[PATCH v5 02/27] mbedtls: add mbedtls into the build system

Raymond Mao raymond.mao at linaro.org
Wed Aug 14 15:22:41 CEST 2024 

Hi Ilias,

On Wed, 14 Aug 2024 at 08:08, Ilias Apalodimas <ilias.apalodimas at linaro.org>
wrote:

> Hi Raymond,
>
> On Wed, 31 Jul 2024 at 20:27, Raymond Mao <raymond.mao at linaro.org> wrote:
> >
> > Port mbedtls with adapted libc header files.
> > Add mbedtls default config header file.
> > Optimize mbedtls default config by disabling unused features to
> > reduce the target size.
> > Add mbedtls kbuild makefile.
> > Add Kconfig skeleton and config submenu entry for selecting
> > crypto libraries between mbedtls and legacy ones.
> > Add the mbedtls include directories into the build system.
> >
> > Subsequent patches will separate those Kconfigs into pairs of
> > _LEGACY and _MBEDTLS for controlling the implementations of legacy
> > crypto libraries and MbedTLS ones respectively.
> >
> > The motivation of moving and adapting *INT* macros from kernel.h
> > to limits.h is to fullfill the MbedTLS building requirement.
> > The conditional compilation statements in MbedTLS expects the
> > *INT* macros as constant expressions, thus expressions like
> > `((int)(~0U >> 1))` will not work.
> >
> > Prerequisite
> > ------------
> >
> > This patch series requires mbedtls git repo to be added as a
> > subtree to the main U-Boot repo via:
> >
> > $ git subtree add --prefix lib/mbedtls/external/mbedtls \
> >       https://github.com/Mbed-TLS/mbedtls.git \
> >       v3.6.0 --squash
> >
> > Moreover, due to the Windows-style files from mbedtls git repo,
> > we need to convert the CRLF endings to LF and do a commit manually:
> >
> > $ git add --renormalize .
> > $ git commit
> >
> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> > ---
> > Changes in v2
> > - Disabled unused MbedTLS features to optimize the target size.
> > Changes in v3
> > - Removed changes in stdio.h.
> > Changes in v4
> > - Move limits.h as a common header file that is included by kernel.h.
> > - Refactor the Kconfig to support legacy and MbedTLS options for each
> >   algorithm.
> > - Refactor MbedTLS makefile and default config file to remove unused
> >   config options and objects.
> > Changes in v5
> > - Merged patch #9 of v4 into this patch.
> > - Removed unused config MBEDTLS_LIB_TLS.
> > - Refactored MbedTLS Makefile and default config file.
> >
> >  Makefile                         |  6 +++
> >  include/limits.h                 | 29 ++++++++++++++
> >  include/linux/kernel.h           | 13 +-----
> >  include/stdlib.h                 |  1 +
> >  lib/Kconfig                      |  4 ++
> >  lib/Makefile                     |  2 +
> >  lib/mbedtls/Kconfig              | 47 ++++++++++++++++++++++
> >  lib/mbedtls/Makefile             | 41 +++++++++++++++++++
> >  lib/mbedtls/mbedtls_def_config.h | 69 ++++++++++++++++++++++++++++++++
> >  lib/mbedtls/port/assert.h        | 12 ++++++
> >  10 files changed, 212 insertions(+), 12 deletions(-)
> >  create mode 100644 include/limits.h
> >  create mode 100644 lib/mbedtls/Kconfig
> >  create mode 100644 lib/mbedtls/Makefile
> >  create mode 100644 lib/mbedtls/mbedtls_def_config.h
> >  create mode 100644 lib/mbedtls/port/assert.h
> >
> > diff --git a/Makefile b/Makefile
> > index 07d7947c8af..fd855dbd5c9 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
> >  UBOOTINCLUDE    := \
> >         -Iinclude \
> >         $(if $(KBUILD_SRC), -I$(srctree)/include) \
> > +       $(if $(CONFIG_MBEDTLS_LIB), \
> > +               "-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \
> > +               -I$(srctree)/lib/mbedtls \
> > +               -I$(srctree)/lib/mbedtls/port \
> > +               -I$(srctree)/lib/mbedtls/external/mbedtls \
> > +               -I$(srctree)/lib/mbedtls/external/mbedtls/include) \
> >         $(if $(CONFIG_$(SPL_)SYS_THUMB_BUILD), \
> >                 $(if $(CONFIG_HAS_THUMB2), \
> >                         $(if $(CONFIG_CPU_V7M), \
> > diff --git a/include/limits.h b/include/limits.h
> > new file mode 100644
> > index 00000000000..cc691d15650
> > --- /dev/null
> > +++ b/include/limits.h
> > @@ -0,0 +1,29 @@
> > +/* SPDX-License-Identifier: GPL-2.0+ */
> > +/*
> > + * Copyright (c) 2023 Linaro Limited
> > + * Author: Raymond Mao <raymond.mao at linaro.org>
> > + */
> > +
> > +#ifndef _LIMITS_H
> > +#define _LIMITS_H
> > +
> > +#define INT_MAX         0x7fffffff
> > +#define UINT_MAX       0xffffffffUL
> > +#define CHAR_BIT        8
> > +#define UINT32_MAX      0xffffffffUL
> > +#define UINT64_MAX     0xffffffffffffffffUL
>
> Some of these seem wrong e.g UINT64_MAX should be ULL, etc
> Can you keep the original definitions?
>
> The original definitions cannot work with building MbedTLS.
As I stated in the commit message:
```
The conditional compilation statements in MbedTLS expects the
*INT* macros as constant expressions, thus expressions like
`((int)(~0U >> 1))` will not work.
```
[snip]

Raymond

More information about the U-Boot mailing list