[PATCH v2 3/3] mbedtls: refactor mbedtls build for XPL
Raymond Mao
raymond.mao at linaro.org
Mon Feb 3 23:08:14 CET 2025
Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile
and default config file using 'XPL_', in order to have independent
mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL.
User can choose legacy or mbedtls libraries for them independently.
Set mbedtls native hashing libraries as default when MBEDTLS_LIB,
SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected.
If users prefer using U-Boot legacy hashing libraries, please select
MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT,
TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot
Proper, SPL, TPL and VPL respectively.
Moreover, rename a few kconfig options and update their descriptions to
improve the consistency of terminology.
Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
---
Changes in v2:
- Rename a few kconfig options and update their descriptions.
- Add kconfig options for TPL.
- Rebase on top of the changes which is adding the kconfig options for VPL:
'[PATCH 01/19] mbedtls: Add SHA symbols for VPL'
https://lore.kernel.org/u-boot/20250126184333.4058848-2-sjg@chromium.org/
Makefile | 2 +-
lib/mbedtls/Kconfig | 785 ++++++++++++++++++++++---------
lib/mbedtls/Makefile | 44 +-
lib/mbedtls/mbedtls_def_config.h | 37 +-
4 files changed, 612 insertions(+), 256 deletions(-)
diff --git a/Makefile b/Makefile
index 33bb86343c5..7496dd585d0 100644
--- a/Makefile
+++ b/Makefile
@@ -829,7 +829,7 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
UBOOTINCLUDE := \
-Iinclude \
$(if $(KBUILD_SRC), -I$(srctree)/include) \
- $(if $(CONFIG_MBEDTLS_LIB), \
+ $(if $(CONFIG_$(XPL_)MBEDTLS_LIB), \
"-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \
-I$(srctree)/lib/mbedtls \
-I$(srctree)/lib/mbedtls/port \
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
index bb8ac5f862b..789721ee6cd 100644
--- a/lib/mbedtls/Kconfig
+++ b/lib/mbedtls/Kconfig
@@ -1,57 +1,54 @@
+# For U-Boot Proper
+
choice
- prompt "Select crypto libraries"
- default LEGACY_CRYPTO
+ prompt "Crypto libraries (U-Boot Proper)"
+ default LEGACY_HASHING_AND_CRYPTO
help
Select crypto libraries.
- LEGACY_CRYPTO for legacy crypto libraries,
+ LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
MBEDTLS_LIB for MbedTLS libraries.
-config LEGACY_CRYPTO
+config LEGACY_HASHING_AND_CRYPTO
bool "legacy crypto libraries"
- select LEGACY_CRYPTO_BASIC
- select LEGACY_CRYPTO_CERT
+ select LEGACY_HASHING
+ select LEGACY_CRYPTO
config MBEDTLS_LIB
bool "MbedTLS libraries"
select MBEDTLS_LIB_X509
endchoice
-if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT
+if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
-config LEGACY_CRYPTO_BASIC
- bool "legacy basic crypto libraries"
+config LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries"
select MD5_LEGACY if MD5
select SHA1_LEGACY if SHA1
select SHA256_LEGACY if SHA256
select SHA512_LEGACY if SHA512
select SHA384_LEGACY if SHA384
- select SPL_MD5_LEGACY if SPL_MD5
- select SPL_SHA1_LEGACY if SPL_SHA1
- select SPL_SHA256_LEGACY if SPL_SHA256
- select SPL_SHA512_LEGACY if SPL_SHA512
- select SPL_SHA384_LEGACY if SPL_SHA384
help
- Enable legacy basic crypto libraries.
+ Enable U-Boot legacy hashing libraries.
