[PATCH v3 03/25] mbedtls: add mbedtls into the build system

Tom Rini trini at konsulko.com
Wed May 29 18:58:14 CEST 2024


On Tue, May 28, 2024 at 07:09:14AM -0700, Raymond Mao wrote:

> Port mbedtls with dummy libc header files.
> Add mbedtls default config header file.
> Optimize mbedtls default config by disabling unused features to
> reduce the target size.
> Add mbedtls kbuild makefile.
> Add Kconfig and mbedtls config submenu.
[snip]
> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
> new file mode 100644
> index 00000000000..d6e77d56871
> --- /dev/null
> +++ b/lib/mbedtls/Kconfig
> @@ -0,0 +1,25 @@
> +menuconfig MBEDTLS_LIB
> +	bool "Use mbedtls libraries"
> +	select MBEDTLS_LIB_CRYPTO
> +	select MBEDTLS_LIB_X509
> +	help
> +	  Enable mbedtls libraries
> +
> +if MBEDTLS_LIB
> +
> +config MBEDTLS_LIB_CRYPTO
> +	bool "Crypto library"
> +	help
> +	  Enable mbedtls crypto library
> +
> +config MBEDTLS_LIB_X509
> +	bool "X509 library"
> +	help
> +	  Enable mbedtls X509 library
> +
> +config MBEDTLS_LIB_TLS
> +	bool "TLS library"
> +	help
> +	  Enable mbedtls TLS library
> +
> +endif # MBEDTLS_LIB

We need much more granularity here, and to re-think some existing
symbols too perhaps. What we should be able to do is pick mbedTLS or
"legacy SW implementation" or "HW implementation" for the various
algorithms, and that in turn can have some higher level grouping to it.
This should then negate a bunch of the Makefile work you're doing as we
won't have CONFIG_SHA256 enabled as we'll have CONFIG_MBEDTLS_LIB_SHA256
or whatever enabled.

This will then, I hope, make it easier to see and adjust the almost 58kB
size growth on qemu_arm64 with this series. Thanks.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240529/2caae375/attachment.sig>


More information about the U-Boot mailing list