Build from submodule by default (make, cmake)
Adapt tests in all.sh:
- tests with submodule enabled (default) no longer need to enable it
explicitly, and no longer need runtime tests, as those are now handled by
all other test cases in this script
- tests with submodule disabled (old default) now need to disable it
explicitly, and execute some runtime tests, as those are no longer tested
anywhere else in this script
Adapt documentation in Readme: remove the section "building with submodule"
and replace it with a new section before the other building sections.
Purposefully don't document how to build not from the submodule, as that
option is going away soon.
diff --git a/README.md b/README.md
index 91ccf8d..dd22a6c 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,23 @@
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
+### Getting files form git: the Crypto submodule
+
+The Mbed Crypto library now has its own git repository, which the Mbed TLS build systems are using as a git submodule in order to build libmbecrypto as a subproject of Mbed TLS. When cloning the Mbed TLS repository, you need to make sure you're getting the submodule as well:
+
+ git clone --recursive https://github.com/ARMmbed/mbedtls.git
+
+Alternatively, if you already have an existing clone of the Mbed TLS
+repository, you can initialise and update the submodule with:
+
+ git submodule update --init crypto
+
+After these steps, your clone is now ready for building the libraries as detailed in the following sections.
+
+Note that building libmbedcrypto as a subproject of Mbed LTS does not enable the PSA-specific tests and utility programs. To use these programs, build Mbed Crypto as a standalone project.
+
+Please note that for now, Mbed TLS can only use versions of libmbedcrypto that were built as a subproject of Mbed TLS, not versions that were build standalone from the Mbed Crypto repository. This restriction will be removed in the future.
+
### Make
We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools.
@@ -158,42 +175,6 @@
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
-Using Mbed Crypto as a submodule
---------------------------------
-
-As an experimental feature, you can use Mbed Crypto as the source of the cryptography implementation, with Mbed TLS providing the X.509 and TLS parts of the library. Mbed Crypto is currently provided for evaluation only and should not be used in production. At this point, you should only use this option if you want to try out the experimental PSA Crypto API.
-
-To enable the use of Mbed Crypto as a submodule:
-
-1. Check out the `crypto` submodule and update it.
-
- git submodule init crypto
- git submodule update crypto
-
-2. (Optional) TO enable the PSA Crypto API, set the build configuration option `MBEDTLS_PSA_CRYPTO_C`. You can either edit `include/mbedtls/config.h` directly or use the configuration script:
-
- scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
-
-3. Activate the build option `USE_CRYPTO_SUBMODULE`. With GNU make, set `USE_CRYPTO_SUBMODULE=1` on each make invocation:
-
- make USE_CRYPTO_SUBMODULE=1
- make USE_CRYPTO_SUBMODULE=1 test
- tests/ssl-opt.sh -f Default
-
- Note that you need to pass `USE_CRYPTO_SUBMODULE=1` even to `make clean`. For example, if you change `config.h`, run this before rebuilding:
-
- make USE_CRYPTO_SUBMODULE=1 clean
-
- With CMake, create a build directory (recommended) and pass `-DUSE_CRYPTO_SUBMODULE=1` to `cmake`:
-
- mkdir build
- cd build
- cmake -DUSE_CRYPTO_SUBMODULE=1 ..
- make
- make test
- tests/ssl-opt.sh -f Default
-
-Note that this does not enable the PSA-specific tests and utility programs. To use these programs, use Mbed Crypto as a standalone project.
Porting Mbed TLS
----------------