
May 26, 2023
Merged
Patchset: Align TFM to mbedTLS #92
microbuilder
merged 5 commits into
zephyrproject-rtos:master
from
rajkan01:patch_critical_fix_from_TFM_1.8.0
May 26, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced May 18, 2023
This is also closer to the newly changed upstream code style in Mbed TLS. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Change-Id: I8bed02a4a8a6b0fbfe18b96862c9e23979378154 (cherry picked from commit ba5aae9) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Define the type psa_key_attributes_t in the same way as Mbed TLS, as a struct psa_key_attributes_s which has different definitions on the client and server sides. This avoids needing to patch upstream headers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Change-Id: I240349c725facca6e353e309cccfabda289adb46 (cherry picked from commit 2f82041) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Reduce divergence between PSA Crypto headers available in TF-M and Mbed TLS. * Consistently use mbedtls_svc_key_id_t for psa_key_id_t in the headers * Concentrate IMPDEF behaviour in crypto_struct and crypto_platform * Make sure the same config file is used for client and server views, i.e. make sure that ENCODES_OWNER config define is passed in a dedicated compile switch privately to the crypto service * Add \emptydescription for Doxygen when required * clean up the psa_crypto_config cmake target Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ia65c9d267ac9dc0441ea484408c5501c1558e580 (cherry picked from commit 34a0ffd) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Reduces the degrees of freedom when including PSA crypto headers. The PSA Crypto headers are always guaranteed to be in the same directory of the main psa/crypto.h. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I5b2e4400f1cf885d507e3f755602b60051a1b9ab (cherry picked from commit 380b2b4) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Header file crypto_platform.h is included by crypto.h, which is installed when Crypto service is enabled. So crypto_platform.h also needs to be installed. Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I6a439cc1db26ce8e180d91c93002987a142bfb7e (cherry picked from commit fce2037) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
d4c20c1
to
2856bd2
Compare
microbuilder
approved these changes
May 22, 2023
@joerchan Have time to take a look at this one? |
d3zd3z
approved these changes
May 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for this patch set
Since an update to TFM 1.8 is only planned after the Zephyr 3.4.0 release is complete, the ARM TF-M team recommended the below patch set be applied on top of TF-M 1.7.0. These cherry-picks mitigate issues caused by the most recent version of mbedTLS being updated to use PSA APIs, causing conflicts when using mbedTLS with TF-M.
See: https://review.trustedfirmware.org/q/topic:%22psa_crypto_headers_adjustments%22+(status:open%20OR%20status:merged)
Summary of changes
psa_key_attributes_t
in the same way as Mbed TLS, as astruct psa_key_attributes_s
which has different definitions on the client and server sides. This avoids needing to patch upstream headers.mbedtls_svc_key_id_t
forpsa_key_id_t
in the headers\emptydescription
for Doxygen when requiredpsa_crypto_config
cmake targetpsa/crypto.h
.crypto_platform.h
is included bycrypto.h
, which is installed when Crypto service is enabled. Socrypto_platform.h
also needs to be installed.