Update Mbed TLS to 2.24.0 and Mbed PSA service #14160
Conversation
|
@LDong-Arm, thank you for your changes. |
|
Hi @0xc0170, is it possible to run our CI on this PR? We'd like a one-off run to see how it impacts existing Mbed targets, thanks in advance. |
|
CI started |
|
Looks like CI is stuck at fetching mbed-os |
|
Restarted, Ci is having some network instability today. |
|
Fetching of mbed-os failed in CI |
|
@0xc0170 Shall we rerun CI on this, thanks! |
|
Restarted |
Jenkins CI Test : ❌ FAILEDBuild Number: 3 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
|
From the CI run,
|
LDong-Arm
force-pushed
the
mbedtls-2.24-import
branch
from
9fb9f6a to
6623c5b
Compare
|
@evedon @jainvikas8 Are you happy with this? A re-approval is needed, then we can rerun CI (I'm sure it'll be good this time) and merge it. |
LDong-Arm
force-pushed
the
mbedtls-2.24-import
branch
2 times, most recently
from
405b5fb to
1e485af
Compare
hash_wrappers.c is specific to Mbed OS, moving it into platform as its original directory is for imported Mbed TLS source only.
LDong-Arm
force-pushed
the
mbedtls-2.24-import
branch
from
1e485af to
47abbf3
Compare
There was a problem hiding this comment.
@0xc0170 Can we run CI on this again? @jainvikas8 (the reviewer) has gone through this PR with me, so it's almost ready.
| @@ -20,7 +20,8 @@ | |||
| * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>. | |||
| */ | |||
|
|
|||
| /* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. | |||
| /* | |||
| * Copyright The Mbed TLS Contributors | |||
There was a problem hiding this comment.
@0xc0170 This copyright change was recently made in all files in Mbed TLS. Since the code is imported, are we okay with this?
|
CI started |
Jenkins CI Test : ❌ FAILEDBuild Number: 4 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
Note: Now we need to export common.h to the include path, because this header is now also needed by PSA Crypto service.
Files have been automatically imported by setting MBED_TLS_RELEASE to mbedtls-2.24.0 in connectivity/mbedtls/tools/importer/Makefile and running `make` in that directory.
That is the correct thing to do. |
LDong-Arm
force-pushed
the
mbedtls-2.24-import
branch
from
47abbf3 to
115304c
Compare
mergify
bot
dismissed stale reviews from evedon and jainvikas8
Pull request has been modified.
|
I've made a fix since the last CI run: Note: All Cypress targets will not compile, because Mbed TLS 2.24.0 introduced a new API mbedtls_ecp_write_key() which is missing from Cypress's ecp_alt.c. Until this function is imported, applications and tests will fail to compile with the Arm toolchain for all Cypress targets, due to missing symbols. |
LDong-Arm
force-pushed
the
mbedtls-2.24-import
branch
from
115304c to
1b3520f
Compare
|
CI started |
Jenkins CI Test : ❌ FAILEDBuild Number: 5 | 🔒 Jenkins CI Job | 🌐 Logs & ArtifactsCLICK for Detailed Summary
|
|
All failures are expected:
@evedon This PR should be ready for merge. |
Summary of changes
As a prerequisite of TF-M 1.2 update, this PR updates Mbed TLS to 2.24.0 and Mbed PSA service (used by PSA-enabled single-core v7m targets such as K64F) that comes with Mbed TLS.
Notes:
hash_wrappers.chas been moved fromconnectivity/mbedtls/source/(intended for imported Mbed TLS code only) toconnectivity/mbedtls/platform/src/as it's specific to Mbed OS.common.hhas been moved fromconnectivity/mbedtls/source/toconnectivity/mbedtls/include/mbedtls/, because this header is also used by PSA (since Mbed TLS 2.24.0) and thus needs to be in the exported include path.Impact of changes
This updates works with all non-PSA targets and those PSA targets with TF-M 1.2 support. This means:
So some tests in CI will not pass, until the entire TF-M 1.2 integration work is complete. Since this is incremental work on a feature branch, we may merge it and implement the rest subsequently.
Migration actions required
None.
Documentation
None.
Pull request type
(Changes in PSA API)
Test results
Reviewers
@jainvikas8 @evedon