Adjust Mbed TLS importer and config script

dgreen-arm · dgreen-arm · commit cafe743f8921 · 2020-04-21T14:18:28.000+01:00
Mbed Crypto has been remerged back into Mbed TLS. Update the
Mbed TLS importer script with the relevant parts of the
Mbed Crypto importer.
diff --git a/features/mbedtls/importer/Makefile b/features/mbedtls/importer/Makefile
@@ -27,7 +27,7 @@
 #
 
 # Set the mbed TLS release to import (this can/should be edited before import)
-MBED_TLS_RELEASE ?= mbedtls-2.20.0d1
+MBED_TLS_RELEASE ?= mbedtls-2.22.0
 MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls.git
 
 # Translate between mbed TLS namespace and mbed namespace
@@ -36,9 +36,23 @@ TARGET_SRC:=$(TARGET_PREFIX)src
 TARGET_INC:=$(TARGET_PREFIX)inc
 TARGET_TESTS:=$(TARGET_PREFIX)TESTS
 
+# A folder structure is introduced here for targets that have both a Secure
+# Processing Environment (SPE) targets and Non-secure Processing Environment
+# (NSPE). Documentation for each folder as follows:
+# COMPONENT_PSA_SRV_IMPL - Include secure service implementation code. For
+# example PSA Crypto or PSA Secure Time implementations
+TARGET_SRV_IMPL:=$(TARGET_PREFIX)/platform/COMPONENT_PSA_SRV_IMPL
+# COMPONENT_SPE - Include code that compiles ONLY to the SPE image and never
+# compiles to the NSPE image
+TARGET_SPE:=$(TARGET_PREFIX)/platform/COMPONENT_SPE
+# COMPONENT_NSPE - Include code that compiles ONLY to the NSPE image and never
+# compiles to the SPE image
+TARGET_NSPE:=$(TARGET_SRV_IMPL)/COMPONENT_NSPE
+
 # mbed TLS source directory - hidden from mbed via TARGET_IGNORE
 MBED_TLS_DIR:=TARGET_IGNORE/mbedtls
 MBED_TLS_API:=$(MBED_TLS_DIR)/include/mbedtls
+CRYPTO_API:=$(MBED_TLS_DIR)/include/psa
 MBED_TLS_GIT_CFG=$(MBED_TLS_DIR)/.git/config
 
 .PHONY: all deploy deploy-tests rsync mbedtls clean update
@@ -57,10 +71,27 @@ rsync:
 	rm -rf $(TARGET_INC)
 	mkdir -p $(TARGET_INC)
 	rsync -a --delete $(MBED_TLS_API) $(TARGET_INC)
+	rsync -a --delete --exclude='crypto_struct.h' $(CRYPTO_API) $(TARGET_INC)/
 	#
 	# Copying licenses
 	cp $(MBED_TLS_DIR)/LICENSE $(TARGET_PREFIX)
 	#
+	# Copying Mbed Crypto into Mbed OS...
+	rm -rf $(TARGET_SRV_IMPL)
+	rm -rf $(TARGET_SPE)
+
+	mkdir -p $(TARGET_SRV_IMPL)
+	mkdir -p $(TARGET_SPE)
+	mkdir -p $(TARGET_NSPE)
+
+	rsync -a --delete $(CRYPTO_API)/crypto_struct.h $(TARGET_NSPE)/
+	rsync -a --delete $(CRYPTO_API)/crypto_struct.h $(TARGET_SPE)/crypto_struct_spe.h
+	rsync -a --delete $(MBED_TLS_DIR)/library/psa_*.c $(TARGET_SRV_IMPL)/
+	rsync -a --delete $(MBED_TLS_DIR)/library/psa_*.h $(TARGET_SRV_IMPL)/
+	#
+	# Remove PSA-specific C & H files (they go into $(TARGET_SRV_IMPL))
+	rm -rf $(TARGET_SRC)/psa_*.c
+	rm -rf $(TARGET_SRC)/psa_*.h
 
 deploy: rsync
 	#
@@ -110,3 +141,5 @@ clean:
 	rm -rf $(TARGET_SRC)
 	rm -rf $(TARGET_INC)
 	rm -rf $(MBED_TLS_DIR)
+	rm -rf $(TARGET_SRV_IMPL)
+	rm -rf $(TARGET_SPE)
diff --git a/features/mbedtls/importer/adjust-config.sh b/features/mbedtls/importer/adjust-config.sh
@@ -79,6 +79,8 @@ conf unset MBEDTLS_TIMING_C
 # not supported on all targets with mbed OS, nor used by mbed Client
 conf unset MBEDTLS_HAVE_TIME_DATE
 conf unset MBEDTLS_FS_IO
+conf unset MBEDTLS_PSA_ITS_FILE_C
+conf unset MBEDTLS_PSA_CRYPTO_STORAGE_C
 conf set MBEDTLS_NO_PLATFORM_ENTROPY
 
 conf unset MBEDTLS_CIPHER_MODE_CFB
