Detailed architecture of symbol definitions and header inclusion
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/proposed/psa-conditional-inclusion-c.md b/docs/proposed/psa-conditional-inclusion-c.md
index 08306d2..753aaf7 100644
--- a/docs/proposed/psa-conditional-inclusion-c.md
+++ b/docs/proposed/psa-conditional-inclusion-c.md
@@ -5,7 +5,7 @@
This is currently a proposal for Mbed TLS. It is not currently on track for standardization in PSA.
-Time-stamp: "2020/09/07 08:27:32 GMT"
+Time-stamp: "2020/09/21 18:07:09 GMT"
## Introduction
@@ -109,7 +109,30 @@
#### Definition of internal inclusion symbols
-The header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
+When `MBEDTLS_PSA_CRYPTO_CONFIG` is set, the header file `mbedtls/config.h` needs to define all the `MBEDTLS_xxx_C` configuration symbols, including the ones deduced from the PSA crypto configuration. It does this by including the new header file **`mbedtls/config_psa.h`**, which defines the `MBEDTLS_PSA_BUILTIN_xxx` symbols and deduces the corresponding `MBEDTLS_xxx_C` (and other) symbols.
+
+When `MBEDTLS_PSA_CRYPTO_CONFIG` is not set, the configuration of Mbed TLS works as before, and the inclusion of non-PSA code only depends on `MBEDTLS_xxx` symbols defined (or not) in `mbedtls/config.h`. In this case, `mbedtls/config_psa.h` is only needed to build the PSA parts of the library, including `psa/crypto_struct.h`. Therefore, * `psa/crypto_struct.h` needs to include `mbedtls/config_psa.h`.
+
+`mbedtls/config_psa.h` includes two header files:
+
+* `psa/crypto_config.h` is the user-editable file that defines application requirements. It is only included when `MBEDTLS_PSA_CRYPTO_CONFIG` is set.
+* `mbedtls/crypto_drivers.h` is a header file generated by the transpilation of the driver descriptions. It defines `MBEDTLS_PSA_ACCEL_xxx` symbols according to the availability of transparent drivers without fallback.
+
+The following table summarized where symbols are defined depending on the configuration mode.
+
+* (U) indicates a symbol that is defined by the user (application).
+* (D) indicates a symbol that is deduced from other symbols by code that ships with Mbed TLS.
+* (G) indicates a symbol that is generated from driver descriptions.
+
+------------------------------------------------------------------------------------------------
+Symbols With `MBEDTLS_PSA_CRYPTO_CONFIG` Without `MBEDTLS_PSA_CRYPTO_CONFIG`
+------------------------- -------------------------------- -----------------------------------
+`MBEDTLS_xxx_C` `mbedtls/config.h` (U) or `mbedtls/config.h` (U)
+ `mbedtls/config_psa.h` (D)
+`PSA_WANT_xxx` `psa/crypto_config.h` (U) N/A
+`MBEDTLS_PSA_BUILTIN_xxx` `mbedtls/config_psa.h` (D) `mbedtls/config_psa.h` (D)
+`MBEDTLS_PSA_ACCEL_xxx` `mbedtls/crypto_drivers` (G) N/A
+------------------------------------------------------------------------------------------------
#### Visibility of internal symbols