-if LEGACY_CRYPTO_BASIC
+if LEGACY_HASHING
config SHA1_LEGACY
bool "Enable SHA1 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA1
+ depends on LEGACY_HASHING && SHA1
help
This option enables support of hashing using SHA1 algorithm
with legacy crypto library.
config SHA256_LEGACY
bool "Enable SHA256 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA256
+ depends on LEGACY_HASHING && SHA256
help
This option enables support of hashing using SHA256 algorithm
with legacy crypto library.
config SHA512_LEGACY
bool "Enable SHA512 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA512
+ depends on LEGACY_HASHING && SHA512
default y if TI_SECURE_DEVICE && FIT_SIGNATURE
help
This option enables support of hashing using SHA512 algorithm
@@ -59,7 +56,7 @@ config SHA512_LEGACY
config SHA384_LEGACY
bool "Enable SHA384 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA384
+ depends on LEGACY_HASHING && SHA384
select SHA512_LEGACY
help
This option enables support of hashing using SHA384 algorithm
@@ -67,96 +64,16 @@ config SHA384_LEGACY
config MD5_LEGACY
bool "Enable MD5 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && MD5
- help
- This option enables support of hashing using MD5 algorithm
- with legacy crypto library.
-
-if SPL
-
-config SPL_SHA1_LEGACY
- bool "Enable SHA1 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with legacy crypto library.
-
-config SPL_SHA256_LEGACY
- bool "Enable SHA256 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with legacy crypto library.
-
-config SPL_SHA512_LEGACY
- bool "Enable SHA512 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with legacy crypto library.
-
-config SPL_SHA384_LEGACY
- bool "Enable SHA384 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
- select SPL_SHA512_LEGACY
- help
- This option enables support of hashing using SHA384 algorithm
- with legacy crypto library.
-
-config SPL_MD5_LEGACY
- bool "Enable MD5 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_MD5
- help
- This option enables support of hashing using MD5 algorithm
- with legacy crypto library.
-
-endif # SPL
-
-if VPL
-
-config VPL_SHA1_LEGACY
- bool "Enable SHA1 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with legacy crypto library.
-
-config VPL_SHA256_LEGACY
- bool "Enable SHA256 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with legacy crypto library.
-
-config VPL_SHA512_LEGACY
- bool "Enable SHA512 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with legacy crypto library.
-
-config VPL_SHA384_LEGACY
- bool "Enable SHA384 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA384
- select VPL_SHA512_LEGACY
- help
- This option enables support of hashing using SHA384 algorithm
- with legacy crypto library.
-
-config VPL_MD5_LEGACY
- bool "Enable MD5 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_MD5
+ depends on LEGACY_HASHING && MD5
help
This option enables support of hashing using MD5 algorithm
with legacy crypto library.
-endif # VPL
-
-endif # LEGACY_CRYPTO_BASIC
+endif # LEGACY_HASHING
-config LEGACY_CRYPTO_CERT
+config LEGACY_CRYPTO
bool "legacy certificate libraries"
- depends on LEGACY_CRYPTO
+ depends on LEGACY_HASHING_AND_CRYPTO
select ASN1_DECODER_LEGACY if ASN1_DECODER
select ASYMMETRIC_PUBLIC_KEY_LEGACY if \
ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -164,24 +81,20 @@ config LEGACY_CRYPTO_CERT
select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_LEGACY if MSCODE_PARSER
- select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
- select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
help
Enable legacy certificate libraries.
-if LEGACY_CRYPTO_CERT
+if LEGACY_CRYPTO
config ASN1_DECODER_LEGACY
bool "ASN1 decoder with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && ASN1_DECODER
+ depends on LEGACY_CRYPTO && ASN1_DECODER
help
This option chooses legacy certificate library for ASN1 decoder.
config ASYMMETRIC_PUBLIC_KEY_LEGACY
bool "Asymmetric public key crypto with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
help
This option chooses legacy certificate library for asymmetric public
key crypto algorithm.
@@ -212,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY
config MSCODE_PARSER_LEGACY
bool "MS authenticode parser with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER
+ depends on LEGACY_CRYPTO && MSCODE_PARSER
select ASN1_DECODER_LEGACY
help
This option chooses legacy certificate library for MS authenticode
parser.
-if SPL
-
-config SPL_ASN1_DECODER_LEGACY
- bool "ASN1 decoder with legacy certificate library in SPL"
- depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER
- help
- This option chooses legacy certificate library for ASN1 decoder in
- SPL.
-
-config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
- bool "Asymmetric public key crypto with legacy certificate library in SPL"
- depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- help
- This option chooses legacy certificate library for asymmetric public
- key crypto algorithm in SPL.
