Update mbedtls importer to import mbed-crypto

[mohammad1603]

Description

Update the mbedtls importer to import the implementation of PSA Crypto APIs given by Mbed Crypto library.
In addition, it import the files to folders' structure as designed in #8680.
This PR depends on #8680 and the new version of mbedtls (Mbed TLS 2.14.0).

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[x] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

[Patater]

What testing has been done so far? What's left to test?

[Patater]

Fix spelling of "ACCELARATION"

[Patater]

Should this be "COMPONENT_" or "TARGET_". It isn't consistent with the previous things.

[mohammad1603]

I am moving them back to component as a variable in the file, to be consistent with the other variables' names

[Patater]

Use capital "Mbed". Probably also should say "Mbed OS" instead of "Mbed library".

[Patater]

Ok

[Patater]

Should this be prefixed with "COMPONENT_" or "TARGET_"?

[mohammad1603]

same as here #8723 (comment)

[Patater]

Should this be done in "update" or perhaps "rsync"?

[Patater]

OK

[Patater]

What about COMPONENT_NSPE or others? Should we remove those as well here?

[mohammad1603]

COMPONENT_NSPE will be deleted with TARGET_SRV_IMPL since it is an inner folder.
As I understood from @alzix that the acceleration folder and TARGET_PREFIX_CRYPTO folder should be always there and not deleted

[mohammad1603]

@Patater the tests importer was tested locally and it import the files as expected, in addition @orenc17 used the importer to run on-target tests over PSoC6 and they seems to be ok

[Patater]

Dependent on Mbed TLS tag that contains Mbed Crypto

[Patater]

The tag we use for the Mbed OS 5.11 release will be later than mbedtls-2.14.0. Not known yet what we'll use.

[simonbutcher]

Some questions and some requested changes.

[simonbutcher]

This shouldn't be changed yet. 2.14.0 hasn't been released, doesn't reflect the version in the library, and won't be the version shipping in Mbed OS 5.11. Please revert.

[simonbutcher]

The name we agreed for the directory was mbed-crypto, not crypto. Why the change?

[mohammad1603]

it was based on: Mbed-TLS/mbedtls#2146
I followed the submodule folder name.
cc @Patater

[alekshex]

Hi @sbutcher-arm ,
i hope it's not crucial for you. since the PR into mbedTLS also follows the 'crypto' naming

[mohammad1603]

the target folder was renamed to mbed-crypto

[simonbutcher]

I think calling it 'acceleration' is a mistake, and it should be 'drivers' or 'hardware'. Not all driver code/hardware support will speed up crypto operations, and may instead just offer additional security.

[simonbutcher]

Should we also capture the Crypto version? Or is the commit id of the submodule enough?

[Patater]

The submodule ties down the Mbed Crypto version, but I think it'd be nice to add to the VERSION.txt file for humans so they don't have to go dig it up themselves.

pushd $(MBED_TLS_DIR)/crypto
git describe --tags --abbrev=12 --dirty --always >> $(TARGET_PREFIX)VERSION.txt
popd

[mohammad1603]

Done

[simonbutcher]

I think what's going on here is a bit opaque to outsiders and other teams. There needs to be explanation here, (or pointers to documentation elsewhere) what these directories are and what they mean.

We need to explain what SPE, NSPE are, and what the other directories are and what they mean.

And most of all, we need to explain why we have so many directories. It will seem bizarre and unnecessarily complicated to outsiders.

[mohammad1603]

Since this directory hierarchy is exist in mbed-os I don't know how adding explanation here will help outsiders.
#8680 PR description explains that but not the merged code.
This PR: ARMmbed/mbed-os-5-docs#815 explains more about that and i think it will be helpful for outsiders

[simonbutcher]

Ok - Mbed TLS is my project that I work on daily, and these directories mean nothing to me. What do they do? What are they for? There's no explanation.

I think we need to either:

• add comments to explain these directories, either in this file or in another file in this directory
• tell me where there's other existing documentation that explains the structure elsewhere in the repository
• add a comment that points the reader to documentation somewhere else

[mohammad1603]

I added the required documentation in the importer.

[simonbutcher]

Why are we removing and making these directories? Unlike the other directories being made, won't there be other files in these directories which aren't being imported?

[mohammad1603]

I think only $(TARGET_PSA_ACCELERATION) shouldn't be removed, the others are created and only the importer copies files into them.

[simonbutcher]

@andresag01 - Can you please review this?

Note to maintainers - please don't merge this until the TLS team have signed off on it.

[mohammad1603]

@orenc17 does the build system recognize the PSA_TARGET folder?

[alzix]

It will after #8744 will be merged. Till then mbed-cli will ignore this folder.

[alekshex]

@sbutcher-arm All the comments were treated can you please re review. Thank you!

[dgreen-arm]

I'm happy with the changes I requested.

[simonbutcher]

These will be configurations of the crypto config.h. At this point we share a config.h, but that won't be true in the next release.

Therefore, I suggest putting a comment in to identify these as Crypto configs, as they have no meaning outside the Crypto submodule, and possibly structuring this to make the transition easier later.

[mohammad1603]

Added documentation for the configurations

[simonbutcher]

Ok - Mbed TLS is my project that I work on daily, and these directories mean nothing to me. What do they do? What are they for? There's no explanation.

I think we need to either:

• add comments to explain these directories, either in this file or in another file in this directory
• tell me where there's other existing documentation that explains the structure elsewhere in the repository
• add a comment that points the reader to documentation somewhere else

[bulislaw]

@Patater @sbutcher-arm please see the fixes.

[simonbutcher]

Not a blocker - but it should be:

The following configurations are needed

[simonbutcher]

Not a blocker - there are a few typos here, and the phrasing can be better. You don't need to say "New folder". In a year's time, the comment will still be there, and it won't be new! Revising the language I'd suggest:

 # The folder structure is for targets that compile to the Secured-Partition-Environment
 # and Non-Secured-Partition-Environments. Documentation for each folder:
 # COMPONENT_PSA_SRV_IMPL - includes secure service business logic implementation
 # code. For example Mbed Crypto or the secure time core logic

There's also a few typos in the following lines. eg. "includes" not "include"

[simonbutcher]

The new documentation changes are good enough. Thanks @mohammad1603!

[simonbutcher]

@adbridge / @cmonr / @0xc0170 - Can we merge this ASAP? The Mbed TLS release PR is dependent on it.

If it isn't merged soon, we'll have to absorb the changes into the release PR, and cancel this one.

[0xc0170]

If it isn't merged soon, we'll have to absorb the changes into the release PR, and cancel this one.

Let's do it in one (there are still some CI issues being fixed)

[adbridge]

Agree with @0xc0170

[simonbutcher]

Ok - we can do that if it's easier for you. If you wish, you can label this as 'DO NOT MERGE' and I'll include it in my TLS release PR later in the day.

[Patater]

Note that this additionally depends on #8730 for psa_prot_internal_storage.h. This is not a hard dependency, but it means some parts of this PR are not testable without #8730 merged before (or after).

[Patater]

This should be closed in favor of #8859

[NirSonnenschein]

closed in favor of #8859 which contains all changes from this PR.