Update mbedtls to version 3.6.2 This new update to the LTS branch of MbedTLS provides the fix for a buffer underrun vulnerability. TF-A does not use the previously vulnerable functions `mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`. Full patch notes to this MbedTLS update can be found at https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2. Signed-off-by: Ryan Everett <ryan.everett@arm.com> Change-Id: I3496fbe54c3d85f7a5330b49cd77ccd16f7cb7fa

commit: f3eb26844acefd8e78e1b69e99eeecca9b21ac08 [log] [tgz]
author: Ryan Everett <ryan.everett@arm.com> Tue Nov 26 11:43:36 2024 +0000
committer: Ryan Everett <ryan.everett@arm.com> Tue Dec 10 17:57:14 2024 +0000
tree: 8b04c6ae95bd87f5a848aa2f052fe402779b23b0
parent: d07fe0bd4cdb10f3b357fd3ce0ba78f80463fb41 [diff] [blame]
diff --git a/tf_config/fvp-tbb-mbedtls b/tf_config/fvp-tbb-mbedtls
index 129bc9a..82098c3 100644
--- a/tf_config/fvp-tbb-mbedtls
+++ b/tf_config/fvp-tbb-mbedtls

@@ -1,7 +1,7 @@
 ARM_ROTPK_LOCATION=devel_rsa
 CROSS_COMPILE=aarch64-none-elf-
 GENERATE_COT=1
-MBEDTLS_CONFIG_FILE=\"${tf_root}/include/drivers/auth/mbedtls/mbedtls_config-3.h\"
+MBEDTLS_CONFIG_FILE=\"${tf_root}/include/drivers/auth/mbedtls/default_mbedtls_config.h\"
 PLAT=fvp
 ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem
 TRUSTED_BOARD_BOOT=1
commit	f3eb26844acefd8e78e1b69e99eeecca9b21ac08	[log] [tgz]
author	Ryan Everett <ryan.everett@arm.com>	Tue Nov 26 11:43:36 2024 +0000
committer	Ryan Everett <ryan.everett@arm.com>	Tue Dec 10 17:57:14 2024 +0000
tree	8b04c6ae95bd87f5a848aa2f052fe402779b23b0
parent	d07fe0bd4cdb10f3b357fd3ce0ba78f80463fb41 [diff] [blame]