aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSummer Qin <summer.qin@arm.com>2021-07-12 18:57:57 +0800
committerKen Liu <ken.liu@arm.com>2021-07-21 09:26:05 +0200
commit9347dc7fa2b46d55061778362173f4687c2238f9 (patch)
tree5942ead2d91b1dc6c3c998b41fd9d9c13099bbf3 /lib
parent8c9efa78922916d90ecdacc7370e2369e84a93b4 (diff)
downloadtrusted-firmware-m-9347dc7fa2b46d55061778362173f4687c2238f9.tar.gz
Crypto: Use NV SEED as default entropy source
MBEDTLS_TEST_NULL_ENTROPY is removed from mbedtls 3.0.0. Change to use 'MBEDTLS_ENTROPY_NV_SEED' as the default entropy source if a platform doesn't generate entropy from hardware. Change-Id: If03c9dec3c6fb0d7bb98721963ac2142d43ed00d Signed-off-by: Summer Qin <summer.qin@arm.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h23
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h23
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h23
-rw-r--r--lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h23
4 files changed, 16 insertions, 76 deletions
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
index b96670de76..9febb96649 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_default.h
@@ -497,23 +497,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -798,7 +781,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -853,7 +836,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -2030,6 +2013,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#else
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
index d4e187597b..d1e57bc0fe 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_large.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -2025,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#else
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
index dd2d390615..7472f600a8 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_medium.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -2025,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#else
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations
diff --git a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
index 5b2feaf726..d787c65337 100644
--- a/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
+++ b/lib/ext/mbedcrypto/mbedcrypto_config/tfm_mbedcrypto_config_profile_small.h
@@ -492,23 +492,6 @@
//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
* Uncomment this macro to let mbed TLS use your own implementation of a
@@ -793,7 +776,7 @@
*
* Uncomment this macro to prevent loading of default entropy functions.
*/
-#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
/**
* \def MBEDTLS_NO_PLATFORM_ENTROPY
@@ -848,7 +831,7 @@
* \note The entropy collector will write to the seed file before entropy is
* given to an external source, to update it.
*/
-//#define MBEDTLS_ENTROPY_NV_SEED
+#define MBEDTLS_ENTROPY_NV_SEED
/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
*
@@ -2025,6 +2008,8 @@
#ifdef CRYPTO_HW_ACCELERATOR
#include "mbedtls_accelerator_config.h"
+#else
+#include "mbedtls_entropy_nv_seed_config.h"
#endif
/* Target and application specific configurations