Gilles Peskine
7d3cf9b3dc
Add section on the config file split
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-26 16:16:59 +02:00
Gilles Peskine
cf9b557d1c
Removed static ECDH
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-26 16:07:38 +02:00
Gilles Peskine
3415d2dd5f
Merge pull request #10306 from gilles-peskine-arm/config-error-on-removed-options-mbedtls
...
Mechanism to error out on removed configuration options
2025-09-25 16:35:51 +00:00
David Horstmann
9c1f18a99a
Merge pull request #10414 from ronald-cron-arm/deprecate-make-follow-up
...
Make deprecation follow-up
2025-09-24 16:05:16 +00:00
Gilles Peskine
3cee43e8ab
Be more consistent about method naming
...
Indicate which config file has the most relevant tweak.
Duplicate a few test cases so that both the crypto config and the mbedtls
config are tested.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
f7ed4e506f
Add test case for allowing setting an always-on removed option
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
4bb82fdb16
Fix copypasta in documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
562763b5bd
Add dependency of mbedtls_config on generated config check headers
...
Fix the build of libmbedx509 when generated files are not already present.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
c45d9ac4c2
Allow setting removed options that are now always on
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
cc1ac1d3dc
CMake: support generated headers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
379d38de1c
Unit tests for checks for removed options in the config file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
8e44a94d39
Automatically generate checkers for removed options
...
Read the list of historical config options in 3.6, compare that to 1.0/4.0
and emit the appropriate checkers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
24273c06db
Checks for crypto options or internal macros set in mbedtls
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
24d058bc6c
Enable checks for bad options in the config file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:35 +02:00
Gilles Peskine
d3d0652dca
Update framework submodule with config_history.py
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-24 17:20:33 +02:00
Ronald Cron
3a252dda0c
Adapt code_size_compare.py to make deprecation and submodules
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-24 16:31:12 +02:00
Ronald Cron
37148d0fe3
Adapt memory.sh to make deprecation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-24 12:39:29 +02:00
Ronald Cron
15cd8b0a63
Adapt footprint.sh to make deprecation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-24 12:38:35 +02:00
Ronald Cron
e5bae0dde3
Adapt basic-build-test.sh to make deprecation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-24 12:38:02 +02:00
Gilles Peskine
caaf52d6d0
Merge pull request #10391 from bjwtaylor/remove-deprecated-compilation-options-2
...
Remove deprecated compilation options 2
2025-09-23 08:40:11 +00:00
Ronald Cron
90979728ee
Merge pull request #10382 from ronald-cron-arm/deprecate-make
...
Deprecate Make build system and remove MS visual studio files
2025-09-23 08:14:28 +00:00
David Horstmann
f2672e3f99
Merge pull request #10409 from gilles-peskine-arm/config-error-on-removed-options-prerequisite-for-crypto
...
Mechanism to error out on removed configuration options: mbedtls prerequisite for crypto
2025-09-22 16:25:59 +00:00
Ronald Cron
7f65346177
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
ee63b64892
Update README.md
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
e7bac84a22
Remove the generation of MS visual studio files
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
31f63210ec
Deprecate Make
...
Move and rename the root Makefile to
scripts/legacy.make. That way running
make from the root fails.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
401f20fb35
Prepare test components to scripts/legacy.make
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
bb02ec121e
Prepare abi_check.py to scripts/legacy.make
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:26 +02:00
Ronald Cron
9a05bb901a
Update framework
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-22 18:00:24 +02:00
Gilles Peskine
9da0dce845
Bypass config checks when setting a low-level option directly
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-22 15:55:10 +02:00
Gilles Peskine
d57a0985ab
Add dependency of tf_psa_crypto_config on generated config check headers
...
Fix the build of libtfpsacrypto when generated files are not already present.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-22 15:52:06 +02:00
Ben Taylor
fec1c002d5
Revert changes to analyze outcomes after dependencies have been merged
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-22 09:07:12 +01:00
Ben Taylor
62491a9327
Revert changes to config.py after dependencies have been merged
...
