eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #8535 from daverodgman/update-tfm

Browse source 
Adjust to match current TF-M config
This commit is contained in:
Dave Rodgman 2023-11-29 16:14:06 +00:00 committed by GitHub
commit f5e46fd45c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 130 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

27
tests/scripts/all.sh
View file

@ -3241,14 +3241,6 @@ common_tfm_config () {
#
# Enable filesystem I/O for the benefit of PK parse/write tests.
echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H"
# Config adjustments for features that are not supported
# when using only drivers / by p256-m
#
# Disable all the features that auto-enable ECP_LIGHT (see config_adjust_legacy_crypto.h)
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
# Disable deterministic ECDSA as p256-m only does randomized
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
}
# Keep this in sync with component_test_tfm_config() as they are both meant
@ -3258,8 +3250,8 @@ component_test_tfm_config_p256m_driver_accel_ec () {
common_tfm_config
# Build crypto library specifying we want to use P256M code for EC operations
make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_PSA_P256M_DRIVER_ENABLED -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Build crypto library
make CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
@ -3270,6 +3262,8 @@ component_test_tfm_config_p256m_driver_accel_ec () {
not grep mbedtls_rsa_ library/rsa.o
not grep mbedtls_dhm_ library/dhm.o
not grep mbedtls_mpi_ library/bignum.o
# Check that p256m was built
grep -q p256_ecdsa_ library/libmbedcrypto.a
# Run the tests
msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA"
@ -3282,9 +3276,16 @@ component_test_tfm_config_p256m_driver_accel_ec () {
component_test_tfm_config() {
common_tfm_config
# Disable P256M driver, which is on by default, so that analyze_outcomes
# can compare this test with test_tfm_config_p256m_driver_accel_ec
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
msg "build: TF-M config"
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
# Check that p256m was not built
not grep p256_ecdsa_ library/libmbedcrypto.a
msg "test: TF-M config"
make test
}
@ -4109,8 +4110,7 @@ support_build_tfm_armcc () {
component_build_tfm_armcc() {
# test the TF-M configuration can build cleanly with various warning flags enabled
cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
@ -4122,8 +4122,7 @@ component_build_tfm() {
# TF-M configuration needs a TF-M platform. A tweaked version of
# the configuration that works on mainstream platforms is in
# configs/config-tfm.h, tested via test-ref-configs.pl.
cp configs/ext/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H"
cp configs/ext/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H"
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, clang, armv7-m thumb2"
make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"