Thanks Raymond, The renaming makes things a bit easier to configure and it does solve the compilation problem I was seeing
On Tue, 4 Feb 2025 at 00:08, Raymond Mao <raymond....@linaro.org> wrote: > > Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile > and default config file using 'XPL_', in order to have independent > mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL. > User can choose legacy or mbedtls libraries for them independently. > > Set mbedtls native hashing libraries as default when MBEDTLS_LIB, > SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected. > > If users prefer using U-Boot legacy hashing libraries, please select > MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT, > TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot > Proper, SPL, TPL and VPL respectively. > > Moreover, rename a few kconfig options and update their descriptions to > improve the consistency of terminology. > > Signed-off-by: Raymond Mao <raymond....@linaro.org> > --- > Changes in v2: > - Rename a few kconfig options and update their descriptions. > - Add kconfig options for TPL. > - Rebase on top of the changes which is adding the kconfig options for VPL: > '[PATCH 01/19] mbedtls: Add SHA symbols for VPL' > https://lore.kernel.org/u-boot/20250126184333.4058848-2-...@chromium.org/ > > Makefile | 2 +- > lib/mbedtls/Kconfig | 785 ++++++++++++++++++++++--------- > lib/mbedtls/Makefile | 44 +- > lib/mbedtls/mbedtls_def_config.h | 37 +- > 4 files changed, 612 insertions(+), 256 deletions(-) > > diff --git a/Makefile b/Makefile > index 33bb86343c5..7496dd585d0 100644 > --- a/Makefile > +++ b/Makefile > @@ -829,7 +829,7 @@ KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g) > UBOOTINCLUDE := \ > -Iinclude \ > $(if $(KBUILD_SRC), -I$(srctree)/include) \ > - $(if $(CONFIG_MBEDTLS_LIB), \ > + $(if $(CONFIG_$(XPL_)MBEDTLS_LIB), \ > "-DMBEDTLS_CONFIG_FILE=\"mbedtls_def_config.h\"" \ > -I$(srctree)/lib/mbedtls \ > -I$(srctree)/lib/mbedtls/port \ > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > index bb8ac5f862b..789721ee6cd 100644 > --- a/lib/mbedtls/Kconfig > +++ b/lib/mbedtls/Kconfig > @@ -1,57 +1,54 @@ > +# For U-Boot Proper > + > choice > - prompt "Select crypto libraries" > - default LEGACY_CRYPTO > + prompt "Crypto libraries (U-Boot Proper)" > + default LEGACY_HASHING_AND_CRYPTO > help > Select crypto libraries. > - LEGACY_CRYPTO for legacy crypto libraries, > + LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, > MBEDTLS_LIB for MbedTLS libraries. > > -config LEGACY_CRYPTO > +config LEGACY_HASHING_AND_CRYPTO > bool "legacy crypto libraries" > - select LEGACY_CRYPTO_BASIC > - select LEGACY_CRYPTO_CERT > + select LEGACY_HASHING > + select LEGACY_CRYPTO > > config MBEDTLS_LIB > bool "MbedTLS libraries" > select MBEDTLS_LIB_X509 > endchoice > > -if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT > +if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT > > -config LEGACY_CRYPTO_BASIC > - bool "legacy basic crypto libraries" > +config LEGACY_HASHING > + bool "Use U-Boot legacy hashing libraries" > select MD5_LEGACY if MD5 > select SHA1_LEGACY if SHA1 > select SHA256_LEGACY if SHA256 > select SHA512_LEGACY if SHA512 > select SHA384_LEGACY if SHA384 > - select SPL_MD5_LEGACY if SPL_MD5 > - select SPL_SHA1_LEGACY if SPL_SHA1 > - select SPL_SHA256_LEGACY if SPL_SHA256 > - select SPL_SHA512_LEGACY if SPL_SHA512 > - select SPL_SHA384_LEGACY if SPL_SHA384 > help > - Enable legacy basic crypto libraries. > + Enable U-Boot legacy hashing libraries. > > -if LEGACY_CRYPTO_BASIC > +if LEGACY_HASHING > > config SHA1_LEGACY > bool "Enable SHA1 support with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SHA1 > + depends on LEGACY_HASHING && SHA1 > help > This option enables support of hashing using SHA1 algorithm > with legacy crypto library. > > config SHA256_LEGACY > bool "Enable SHA256 support with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SHA256 > + depends on LEGACY_HASHING && SHA256 > help > This option enables support of hashing using SHA256 algorithm > with legacy crypto