Signed-off-by: Ben Taylor <ben.taylor@linaro.org >
2025-09-22 09:07:12 +01:00
Janos Follath
c84dbee82d
Merge pull request #10340 from gilles-peskine-arm/config-checks-generator-mbedtls
...
Introduce generated config checks in mbedtls
2025-09-19 15:39:05 +00:00
Gilles Peskine
6712f1b6af
Use --list-for-cmake with generate_config_checks.py
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-19 13:36:25 +02:00
Gilles Peskine
67b115cfda
Register crypto's generate_config_files.py outputs as generated files
...
Mbed TLS needs to know the generated files of TF-PSA-Crypto. There's no
mechanism for TF-PSA-Crypto to declare them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-19 13:36:24 +02:00
Gilles Peskine
b53b443f8e
Register generate_config_files.py outputs as generated files
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-19 13:36:24 +02:00
Gilles Peskine
3374f6e90b
Generate checks for bad options in the config file
...
Just a proof-of-concept for now. Interesting checks will come later.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-19 13:36:24 +02:00
Gilles Peskine
ff6306655b
Update submodules with config_checks_generator.py
...
* Update framework with `config_checks_generator.py`.
* Update crypto with the files generated by `generate_config_checks.py`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-19 13:36:22 +02:00
Ronald Cron
f328de9ddd
Merge pull request #10407 from gilles-peskine-arm/config-version-uncomment
...
Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default
2025-09-19 10:30:03 +00:00
Gilles Peskine
67f54d2213
Have the definition of MBEDTLS_CONFIG_VERSION uncommented by default
...
Checking through the history in https://github.com/Mbed-TLS/mbedtls/pull/4589 ,
this seems to have been what we intended from the start. But we couldn't do
it yet because the library version was still 2.x while the config version
was already 3.0, so we temporarily commented out the definition in
1cafe5ce20Gilles.Peskine@arm.com >
2025-09-19 10:52:35 +02:00
Ronald Cron
46acbcda84
Merge pull request #10404 from gilles-peskine-arm/config-version-4.0
...
Increment config version for the new product major version
2025-09-18 09:59:08 +00:00
Gilles Peskine
ff5d117df8
Increment config version for the new product major version
...
Since we're making incompatible changes to the configuration, we really
should advance the configuration version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-09-17 21:18:39 +02:00
Ronald Cron
b91117c32f
Merge pull request #10402 from ronald-cron-arm/remove-legacy-crypto-options
...
Remove legacy crypto options
2025-09-17 18:46:05 +00:00
Ronald Cron
3091e40774
Remove usage of old crypto options in public headers
...
The remaining occurences were related to
dead code.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2025-09-17 16:06:31 +02:00
Gilles Peskine
d66898e9a7
Merge pull request #10333 from valeriosetti/issue10266
...
[development] Migrate from mbedtls_pk_can_do_ext to mbedtls_pk_can_do_psa (2/2)
2025-09-16 16:41:59 +00:00
Valerio Setti
e2aed3a6df
tests: revert changes to test_suite_ssl.data
...
Revert changes previously done at following test cases:
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
- Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-09-16 16:12:07 +02:00
Valerio Setti
91c0945def
tests: fix alg and usage for some ECDHE-ECDSA opaque key tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-09-16 16:12:07 +02:00
Valerio Setti
bc611fe44c
[tls12|tls13]_server: fix usage being checked on the certificate key
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-09-16 16:12:07 +02:00
Valerio Setti
7b2d72aaf0
ssl: replace PSA_ALG_ECDSA with MBEDTLS_PK_ALG_ECDSA
...
When the key is parsed from PK it is assigned the pseudo-alg
MBEDTLS_PK_ALG_ECDSA. Trying to run "mbedtls_pk_can_do_psa" with an hardcoded
deterministc/randomized ECDSA can make the function to fail if the proper
variant is not the one also used by PK.
This commit fixes this problem.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-09-16 16:12:07 +02:00
