Patchset: Align TFM to mbedTLS #92
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced May 18, 2023
This is also closer to the newly changed upstream code style in Mbed TLS. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Change-Id: I8bed02a4a8a6b0fbfe18b96862c9e23979378154 (cherry picked from commit ba5aae9) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Define the type psa_key_attributes_t in the same way as Mbed TLS, as a struct psa_key_attributes_s which has different definitions on the client and server sides. This avoids needing to patch upstream headers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Change-Id: I240349c725facca6e353e309cccfabda289adb46 (cherry picked from commit 2f82041) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Reduce divergence between PSA Crypto headers available in TF-M and Mbed TLS. * Consistently use mbedtls_svc_key_id_t for psa_key_id_t in the headers * Concentrate IMPDEF behaviour in crypto_struct and crypto_platform * Make sure the same config file is used for client and server views, i.e. make sure that ENCODES_OWNER config define is passed in a dedicated compile switch privately to the crypto service * Add \emptydescription for Doxygen when required * clean up the psa_crypto_config cmake target Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: Ia65c9d267ac9dc0441ea484408c5501c1558e580 (cherry picked from commit 34a0ffd) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Reduces the degrees of freedom when including PSA crypto headers. The PSA Crypto headers are always guaranteed to be in the same directory of the main psa/crypto.h. Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com> Change-Id: I5b2e4400f1cf885d507e3f755602b60051a1b9ab (cherry picked from commit 380b2b4) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
Header file crypto_platform.h is included by crypto.h, which is installed when Crypto service is enabled. So crypto_platform.h also needs to be installed. Signed-off-by: Xinyu Zhang <xinyu.zhang@arm.com> Change-Id: I6a439cc1db26ce8e180d91c93002987a142bfb7e (cherry picked from commit fce2037) Signed-off-by: Rajkumar Kanagaraj <rajkumar.kanagaraj@linaro.org>
rajkan01
force-pushed
the
patch_critical_fix_from_TFM_1.8.0
branch
from
d4c20c1
to
2856bd2
Compare
microbuilder
approved these changes
May 22, 2023
|
@joerchan Have time to take a look at this one? |
d3zd3z
approved these changes
May 25, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for this patch set
Since an update to TFM 1.8 is only planned after the Zephyr 3.4.0 release is complete, the ARM TF-M team recommended the below patch set be applied on top of TF-M 1.7.0. These cherry-picks mitigate issues caused by the most recent version of mbedTLS being updated to use PSA APIs, causing conflicts when using mbedTLS with TF-M.
See: https://review.trustedfirmware.org/q/topic:%22psa_crypto_headers_adjustments%22+(status:open%20OR%20status:merged)
Summary of changes
psa_key_attributes_tin the same way as Mbed TLS, as astruct psa_key_attributes_swhich has different definitions on the client and server sides. This avoids needing to patch upstream headers.mbedtls_svc_key_id_tforpsa_key_id_tin the headers\emptydescriptionfor Doxygen when requiredpsa_crypto_configcmake targetpsa/crypto.h.crypto_platform.his included bycrypto.h, which is installed when Crypto service is enabled. Socrypto_platform.halso needs to be installed.