library. > > config SHA512_LEGACY > bool "Enable SHA512 support with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SHA512 > + depends on LEGACY_HASHING && SHA512 > default y if TI_SECURE_DEVICE && FIT_SIGNATURE > help > This option enables support of hashing using SHA512 algorithm > @@ -59,7 +56,7 @@ config SHA512_LEGACY > > config SHA384_LEGACY > bool "Enable SHA384 support with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SHA384 > + depends on LEGACY_HASHING && SHA384 > select SHA512_LEGACY > help > This option enables support of hashing using SHA384 algorithm > @@ -67,96 +64,16 @@ config SHA384_LEGACY > > config MD5_LEGACY > bool "Enable MD5 support with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && MD5 > - help > - This option enables support of hashing using MD5 algorithm > - with legacy crypto library. > - > -if SPL > - > -config SPL_SHA1_LEGACY > - bool "Enable SHA1 support in SPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 > - help > - This option enables support of hashing using SHA1 algorithm > - with legacy crypto library. > - > -config SPL_SHA256_LEGACY > - bool "Enable SHA256 support in SPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 > - help > - This option enables support of hashing using SHA256 algorithm > - with legacy crypto library. > - > -config SPL_SHA512_LEGACY > - bool "Enable SHA512 support in SPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 > - help > - This option enables support of hashing using SHA512 algorithm > - with legacy crypto library. > - > -config SPL_SHA384_LEGACY > - bool "Enable SHA384 support in SPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 > - select SPL_SHA512_LEGACY > - help > - This option enables support of hashing using SHA384 algorithm > - with legacy crypto library. > - > -config SPL_MD5_LEGACY > - bool "Enable MD5 support in SPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && SPL_MD5 > - help > - This option enables support of hashing using MD5 algorithm > - with legacy crypto library. > - > -endif # SPL > - > -if VPL > - > -config VPL_SHA1_LEGACY > - bool "Enable SHA1 support in VPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && VPL_SHA1 > - help > - This option enables support of hashing using SHA1 algorithm > - with legacy crypto library. > - > -config VPL_SHA256_LEGACY > - bool "Enable SHA256 support in VPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && VPL_SHA256 > - help > - This option enables support of hashing using SHA256 algorithm > - with legacy crypto library. > - > -config VPL_SHA512_LEGACY > - bool "Enable SHA512 support in VPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && VPL_SHA512 > - help > - This option enables support of hashing using SHA512 algorithm > - with legacy crypto library. > - > -config VPL_SHA384_LEGACY > - bool "Enable SHA384 support in VPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && VPL_SHA384 > - select VPL_SHA512_LEGACY > - help > - This option enables support of hashing using SHA384 algorithm > - with legacy crypto library. > - > -config VPL_MD5_LEGACY > - bool "Enable MD5 support in VPL with legacy crypto library" > - depends on LEGACY_CRYPTO_BASIC && VPL_MD5 > + depends on LEGACY_HASHING && MD5 > help > This option enables support of hashing using MD5 algorithm > with legacy crypto library. > > -endif # VPL > - > -endif # LEGACY_CRYPTO_BASIC > +endif # LEGACY_HASHING > > -config LEGACY_CRYPTO_CERT > +config LEGACY_CRYPTO > bool "legacy certificate libraries" > - depends on LEGACY_CRYPTO > + depends on LEGACY_HASHING_AND_CRYPTO > select ASN1_DECODER_LEGACY if ASN1_DECODER > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > @@ -164,24 +81,20 @@ config LEGACY_CRYPTO_CERT > select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER > select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER > select MSCODE_PARSER_LEGACY if MSCODE_PARSER > - select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER > - select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > - select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER > help > Enable legacy certificate libraries. > > -if LEGACY_CRYPTO_CERT > +if LEGACY_CRYPTO > > config ASN1_DECODER_LEGACY > bool "ASN1 decoder with legacy certificate library" > - depends on LEGACY_CRYPTO_CERT && ASN1_DECODER > + depends on LEGACY_CRYPTO && ASN1_DECODER > help > This option chooses legacy certificate library for ASN1 decoder. > > config ASYMMETRIC_PUBLIC_KEY_LEGACY > bool "Asymmetric public key crypto with legacy certificate library" > - depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE > + depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE > help > This option chooses legacy certificate library for asymmetric public > key crypto algorithm. > @@ -212,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY > > config MSCODE_PARSER_LEGACY > bool "MS authenticode parser with legacy certificate library" > - depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER > + depends on LEGACY_CRYPTO && MSCODE_PARSER > select ASN1_DECODER_LEGACY > help > This option chooses legacy certificate library for MS authenticode > parser. > > -if SPL > - > -config SPL_ASN1_DECODER_LEGACY > - bool "ASN1 decoder with legacy certificate library in SPL" > - depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER > - help > - This option chooses legacy certificate library for ASN1 decoder in > - SPL. > - > -config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY > - bool "Asymmetric public key crypto with legacy certificate library in > SPL" > - depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > - help > - This option chooses legacy certificate library for asymmetric public > - key crypto algorithm in SPL. > - > -config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY > - bool "RSA public key parser with legacy certificate library in SPL" > - depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY > - select SPL_ASN1_DECODER_LEGACY > - help > - This option chooses legacy certificate library for RSA public key > - parser in SPL. > - > -endif # SPL > - > -endif # LEGACY_CRYPTO_CERT > - > endif # LEGACY_CRYPTO > > +endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT > + > if MBEDTLS_LIB > > -config MBEDTLS_LIB_CRYPTO_ALT > - bool "MbedTLS crypto alternatives" > +config MBEDTLS_LIB_HASHING_ALT > + bool "Replace MbedTLS native hashing with U-Boot legacy libraries" > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > - select LEGACY_CRYPTO_BASIC > + select LEGACY_HASHING > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > help > - Enable MbedTLS crypto alternatives. > + Enable MbedTLS hashing alternatives and replace them with legacy > hashing > + libraries. > + This allows user to use U-Boot legacy hashing algorithms together > with > + other MbedTLS modules. > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > config MBEDTLS_LIB_CRYPTO > - bool "MbedTLS crypto libraries" > + bool "Use MbedTLS native crypto libraries for hashing" > + default y if MBEDTLS_LIB > select MD5_MBEDTLS if MD5 > select SHA1_MBEDTLS if SHA1 > select SHA256_MBEDTLS if SHA256 > select SHA512_MBEDTLS if SHA512 > select SHA384_MBEDTLS if SHA384 > - select SPL_MD5_MBEDTLS if SPL_MD5 > - select SPL_SHA1_MBEDTLS if SPL_SHA1 > - select SPL_SHA256_MBEDTLS if SPL_SHA256 > - select SPL_SHA512_MBEDTLS if SPL_SHA512 > - select SPL_SHA384_MBEDTLS if SPL_SHA384 > help > - Enable MbedTLS crypto libraries. > - Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT. > + Enable MbedTLS native crypto libraries. > + Mutually incompatible with MBEDTLS_LIB_HASHING_ALT. > > if MBEDTLS_LIB_CRYPTO > > @@ -345,53 +231,6 @@ config HKDF_MBEDTLS > This option enables support of key derivation using HKDF algorithm > with MbedTLS crypto library. > > -if SPL > - > -config SPL_SHA1_MBEDTLS > - bool "Enable SHA1 support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1 > - help > - This option enables support of hashing using SHA1 algorithm > - with MbedTLS crypto library. > - > -config SPL_SHA256_MBEDTLS > - bool "Enable SHA256 support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256 > - help > - This option enables support of hashing