TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / a329f398e48caadee809841c94dfbba15d66be7e^1..a329f398e48caadee809841c94dfbba15d66be7e / .
commita329f398e48caadee809841c94dfbba15d66be7e[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Wed Jul 02 07:50:45 2025 +0000
committerGitHub <noreply@github.com>Wed Jul 02 07:50:45 2025 +0000
tree7abf04f25c04f50badbdf9bae3c775da59643c3d
parent1a22f21b747d9feee593a91bda978ad6cc9ae72e [diff]
parent361799acbed4366a5513caaf13c566b82a5a7ffa [diff]
Merge pull request #10210 from gilles-peskine-arm/nv-seed-only-3.6

3.6 only: Test a build with entropy only from NV seed

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 301bfc4..52034a1 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py

@@ -86,10 +86,6 @@
             # Untested platform-specific optimizations.
             # https://github.com/Mbed-TLS/mbedtls/issues/9588
             'Config: MBEDTLS_HAVE_SSE2',
-            # Obsolete configuration option, to be replaced by
-            # PSA entropy drivers.
-            # https://github.com/Mbed-TLS/mbedtls/issues/8150
-            'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
             # Untested aspect of the platform interface.
             # https://github.com/Mbed-TLS/mbedtls/issues/9589
             'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index e3096f3..04c38f6 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh

@@ -426,6 +426,23 @@
     tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
+component_test_entropy_nv_seed_only () {
+    msg "build: full minus platform entropy (NV seed only)"
+    scripts/config.py full
+    scripts/config.py set MBEDTLS_NO_PLATFORM_ENTROPY
+    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+
+    msg "build: full minus platform entropy (NV seed only)"
+    make test
+
+    # Check that the library seems to refer to the seedfile, but not to
+    # platform entropy sources.
+    grep seedfile library/platform.o
+    not grep getrandom library/entropy*.o
+    not grep /dev/random library/entropy*.o
+    not grep /dev/.random library/entropy*.o
+}
+
 component_test_psa_inject_entropy () {
     msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
     scripts/config.py full

diff --git a/tests/suites/test_suite_config.crypto_combinations.data b/tests/suites/test_suite_config.crypto_combinations.data
index d3287d2..9cc09ec 100644
--- a/tests/suites/test_suite_config.crypto_combinations.data
+++ b/tests/suites/test_suite_config.crypto_combinations.data

@@ -1,5 +1,10 @@
 # Interesting combinations of low-level crypto options
 
+# Entropy: available in mbedtls_entropy_init(), thanks to NV seed, no platform sources, no custom source
+Config: entropy: NV seed only
+depends_on:!MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_NO_PLATFORM_ENTROPY:!MBEDTLS_ENTROPY_HARDWARE_ALT
+pass:
+
 Config: ECC: Weierstrass curves only
 depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED
 pass: