Commit graph

14 commits

Author SHA1 Message Date
Valerio Setti
5e18b90c95 config-tfm: disable CIPHER_C
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Dave Rodgman
51e72456f9 Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:44:44 +00:00
Dave Rodgman
e4cf9b6f95 Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:43:20 +00:00
Dave Rodgman
2d9b7d491a Remove references to 3.4
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:42:44 +00:00
Dave Rodgman
4edcf693e7 Use latest TF-M config with bare-minimum changes
Move all changes local to Mbed TLS into config-tfm.h (except for commenting
out a couple of #include's).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Dave Rodgman
a326eb990d We no longer need to undef ALT defines
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Yanray Wang
8636d471b3 config-tfm.h: License Change
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 10:07:03 +08:00
Yanray Wang
09f9300c01 config-tfm.h: remove PK_[PARSE/WRITE]_C
As we have removed PK_[PARSE_WRITE]_C in TF-M config, we do not have
to undef them in config-tfm.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
4419d38a15 config-tfm.h: include TF-M medium profile properly
config-tfm.h is copied into mbedtls_config.h in test-ref-config.pl.
The relative path is include/ not configs/.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
e23fa41f10 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
da26a5172c Disable PK_PARSE and PK_WRITE
This is what TF-M intended and they have done so since we copied the file.

It's either disable these options, or enable MBEDTLS_OID_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
5f573f8301 Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
0c98f9f842 test-ref-configs: test config-tfm.h
Tweak some configurations based on TF-M config in order to get a
successful build and test.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
b153aaed9e configs: add config_tfm.h which includes TFM configs
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00