using SHA256 algorithm > - with MbedTLS crypto library. > - > -config SPL_SHA512_MBEDTLS > - bool "Enable SHA512 support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512 > - help > - This option enables support of hashing using SHA512 algorithm > - with MbedTLS crypto library. > - > -config SPL_SHA384_MBEDTLS > - bool "Enable SHA384 support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384 > - select SPL_SHA512 > - help > - This option enables support of hashing using SHA384 algorithm > - with MbedTLS crypto library. > - > -config SPL_MD5_MBEDTLS > - bool "Enable MD5 support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO && SPL_MD5 > - help > - This option enables support of hashing using MD5 algorithm > - with MbedTLS crypto library. > - > -config SPL_HKDF_MBEDTLS > - bool "Enable HKDF support in SPL with MbedTLS crypto library" > - depends on MBEDTLS_LIB_CRYPTO > - help > - This option enables support of key derivation using HKDF algorithm > - with MbedTLS crypto library. > - > -endif # SPL > - > endif # MBEDTLS_LIB_CRYPTO > > config MBEDTLS_LIB_X509 > @@ -403,10 +242,6 @@ config MBEDTLS_LIB_X509 > select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER > select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER > select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER > - select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER > - select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ > - SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > - select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER > help > Enable MbedTLS certificate libraries. > > @@ -457,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS > This option chooses MbedTLS certificate library for MS authenticode > parser. > > +endif # MBEDTLS_LIB_X509 > + > +config MBEDTLS_LIB_TLS > + bool "MbedTLS TLS library" > + depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS > + depends on X509_CERTIFICATE_PARSER_MBEDTLS > + depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > + depends on ASN1_DECODER_MBEDTLS > + depends on MBEDTLS_LIB > + help > + Enable MbedTLS TLS library. Required for HTTPs support > + in wget > + > +endif # MBEDTLS_LIB > + > +# For SPL > + > if SPL > > +choice > + prompt "Crypto libraries (SPL)" > + default SPL_LEGACY_HASHING_AND_CRYPTO > + help > + Select crypto libraries in SPL. > + SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, > + SPL_MBEDTLS_LIB for MbedTLS libraries. > + > +config SPL_LEGACY_HASHING_AND_CRYPTO > + bool "legacy crypto libraries" > + select SPL_LEGACY_HASHING > + select SPL_LEGACY_CRYPTO > + > +config SPL_MBEDTLS_LIB > + bool "MbedTLS libraries" > + select SPL_MBEDTLS_LIB_X509 > +endchoice > + > +if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT > + > +config SPL_LEGACY_HASHING > + bool "Use U-Boot legacy hashing libraries (SPL)" > + select SPL_MD5_LEGACY if SPL_MD5 > + select SPL_SHA1_LEGACY if SPL_SHA1 > + select SPL_SHA256_LEGACY if SPL_SHA256 > + select SPL_SHA512_LEGACY if SPL_SHA512 > + select SPL_SHA384_LEGACY if SPL_SHA384 > + help > + Enable U-Boot legacy hashing libraries in SPL. > + > +if SPL_LEGACY_HASHING > + > +config SPL_SHA1_LEGACY > + bool "Enable SHA1 support with legacy crypto library (SPL)" > + depends on SPL_LEGACY_HASHING && SPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with legacy crypto library in SPL. > + > +config SPL_SHA256_LEGACY > + bool "Enable SHA256 support with legacy crypto library (SPL)" > + depends on SPL_LEGACY_HASHING && SPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with legacy crypto library in SPL. > + > +config SPL_SHA512_LEGACY > + bool "Enable SHA512 support with legacy crypto library (SPL)" > + depends on SPL_LEGACY_HASHING && SPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with legacy crypto library in SPL. > + > +config SPL_SHA384_LEGACY > + bool "Enable SHA384 support with legacy crypto library (SPL)" > + depends on SPL_LEGACY_HASHING && SPL_SHA384 > + select SPL_SHA512_LEGACY > + help > + This option enables support of hashing using SHA384 algorithm > + with