-
-config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
- bool "RSA public key parser with legacy certificate library in SPL"
- depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
- select SPL_ASN1_DECODER_LEGACY
- help
- This option chooses legacy certificate library for RSA public key
- parser in SPL.
-
-endif # SPL
-
-endif # LEGACY_CRYPTO_CERT
-
endif # LEGACY_CRYPTO
+endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
+
if MBEDTLS_LIB
-config MBEDTLS_LIB_CRYPTO_ALT
- bool "MbedTLS crypto alternatives"
+config MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries"
depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
- select LEGACY_CRYPTO_BASIC
+ select LEGACY_HASHING
default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
help
- Enable MbedTLS crypto alternatives.
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
Mutually incompatible with MBEDTLS_LIB_CRYPTO.
config MBEDTLS_LIB_CRYPTO
- bool "MbedTLS crypto libraries"
+ bool "Use MbedTLS native crypto libraries for hashing"
+ default y if MBEDTLS_LIB
select MD5_MBEDTLS if MD5
select SHA1_MBEDTLS if SHA1
select SHA256_MBEDTLS if SHA256
select SHA512_MBEDTLS if SHA512
select SHA384_MBEDTLS if SHA384
- select SPL_MD5_MBEDTLS if SPL_MD5
- select SPL_SHA1_MBEDTLS if SPL_SHA1
- select SPL_SHA256_MBEDTLS if SPL_SHA256
- select SPL_SHA512_MBEDTLS if SPL_SHA512
- select SPL_SHA384_MBEDTLS if SPL_SHA384
help
- Enable MbedTLS crypto libraries.
- Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT.
+ Enable MbedTLS native crypto libraries.
+ Mutually incompatible with MBEDTLS_LIB_HASHING_ALT.
if MBEDTLS_LIB_CRYPTO
@@ -345,53 +231,6 @@ config HKDF_MBEDTLS
This option enables support of key derivation using HKDF algorithm
with MbedTLS crypto library.
-if SPL
-
-config SPL_SHA1_MBEDTLS
- bool "Enable SHA1 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA256_MBEDTLS
- bool "Enable SHA256 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA512_MBEDTLS
- bool "Enable SHA512 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA384_MBEDTLS
- bool "Enable SHA384 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384
- select SPL_SHA512
- help
- This option enables support of hashing using SHA384 algorithm
- with MbedTLS crypto library.
-
-config SPL_MD5_MBEDTLS
- bool "Enable MD5 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_MD5
- help
- This option enables support of hashing using MD5 algorithm
- with MbedTLS crypto library.
-
-config SPL_HKDF_MBEDTLS
- bool "Enable HKDF support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO
- help
- This option enables support of key derivation using HKDF algorithm
- with MbedTLS crypto library.
-
-endif # SPL
-
endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509
@@ -403,10 +242,6 @@ config MBEDTLS_LIB_X509
select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER
- select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
- select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
help
Enable MbedTLS certificate libraries.
@@ -457,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS
This option chooses MbedTLS certificate library for MS authenticode
parser.
+endif # MBEDTLS_LIB_X509
+
+config MBEDTLS_LIB_TLS
+ bool "MbedTLS TLS library"
+ depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS
+ depends on X509_CERTIFICATE_PARSER_MBEDTLS
+ depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+ depends on ASN1_DECODER_MBEDTLS
+ depends on MBEDTLS_LIB
+ help
+ Enable MbedTLS TLS library. Required for HTTPs support
+ in wget
+
+endif # MBEDTLS_LIB
+
+# For SPL
+
if SPL
+choice
+ prompt "Crypto libraries (SPL)"
+ default SPL_LEGACY_HASHING_AND_CRYPTO
+ help
+ Select crypto libraries in SPL.
+ SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ SPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config SPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select SPL_LEGACY_HASHING
+ select SPL_LEGACY_CRYPTO
+
+config SPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+ select SPL_MBEDTLS_LIB_X509
+endchoice
+
+if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+config SPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (SPL)"
+ select SPL_MD5_LEGACY if SPL_MD5
+ select SPL_SHA1_LEGACY if SPL_SHA1
+ select SPL_SHA256_LEGACY if SPL_SHA256
+ select SPL_SHA512_LEGACY if SPL_SHA512
+ select SPL_SHA384_LEGACY if SPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in SPL.
