Add option for internal mbedtls in smm-gateway
Update the component to support the usage of internal mbedtls
instance for signature verification instead of crypto SP.
Change-Id: I24ae5e08930accbd61c2333caf31333db3560c98
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
diff --git a/deployments/smm-gateway/smm-gateway.cmake b/deployments/smm-gateway/smm-gateway.cmake
index 6c41abe..e5ee03b 100644
--- a/deployments/smm-gateway/smm-gateway.cmake
+++ b/deployments/smm-gateway/smm-gateway.cmake
@@ -5,6 +5,40 @@
#
#-------------------------------------------------------------------------------
+option(UEFI_INTERNAL_CRYPTO "Use internal mbedtls instance" OFF)
+
+if (UEFI_AUTH_VAR)
+
+# If enabled an internal mbedtls instance will be used instead of the crypto SP
+if (UEFI_INTERNAL_CRYPTO)
+set(MBEDTLS_USER_CONFIG_FILE "${TS_ROOT}/external/MbedTLS/config/x509_only.h"
+ CACHE STRING "Configuration file for Mbed TLS" FORCE)
+include(${TS_ROOT}/external/MbedTLS/MbedTLS.cmake)
+target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedcrypto)
+target_link_libraries(smm-gateway PRIVATE MbedTLS::mbedx509)
+
+target_compile_definitions(smm-gateway PRIVATE
+ -DUEFI_INTERNAL_CRYPTO
+)
+
+add_components(TARGET "smm-gateway"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/service/uefi/smm_variable/backend/direct"
+)
+
+else()
+add_components(TARGET "smm-gateway"
+ BASE_DIR ${TS_ROOT}
+ COMPONENTS
+ "components/common/tlv"
+ "components/service/crypto/include"
+ "components/service/crypto/client/psa"
+)
+endif()
+
+endif()
+
add_components(TARGET "smm-gateway"
BASE_DIR ${TS_ROOT}
COMPONENTS
@@ -21,16 +55,6 @@
"protocols/rpc/common/packed-c"
)
-if (UEFI_AUTH_VAR)
-add_components(TARGET "smm-gateway"
- BASE_DIR ${TS_ROOT}
- COMPONENTS
- "components/common/tlv"
- "components/service/crypto/include"
- "components/service/crypto/client/psa"
-)
-endif()
-
target_include_directories(smm-gateway PRIVATE
${TS_ROOT}
${TS_ROOT}/components