legacy crypto library in SPL. > + > +config SPL_MD5_LEGACY > + bool "Enable MD5 support with legacy crypto library (SPL)" > + depends on SPL_LEGACY_HASHING && SPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with legacy crypto library in SPL. > + > +endif # SPL_LEGACY_HASHING > + > +config SPL_LEGACY_CRYPTO > + bool "legacy certificate libraries (SPL)" > + depends on SPL_LEGACY_HASHING_AND_CRYPTO > + select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER > + select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > + select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER > + help > + Enable legacy certificate libraries in SPL. > + > +if SPL_LEGACY_CRYPTO > + > +config SPL_ASN1_DECODER_LEGACY > + bool "ASN1 decoder with legacy certificate library (SPL)" > + depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER > + help > + This option chooses legacy certificate library for ASN1 decoder in > + SPL. > + > +config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY > + bool "Asymmetric public key crypto with legacy certificate library > (SPL)" > + depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > + help > + This option chooses legacy certificate library for asymmetric public > + key crypto algorithm in SPL. > + > +config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY > + bool "RSA public key parser with legacy certificate library (SPL)" > + depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY > + select SPL_ASN1_DECODER_LEGACY > + help > + This option chooses legacy certificate library for RSA public key > + parser in SPL. > + > +endif # SPL_LEGACY_CRYPTO > + > +endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT > + > +if SPL_MBEDTLS_LIB > + > +config SPL_MBEDTLS_LIB_HASHING_ALT > + bool "Replace MbedTLS native hashing with U-Boot legacy libraries > (SPL)" > + depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO > + select SPL_LEGACY_HASHING > + default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO > + help > + Enable MbedTLS hashing alternatives and replace them with legacy > hashing > + libraries in SPL. > + This allows user to use U-Boot legacy hashing algorithms together > with > + other MbedTLS modules. > + Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO. > + > +config SPL_MBEDTLS_LIB_CRYPTO > + bool "Use MbedTLS native crypto libraries for hashing (SPL)" > + default y if SPL_MBEDTLS_LIB > + select SPL_MD5_MBEDTLS if SPL_MD5 > + select SPL_SHA1_MBEDTLS if SPL_SHA1 > + select SPL_SHA256_MBEDTLS if SPL_SHA256 > + select SPL_SHA512_MBEDTLS if SPL_SHA512 > + select SPL_SHA384_MBEDTLS if SPL_SHA384 > + help > + Enable MbedTLS native crypto libraries in SPL. > + > +if SPL_MBEDTLS_LIB_CRYPTO > + > +config SPL_SHA1_MBEDTLS > + bool "Enable SHA1 support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with MbedTLS crypto library in SPL. > + > +config SPL_SHA256_MBEDTLS > + bool "Enable SHA256 support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with MbedTLS crypto library in SPL. > + > +config SPL_SHA512_MBEDTLS > + bool "Enable SHA512 support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with MbedTLS crypto library in SPL. > + > +config SPL_SHA384_MBEDTLS > + bool "Enable SHA384 support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384 > + select SPL_SHA512 > + help > + This option enables support of hashing using SHA384 algorithm > + with MbedTLS crypto library in SPL. > + > +config SPL_MD5_MBEDTLS > + bool "Enable MD5 support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with MbedTLS crypto library in SPL. > + > +config SPL_HKDF_MBEDTLS > + bool "Enable HKDF support with MbedTLS crypto library (SPL)" > + depends on SPL_MBEDTLS_LIB_CRYPTO > + help > + This option enables support of key derivation using HKDF algorithm > + with MbedTLS crypto library in SPL. > + > +endif # SPL_MBEDTLS_LIB_CRYPTO > + > +config SPL_MBEDTLS_LIB_X509 > + bool "MbedTLS certificate libraries (SPL)" > + select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER > + select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \ > + SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > + select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER > + help > + Enable MbedTLS certificate libraries in SPL. > + > +if SPL_MBEDTLS_LIB_X509 > + > config SPL_ASN1_DECODER_MBEDTLS > - bool "ASN1 decoder with MbedTLS certificate library in SPL" > - depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER > + bool "ASN1 decoder with MbedTLS certificate library (SPL)" > + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER > help > This option chooses MbedTLS certificate library for ASN1 decoder in > SPL. > > config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS > - bool "Asymmetric public key crypto with MbedTLS certificate library > in SPL" > - depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > + bool "Asymmetric public key crypto with MbedTLS certificate library > (SPL)" > + depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE > help > This option chooses MbedTLS certificate library for asymmetric > public > key crypto algorithm in SPL. > > config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS > - bool "RSA public key parser with MbedTLS certificate library in SPL" > + bool "RSA public key parser with MbedTLS certificate library (SPL)" > depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS > select SPL_ASN1_DECODER_MBEDTLS > help > This option chooses MbedTLS certificate library for RSA public key > parser in SPL. > > +endif # SPL_MBEDTLS_LIB_X509 > + > +config SPL_MBEDTLS_LIB_TLS > + bool "MbedTLS TLS library (SPL)" > + depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS > + depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS > + depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS > + depends on SPL_ASN1_DECODER_MBEDTLS > + depends on SPL_MBEDTLS_LIB > + help > + Enable MbedTLS TLS library in SPL. Required for HTTPs support > + in wget > + > +endif # SPL_MBEDTLS_LIB > + > endif # SPL > > -endif # MBEDTLS_LIB_X509 > +# For TPL > > -config MBEDTLS_LIB_TLS > - bool "MbedTLS TLS library" > - depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS > - depends on X509_CERTIFICATE_PARSER_MBEDTLS > - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > - depends on ASN1_DECODER_MBEDTLS > - depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > - depends on MBEDTLS_LIB > +if TPL > + > +choice > + prompt "Crypto libraries (TPL)" > + default TPL_LEGACY_HASHING_AND_CRYPTO > help > - Enable MbedTLS TLS library. Required for HTTPs support > - in wget > + Select crypto libraries in TPL. > + TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, > + TPL_MBEDTLS_LIB for MbedTLS libraries. > > -endif # MBEDTLS_LIB > +config TPL_LEGACY_HASHING_AND_CRYPTO > + bool "legacy crypto libraries" > + select TPL_LEGACY_HASHING > + select TPL_LEGACY_CRYPTO > + > +config TPL_MBEDTLS_LIB > + bool "MbedTLS libraries" > + > +endchoice > + > +if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT > + > +config TPL_LEGACY_HASHING > + bool "Use U-Boot legacy hashing libraries (TPL)" > + select TPL_MD5_LEGACY if TPL_MD5 > + select TPL_SHA1_LEGACY if TPL_SHA1 > + select TPL_SHA256_LEGACY if TPL_SHA256 > + select TPL_SHA512_LEGACY if TPL_SHA512 > + select TPL_SHA384_LEGACY if TPL_SHA384 > + help > + Enable U-Boot legacy hashing libraries in TPL. > + > +if TPL_LEGACY_HASHING > + > +config TPL_SHA1_LEGACY > + bool "Enable SHA1 support with legacy crypto library (TPL)" > + depends on TPL_LEGACY_HASHING && TPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with legacy crypto library in TPL. > + > +config TPL_SHA256_LEGACY > + bool "Enable SHA256 support with legacy crypto library (TPL)" > + depends on TPL_LEGACY_HASHING && TPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with legacy crypto library in TPL. > + > +config TPL_SHA512_LEGACY > + bool "Enable SHA512 support with legacy crypto library (TPL)" > + depends on TPL_LEGACY_HASHING && TPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with legacy crypto library in TPL. > + > +config TPL_SHA384_LEGACY > + bool "Enable SHA384 support with legacy crypto library (TPL)" > + depends