Fix: multiple MbedTLS integration fixes
List of changes:
- prefetched source is ignored by MbedTLS.cmake
Setting MBEDTLS_SOURCE_DIR does not make MbedTLS.cmake to use the
externally provided source code. This is because MBEDTLS_SOURCE_DIR
is not passed to LazyFetch_MakeAvailable().
As a fix, pass the variable to LazyFetch.
- patch MbedTLS to allow building libmbedcrypto only. This is needed to
decrease dependencies in yocto.
- allow passing python interpreter location down to MbedTLS build
Change-Id: I25b598e086f5f2af948cd288c2f3faa50bce1cc6
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
diff --git a/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch b/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch
new file mode 100644
index 0000000..e85634c
--- /dev/null
+++ b/external/MbedTLS/0001-Add-capability-to-build-libmbedcrypto-only.patch
@@ -0,0 +1,126 @@
+From b8d7d8bd3e447d471f56dc95e0315c965f393edd Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Tue, 28 Mar 2023 18:20:44 +0200
+Subject: [PATCH 1/1] Add capability to build libmbedcrypto only
+
+Introduce the CRYPTO_ONLY option which configures cmake to build only
+libmbedcrypto.
+
+Upstream-status: Invalid [other]
+ - This is a Trusted Services specific change, there is not intention
+ to upstream this change.
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ library/CMakeLists.txt | 57 +++++++++++++++++++++++++++++-------------
+ 1 file changed, 39 insertions(+), 18 deletions(-)
+
+diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
+index c9714bbfb..d0087c616 100644
+--- a/library/CMakeLists.txt
++++ b/library/CMakeLists.txt
+@@ -2,6 +2,7 @@ option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
+ option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
+ option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
+ option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
++option(CRYPTO_ONLY "Build mbedcrypto linrary only." On)
+
+ # Set the project root directory if it's not already defined, as may happen if
+ # the library folder is included directly by a parent project, without
+@@ -248,18 +249,27 @@ if (USE_STATIC_MBEDTLS_LIBRARY)
+ set(mbedcrypto_static_target ${mbedcrypto_target})
+ endif()
+
+-set(target_libraries ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
++set(target_libraries ${mbedcrypto_target})
++
++if (NOT CRYPTO_ONLY)
++ list(APPEND target_libraries ${mbedx509_target} ${mbedtls_target})
++endif()
+
+ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+ string(APPEND mbedtls_static_target "_static")
+ string(APPEND mbedx509_static_target "_static")
+ string(APPEND mbedcrypto_static_target "_static")
+
++
++ list(APPEND target_libraries
++ ${mbedcrypto_static_target})
++
++if (NOT CRYPTO_ONLY)
+ list(APPEND target_libraries
+- ${mbedcrypto_static_target}
+ ${mbedx509_static_target}
+ ${mbedtls_static_target})
+ endif()
++endif()
+
+ if(USE_STATIC_MBEDTLS_LIBRARY)
+ add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
+@@ -270,13 +280,15 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC everest)
+ endif()
+
+- add_library(${mbedx509_static_target} STATIC ${src_x509})
+- set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
+- target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
++ if (NOT CRYPTO_ONLY)
++ add_library(${mbedx509_static_target} STATIC ${src_x509})
++ set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
++ target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
+
+- add_library(${mbedtls_static_target} STATIC ${src_tls})
+- set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
+- target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
++ add_library(${mbedtls_static_target} STATIC ${src_tls})
++ set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
++ target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
++ endif()
