MbedTLS configuration rework
Instead of using config.py to modify the original MbedTLS configuration
file and then extending it with user settings, pass a custom file
which will be used instead of the default file being appended to it.
Also add a stub trng implementation, which results in error if called,
because in case of internal crypto configuration of smmgw SP, trng
shall not be used for X509 related tasks.
libmbedx509.h has been renamed to crypto_provider_x509.h
x509_only.h has been renamed to internal_crypto_smmgw.h
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: I6831f221d63b64422a28ab75d0faf97771dd5773
diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
index 8d4aaef..c20e2fe 100644
--- a/deployments/component-test/component-test.cmake
+++ b/deployments/component-test/component-test.cmake
@@ -240,7 +240,7 @@
protobuf_generate_all(TGT "component-test" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
# MbedTLS
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/libmbedx509.h"
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_provider_x509.h"
CACHE STRING "Configuration file for Mbed TLS" FORCE)
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(component-test PRIVATE MbedTLS::mbedcrypto)
@@ -248,7 +248,7 @@
# Pass the location of the mbedtls config file to C preprocessor.
target_compile_definitions(component-test PRIVATE
- MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
)
# Qcbor
diff --git a/deployments/crypto/crypto.cmake b/deployments/crypto/crypto.cmake
index 963dde5..9dad507 100644
--- a/deployments/crypto/crypto.cmake
+++ b/deployments/crypto/crypto.cmake
@@ -47,7 +47,7 @@
protobuf_generate_all(TGT "crypto" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
# Mbed TLS provides libmbedcrypto
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/libmbedx509.h"
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_provider_x509.h"
CACHE STRING "Configuration file for Mbed TLS" FORCE)
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(crypto PRIVATE MbedTLS::mbedcrypto)
@@ -56,7 +56,7 @@
# Provide the config path to mbedtls
target_compile_definitions(crypto
PRIVATE
- MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
)
#################################################################
diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
index 80ef7e4..c9f84be 100644
--- a/deployments/libts/linux-pc/CMakeLists.txt
+++ b/deployments/libts/linux-pc/CMakeLists.txt
@@ -184,7 +184,7 @@
protobuf_generate_all(TGT "ts" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
# MbedTLS
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/libmbedx509.h"
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_provider_x509.h"
CACHE STRING "Configuration file for Mbed TLS" FORCE)
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(ts PRIVATE MbedTLS::mbedcrypto)
@@ -192,7 +192,7 @@
# Pass the location of the mbedtls config file to C preprocessor.
target_compile_definitions(ts PRIVATE
- MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
)
# Qcbor
diff --git a/deployments/platform-inspect/platform-inspect.cmake b/deployments/platform-inspect/platform-inspect.cmake
index d9f1ca7..f5589ff 100644
--- a/deployments/platform-inspect/platform-inspect.cmake
+++ b/deployments/platform-inspect/platform-inspect.cmake
@@ -43,7 +43,7 @@
#-------------------------------------------------------------------------------
# MbedTLS provides libmbedcrypto
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_posix.h"
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/crypto_posix.h"
CACHE STRING "Configuration file for mbedcrypto")
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(platform-inspect PRIVATE MbedTLS::mbedcrypto)
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index 562d9d1..bbeb034 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -11,7 +11,7 @@
# If enabled an internal mbedtls instance will be used instead of the crypto SP
if (UEFI_INTERNAL_CRYPTO)
-set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/x509_only.h"
+set(MBEDTLS_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/internal_crypto_smmgw.h"
CACHE STRING "Configuration file for Mbed TLS" FORCE)
include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto)
@@ -20,7 +20,7 @@
# Pass the mbedtls config file to C preprocessor so the uefi
# direct backend will access the mbedtls headers
target_compile_definitions(smm-gateway PRIVATE
- MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
+ MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
)
target_compile_definitions(smm-gateway PRIVATE
@@ -32,6 +32,7 @@
COMPONENTS
"components/common/mbedtls"
"components/service/uefi/smm_variable/backend/direct"
+ "components/service/crypto/backend/mbedcrypto/trng_adapter/stub"
)
else()