+
+if SPL_LEGACY_HASHING
+
+config SPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA384
+ select SPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in SPL.
+
+endif # SPL_LEGACY_HASHING
+
+config SPL_LEGACY_CRYPTO
+ bool "legacy certificate libraries (SPL)"
+ depends on SPL_LEGACY_HASHING_AND_CRYPTO
+ select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
+ select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
+ SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ Enable legacy certificate libraries in SPL.
+
+if SPL_LEGACY_CRYPTO
+
+config SPL_ASN1_DECODER_LEGACY
+ bool "ASN1 decoder with legacy certificate library (SPL)"
+ depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER
+ help
+ This option chooses legacy certificate library for ASN1 decoder in
+ SPL.
+
+config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+ bool "Asymmetric public key crypto with legacy certificate library (SPL)"
+ depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ help
+ This option chooses legacy certificate library for asymmetric public
+ key crypto algorithm in SPL.
+
+config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
+ bool "RSA public key parser with legacy certificate library (SPL)"
+ depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+ select SPL_ASN1_DECODER_LEGACY
+ help
+ This option chooses legacy certificate library for RSA public key
+ parser in SPL.
+
+endif # SPL_LEGACY_CRYPTO
+
+endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+if SPL_MBEDTLS_LIB
+
+config SPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)"
+ depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+ select SPL_LEGACY_HASHING
+ default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in SPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO.
+
+config SPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (SPL)"
+ default y if SPL_MBEDTLS_LIB
+ select SPL_MD5_MBEDTLS if SPL_MD5
+ select SPL_SHA1_MBEDTLS if SPL_SHA1
+ select SPL_SHA256_MBEDTLS if SPL_SHA256
+ select SPL_SHA512_MBEDTLS if SPL_SHA512
+ select SPL_SHA384_MBEDTLS if SPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in SPL.
+
+if SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384
+ select SPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in SPL.
+
+endif # SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_MBEDTLS_LIB_X509
+ bool "MbedTLS certificate libraries (SPL)"
+ select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
+ select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
+ SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ Enable MbedTLS certificate libraries in SPL.
+
+if SPL_MBEDTLS_LIB_X509
+
config SPL_ASN1_DECODER_MBEDTLS
- bool "ASN1 decoder with MbedTLS certificate library in SPL"
- depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
+ bool "ASN1 decoder with MbedTLS certificate library (SPL)"
+ depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
help
This option chooses MbedTLS certificate library for ASN1 decoder in
SPL.
config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- bool "Asymmetric public key crypto with MbedTLS certificate library in SPL"
- depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)"
+ depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
help
This option chooses MbedTLS certificate library for asymmetric public
key crypto algorithm in SPL.
config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
- bool "RSA public key parser with MbedTLS certificate library in SPL"
+ bool "RSA public key parser with MbedTLS certificate library (SPL)"
depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
select SPL_ASN1_DECODER_MBEDTLS
help
This option chooses MbedTLS certificate library for RSA public key
parser in SPL.
+endif # SPL_MBEDTLS_LIB_X509
+
+config SPL_MBEDTLS_LIB_TLS
+ bool "MbedTLS TLS library (SPL)"
+ depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
+ depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS
+ depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+ depends on SPL_ASN1_DECODER_MBEDTLS
+ depends on SPL_MBEDTLS_LIB
+ help
+ Enable MbedTLS TLS library in SPL. Required for HTTPs support
+ in wget
+
+endif # SPL_MBEDTLS_LIB
+
endif # SPL
-endif # MBEDTLS_LIB_X509
+# For TPL
-config MBEDTLS_LIB_TLS
- bool "MbedTLS TLS library"
- depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS
- depends on X509_CERTIFICATE_PARSER_MBEDTLS
- depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- depends on ASN1_DECODER_MBEDTLS
- depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- depends on MBEDTLS_LIB
+if TPL
+
+choice
+ prompt "Crypto libraries (TPL)"
+ default TPL_LEGACY_HASHING_AND_CRYPTO
help
- Enable MbedTLS TLS library. Required for HTTPs support
- in wget
+ Select crypto libraries in TPL.
+ TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ TPL_MBEDTLS_LIB for MbedTLS libraries.
-endif # MBEDTLS_LIB
+config TPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select TPL_LEGACY_HASHING
+ select TPL_LEGACY_CRYPTO
+
+config TPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+
+endchoice
+
+if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+config TPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (TPL)"
+ select TPL_MD5_LEGACY if TPL_MD5
+ select TPL_SHA1_LEGACY if TPL_SHA1
+ select TPL_SHA256_LEGACY if TPL_SHA256
+ select TPL_SHA512_LEGACY if TPL_SHA512
+ select TPL_SHA384_LEGACY if TPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in TPL.
+
+if TPL_LEGACY_HASHING
+
+config TPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA384
+ select TPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in TPL.
+
+endif # TPL_LEGACY_HASHING
+
+endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+if TPL_MBEDTLS_LIB
+
+config TPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)"
+ depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+ select TPL_LEGACY_HASHING
+ default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in TPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO.
+
+config TPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (TPL)"
+ default y if TPL_MBEDTLS_LIB
+ select TPL_MD5_MBEDTLS if TPL_MD5
+ select TPL_SHA1_MBEDTLS if TPL_SHA1
+ select TPL_SHA256_MBEDTLS if TPL_SHA256
+ select TPL_SHA512_MBEDTLS if TPL_SHA512
+ select TPL_SHA384_MBEDTLS if TPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in TPL.
+
+if TPL_MBEDTLS_LIB_CRYPTO
+
+config TPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384
+ select TPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in TPL.
+
+endif # TPL_MBEDTLS_LIB_CRYPTO
+
+endif # TPL_MBEDTLS_LIB
+
+endif # TPL
+
+# For VPL
+
+if VPL
+
+choice
+ prompt "Crypto libraries (VPL)"
+ default VPL_LEGACY_HASHING_AND_CRYPTO
+ help
+ Select crypto libraries in VPL.
+ VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ VPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config VPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select VPL_LEGACY_HASHING
+
+config VPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+
+endchoice
+
+if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+config VPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (VPL)"
+ select VPL_MD5_LEGACY if VPL_MD5
+ select VPL_SHA1_LEGACY if VPL_SHA1
+ select VPL_SHA256_LEGACY if VPL_SHA256
+ select VPL_SHA512_LEGACY if VPL_SHA512
+ select VPL_SHA384_LEGACY if VPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in VPL.
+
+if VPL_LEGACY_HASHING
+
+config VPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA384
+ select VPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in VPL.
+
+endif # VPL_LEGACY_HASHING
+
+endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+if VPL_MBEDTLS_LIB
+
+config VPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)"
+ depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+ select VPL_LEGACY_HASHING
+ default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in VPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO.
+
+config VPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (VPL)"
+ default y if VPL_MBEDTLS_LIB
+ select VPL_MD5_MBEDTLS if VPL_MD5
+ select VPL_SHA1_MBEDTLS if VPL_SHA1
+ select VPL_SHA256_MBEDTLS if VPL_SHA256
+ select VPL_SHA512_MBEDTLS if VPL_SHA512
+ select VPL_SHA384_MBEDTLS if VPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in VPL.
+
+if VPL_MBEDTLS_LIB_CRYPTO
+
+config VPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384
+ select VPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in VPL.