+ endif(USE_STATIC_MBEDTLS_LIBRARY)
+
+ if(USE_SHARED_MBEDTLS_LIBRARY)
+@@ -288,14 +300,15 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+ if(TARGET everest)
+ target_link_libraries(${mbedcrypto_target} PUBLIC everest)
+ endif()
+-
+- add_library(${mbedx509_target} SHARED ${src_x509})
+- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.3.0 SOVERSION 4)
+- target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
+-
+- add_library(${mbedtls_target} SHARED ${src_tls})
+- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.3.0 SOVERSION 19)
+- target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
++ if (NOT CRYPTO_ONLY)
++ add_library(${mbedx509_target} SHARED ${src_x509})
++ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.3.0 SOVERSION 4)
++ target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
++
++ add_library(${mbedtls_target} SHARED ${src_tls})
++ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.3.0 SOVERSION 19)
++ target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
++ endif()
+ endif(USE_SHARED_MBEDTLS_LIBRARY)
+
+ foreach(target IN LISTS target_libraries)
+@@ -320,7 +333,15 @@ endforeach(target)
+
+ set(lib_target "${MBEDTLS_TARGET_PREFIX}lib")
+
+-add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target} ${mbedx509_target} ${mbedtls_target})
++add_custom_target(${lib_target} DEPENDS ${mbedcrypto_target})
++
++if(NOT CRYPTO_ONLY)
++ add_dependencies(${lib_target} ${mbedx509_target} ${mbedtls_target})
++endif()
++
+ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+- add_dependencies(${lib_target} ${mbedcrypto_static_target} ${mbedx509_static_target} ${mbedtls_static_target})
++ add_dependencies(${lib_target} ${mbedcrypto_static_target})
++ if(NOT CRYPTO_ONLY)
++ add_dependencies(${lib_target} ${mbedx509_static_target} ${mbedtls_static_target})
++ endif()
+ endif()
+--
+2.39.1.windows.1
+
diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
index 5c97a15..a3d63f0 100644
--- a/external/MbedTLS/MbedTLS.cmake
+++ b/external/MbedTLS/MbedTLS.cmake
@@ -27,7 +27,12 @@
GIT_REPOSITORY ${MBEDTLS_URL}
GIT_TAG ${MBEDTLS_REFSPEC}
GIT_SHALLOW FALSE
- PATCH_COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto
+ PATCH_COMMAND
+ git stash
+ COMMAND git branch -f bf-am
+ COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Add-capability-to-build-libmbedcrypto-only.patch
+ COMMAND git reset bf-am
+ COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto
)
# Only pass libc settings to Mbed TLS if needed. For environments where the standard
@@ -48,13 +53,14 @@
INSTALL_DIR ${MBEDTLS_INSTALL_DIR}
PACKAGE_DIR ${MBEDTLS_INSTALL_DIR}/cmake
CACHE_FILE "${TS_ROOT}/external/MbedTLS/mbedtls-init-cache.cmake.in"
+ SOURCE_DIR "${MBEDTLS_SOURCE_DIR}"
)
unset(_cmake_fragment)
# Link the libraries created by Mbed TLS to libc if needed. For environments where the standard
# library is not overridden, this is not needed.
if(TARGET stdlib::c)
- foreach(_mbedtls_tgt IN ITEMS "MbedTLS::mbedcrypto" "MbedTLS::mbedx509" "MbedTLS::mbedtls")
+ foreach(_mbedtls_tgt IN ITEMS "MbedTLS::mbedcrypto")
target_link_libraries(${_mbedtls_tgt} INTERFACE stdlib::c)
endforeach()
unset(_mbedtls_tgt)
diff --git a/external/MbedTLS/mbedtls-init-cache.cmake.in b/external/MbedTLS/mbedtls-init-cache.cmake.in
index 62d33ef..c60bbf2 100644
--- a/external/MbedTLS/mbedtls-init-cache.cmake.in
+++ b/external/MbedTLS/mbedtls-init-cache.cmake.in
@@ -14,6 +14,8 @@
set(EXTERNAL_DEFINITIONS -DMBEDTLS_USER_CONFIG_FILE="@MBEDTLS_USER_CONFIG_FILE@" CACHE STRING "")
set(EXTERNAL_INCLUDE_PATHS @MBEDTLS_EXTRA_INCLUDES@ CACHE STRING "")
+set(Python3_EXECUTABLE "@Python3_EXECUTABLE@" CACHE PATH "Location of python3 executable")
+
string(TOUPPER @CMAKE_CROSSCOMPILING@ CMAKE_CROSSCOMPILING) # CMake expects TRUE
if (CMAKE_CROSSCOMPILING)
set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY CACHE STRING "")