[PATCH v5 02/27] mbedtls: add mbedtls into the build system

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed Aug 14 15:29:11 CEST 2024 

On Wed, 14 Aug 2024 at 16:22, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Hi Ilias,
>
> On Wed, 14 Aug 2024 at 08:08, Ilias Apalodimas <ilias.apalodimas at linaro.org> wrote:
>>
>> Hi Raymond,
>>
>> On Wed, 31 Jul 2024 at 20:27, Raymond Mao <raymond.mao at linaro.org> wrote:
>> >
>> > Port mbedtls with adapted libc header files.
>> > Add mbedtls default config header file.
>> > Optimize mbedtls default config by disabling unused features to
>> > reduce the target size.
>> > Add mbedtls kbuild makefile.
>> > Add Kconfig skeleton and config submenu entry for selecting
>> > crypto libraries between mbedtls and legacy ones.
>> > Add the mbedtls include directories into the build system.
>> >
>> > Subsequent patches will separate those Kconfigs into pairs of
>> > _LEGACY and _MBEDTLS for controlling the implementations of legacy
>> > crypto libraries and MbedTLS ones respectively.
>> >
>> > The motivation of moving and adapting *INT* macros from kernel.h
>> > to limits.h is to fullfill the MbedTLS building requirement.
>> > The conditional compilation statements in MbedTLS expects the
>> > *INT* macros as constant expressions, thus expressions like
>> > `((int)(~0U >> 1))` will not work.
>> >
>> > Prerequisite
>> > ------------
>> >
>> > This patch series requires mbedtls git repo to be added as a
>> > subtree to the main U-Boot repo via:
>> >
>> > $ git subtree add --prefix lib/mbedtls/external/mbedtls \
>> >       https://github.com/Mbed-TLS/mbedtls.git \
>> >       v3.6.0 --squash
>> >
>> > Moreover, due to the Windows-style files from mbedtls git repo,
>> > we need to convert the CRLF endings to LF and do a commit manually:
>> >
>> > $ git add --renormalize .
>> > $ git commit
>> >
>> > Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
>> > ---
>> > Changes in v2
>> > - Disabled unused MbedTLS features to optimize the target size.
>> > Changes in v3
>> > - Removed changes in stdio.h.
>> > Changes in v4
>> > - Move limits.h as a common header file that is included by kernel.h.
>> > - Refactor the Kconfig to support legacy and MbedTLS options for each
>> >   algorithm.
>> > - Refactor MbedTLS makefile and default config file to remove unused
>> >   config options and objects.
>> > Changes in v5
>> > - Merged patch #9 of v4 into this patch.
>> > - Removed unused config MBEDTLS_LIB_TLS.
>> > - Refactored MbedTLS Makefile and default config file.
>> >
>> >  Makefile                         |  6 +++
>> >  include/limits.h                 | 29 ++++++++++++++
>> >  include/linux/kernel.h           | 13 +-----
>> >  include/stdlib.h                 |  1 +
>> >  lib/Kconfig                      |  4 ++
>> >  lib/Makefile                     |  2 +
>> >  lib/mbedtls/Kconfig              | 47 ++++++++++++++++++++++
>> >  lib/mbedtls/Makefile             | 41 +++++++++++++++++++
>> >  lib/mbedtls/mbedtls_def_config.h | 69 ++++++++++++++++++++++++++++++++
>> >  lib/mbedtls/port/assert.h        | 12 ++++++
>> >  10 files changed, 212 insertions(+), 12 deletions(-)
>> >  create mode 100644 include/limits.h
>> >  create mode 100644 lib/mbedtls/Kconfig
>> >  create mode 100644 lib/mbedtls/Makefile
>> >  create mode 100644 lib/mbedtls/mbedtls_def_config.h
>> >  create mode 100644 lib/mbedtls/port/assert.h
>> >
>> > diff --git a/Makefile b/Makefile
>> > index 07d7947c8af..fd855dbd5c9 100644
>> > --- a/Makefile
>> > +++ b/Makefile
>> > @@ -829,6 +829,12 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
>> >  UBOOTINCLUDE    := \
>> >         -Iinclude \
>> >         $(if $(KBUILD_SRC), -I$(srctree)/include) \
>> > +       $(if $(CONFIG_MBEDTLS_LIB), \
>> > +               "-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \
>> > +               -I$(srctree)/lib/mbedtls \
>> > +               -I$(srctree)/lib/mbedtls/port \
>> > +               -I$(srctree)/lib/mbedtls/external/mbedtls \
>> > +               -I$(srctree)/lib/mbedtls/external/mbedtls/include) \
>> >         $(if $(CONFIG_$(SPL_)SYS_THUMB_BUILD), \
>> >                 $(if $(CONFIG_HAS_THUMB2), \
>> >                         $(if $(CONFIG_CPU_V7M), \
>> > diff --git a/include/limits.h b/include/limits.h
>> > new file mode 100644
>> > index 00000000000..cc691d15650
>> > --- /dev/null
>> > +++ b/include/limits.h
>> > @@ -0,0 +1,29 @@
>> > +/* SPDX-License-Identifier: GPL-2.0+ */
>> > +/*
>> > + * Copyright (c) 2023 Linaro Limited
>> > + * Author: Raymond Mao <raymond.mao at linaro.org>
>> > + */
>> > +
>> > +#ifndef _LIMITS_H
>> > +#define _LIMITS_H
>> > +
>> > +#define INT_MAX         0x7fffffff
>> > +#define UINT_MAX       0xffffffffUL
>> > +#define CHAR_BIT        8
>> > +#define UINT32_MAX      0xffffffffUL
>> > +#define UINT64_MAX     0xffffffffffffffffUL
>>
>> Some of these seem wrong e.g UINT64_MAX should be ULL, etc
>> Can you keep the original definitions?
>>
> The original definitions cannot work with building MbedTLS.
> As I stated in the commit message:
> ```
> The conditional compilation statements in MbedTLS expects the
> *INT* macros as constant expressions, thus expressions like
> `((int)(~0U >> 1))` will not work.

Ah that's ok, fix the UL etc and keep it as is

> ```
> [snip]
>
> Raymond
>

More information about the U-Boot mailing list