+
+endif # VPL_MBEDTLS_LIB_CRYPTO
+
+endif # VPL_MBEDTLS_LIB
+
+endif # VPL
diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
index e66c2018d97..4bbe7ceec45 100644
--- a/lib/mbedtls/Makefile
+++ b/lib/mbedtls/Makefile
@@ -6,60 +6,60 @@
MBEDTLS_LIB_DIR = external/mbedtls/library
# shim layer for hash
-obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o
-obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o
-obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o
-obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o
+obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o
+obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o
+obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o
+obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o
# x509 libraries
-obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
+obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
public_key.o
-obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
+obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
x509_cert_parser.o
-obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o
-obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
-obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
+obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o
+obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o
+obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o
# MbedTLS crypto library
-obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o
mbedtls_lib_crypto-y := \
$(MBEDTLS_LIB_DIR)/platform_util.o \
$(MBEDTLS_LIB_DIR)/constant_time.o \
$(MBEDTLS_LIB_DIR)/md.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/sha256.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/sha512.o
-mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \
+mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/hkdf.o
# MbedTLS X509 library
-obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o
mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/asn1parse.o \
$(MBEDTLS_LIB_DIR)/asn1write.o \
$(MBEDTLS_LIB_DIR)/oid.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/bignum.o \
$(MBEDTLS_LIB_DIR)/bignum_core.o \
$(MBEDTLS_LIB_DIR)/rsa.o \
$(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/pk.o \
$(MBEDTLS_LIB_DIR)/pk_wrap.o \
$(MBEDTLS_LIB_DIR)/pkparse.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/x509_crl.o \
$(MBEDTLS_LIB_DIR)/x509_crt.o
-mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \
+mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \
$(MBEDTLS_LIB_DIR)/pkcs7.o
#mbedTLS TLS support
-obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o
+obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o
mbedtls_lib_tls-y := \
$(MBEDTLS_LIB_DIR)/mps_reader.o \
$(MBEDTLS_LIB_DIR)/mps_trace.o \
diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h
index fd440c392f9..dda3f4dd6e4 100644
--- a/lib/mbedtls/mbedtls_def_config.h
+++ b/lib/mbedtls/mbedtls_def_config.h
@@ -11,12 +11,12 @@
* Author: Raymond Mao <raymond.mao at linaro.org>
*/
-#if defined CONFIG_MBEDTLS_LIB
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB)
#if CONFIG_IS_ENABLED(MD5)
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
#define MBEDTLS_MD5_ALT
#endif
#endif
@@ -24,7 +24,7 @@
#if CONFIG_IS_ENABLED(SHA1)
#define MBEDTLS_MD_C
#define MBEDTLS_SHA1_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
#define MBEDTLS_SHA1_ALT
#endif
#endif
@@ -32,7 +32,7 @@
#if CONFIG_IS_ENABLED(SHA256)
#define MBEDTLS_MD_C
#define MBEDTLS_SHA256_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
#define MBEDTLS_SHA256_ALT
#endif
#if CONFIG_IS_ENABLED(SHA256_SMALLER)
@@ -48,7 +48,7 @@
#if CONFIG_IS_ENABLED(SHA512)
#define MBEDTLS_MD_C
#define MBEDTLS_SHA512_C
-#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT)
#define MBEDTLS_SHA512_ALT
#endif
#if CONFIG_IS_ENABLED(SHA512_SMALLER)
@@ -60,7 +60,7 @@
#define MBEDTLS_HKDF_C
#endif
-#if defined CONFIG_MBEDTLS_LIB_X509
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509)
#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
#define MBEDTLS_X509_USE_C
@@ -89,9 +89,9 @@
#define MBEDTLS_ASN1_WRITE_C
#endif
-#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */
-#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS)
+#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS)
#include "rtc.h"
/* Generic options */
@@ -106,25 +106,36 @@
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_SSL_PROTO_TLS1_2
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+#endif
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
/* RSA */
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \
+ CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER)
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#endif
#define MBEDTLS_GCM_C
/* ECDSA */
+#if CONFIG_IS_ENABLED(ASN1_DECODER)
#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
#define MBEDTLS_ECDH_C
+#endif
#define MBEDTLS_ECDSA_DETERMINISTIC
#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+
#define MBEDTLS_CAN_ECDH
#define MBEDTLS_PK_CAN_ECDSA_SIGN
-#define MBEDTLS_ECP_C
+#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER)
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#endif
+
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
@@ -138,6 +149,6 @@
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */
-#endif /* #if defined CONFIG_MBEDTLS_LIB */
+#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */
--
2.25.1
More information about the U-Boot
mailing list