on TPL_LEGACY_HASHING && TPL_SHA384 > + select TPL_SHA512_LEGACY > + help > + This option enables support of hashing using SHA384 algorithm > + with legacy crypto library in TPL. > + > +config TPL_MD5_LEGACY > + bool "Enable MD5 support with legacy crypto library (TPL)" > + depends on TPL_LEGACY_HASHING && TPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with legacy crypto library in TPL. > + > +endif # TPL_LEGACY_HASHING > + > +endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT > + > +if TPL_MBEDTLS_LIB > + > +config TPL_MBEDTLS_LIB_HASHING_ALT > + bool "Replace MbedTLS native hashing with U-Boot legacy libraries > (TPL)" > + depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO > + select TPL_LEGACY_HASHING > + default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO > + help > + Enable MbedTLS hashing alternatives and replace them with legacy > hashing > + libraries in TPL. > + This allows user to use U-Boot legacy hashing algorithms together > with > + other MbedTLS modules. > + Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO. > + > +config TPL_MBEDTLS_LIB_CRYPTO > + bool "Use MbedTLS native crypto libraries for hashing (TPL)" > + default y if TPL_MBEDTLS_LIB > + select TPL_MD5_MBEDTLS if TPL_MD5 > + select TPL_SHA1_MBEDTLS if TPL_SHA1 > + select TPL_SHA256_MBEDTLS if TPL_SHA256 > + select TPL_SHA512_MBEDTLS if TPL_SHA512 > + select TPL_SHA384_MBEDTLS if TPL_SHA384 > + help > + Enable MbedTLS native crypto libraries in TPL. > + > +if TPL_MBEDTLS_LIB_CRYPTO > + > +config TPL_SHA1_MBEDTLS > + bool "Enable SHA1 support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with MbedTLS crypto library in TPL. > + > +config TPL_SHA256_MBEDTLS > + bool "Enable SHA256 support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with MbedTLS crypto library in TPL. > + > +config TPL_SHA512_MBEDTLS > + bool "Enable SHA512 support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with MbedTLS crypto library in TPL. > + > +config TPL_SHA384_MBEDTLS > + bool "Enable SHA384 support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384 > + select TPL_SHA512 > + help > + This option enables support of hashing using SHA384 algorithm > + with MbedTLS crypto library in TPL. > + > +config TPL_MD5_MBEDTLS > + bool "Enable MD5 support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with MbedTLS crypto library in TPL. > + > +config TPL_HKDF_MBEDTLS > + bool "Enable HKDF support with MbedTLS crypto library (TPL)" > + depends on TPL_MBEDTLS_LIB_CRYPTO > + help > + This option enables support of key derivation using HKDF algorithm > + with MbedTLS crypto library in TPL. > + > +endif # TPL_MBEDTLS_LIB_CRYPTO > + > +endif # TPL_MBEDTLS_LIB > + > +endif # TPL > + > +# For VPL > + > +if VPL > + > +choice > + prompt "Crypto libraries (VPL)" > + default VPL_LEGACY_HASHING_AND_CRYPTO > + help > + Select crypto libraries in VPL. > + VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries, > + VPL_MBEDTLS_LIB for MbedTLS libraries. > + > +config VPL_LEGACY_HASHING_AND_CRYPTO > + bool "legacy crypto libraries" > + select VPL_LEGACY_HASHING > + > +config VPL_MBEDTLS_LIB > + bool "MbedTLS libraries" > + > +endchoice > + > +if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT > + > +config VPL_LEGACY_HASHING > + bool "Use U-Boot legacy hashing libraries (VPL)" > + select VPL_MD5_LEGACY if VPL_MD5 > + select VPL_SHA1_LEGACY if VPL_SHA1 > + select VPL_SHA256_LEGACY if VPL_SHA256 > + select VPL_SHA512_LEGACY if VPL_SHA512 > + select VPL_SHA384_LEGACY if VPL_SHA384 > + help > + Enable U-Boot legacy hashing libraries in VPL. > + > +if VPL_LEGACY_HASHING > + > +config VPL_SHA1_LEGACY > + bool "Enable SHA1 support with legacy crypto library (VPL)" > + depends on VPL_LEGACY_HASHING && VPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with legacy crypto library in VPL. > + > +config VPL_SHA256_LEGACY > + bool "Enable SHA256 support with legacy crypto library (VPL)" > + depends on VPL_LEGACY_HASHING && VPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with legacy crypto library in VPL. > + > +config VPL_SHA512_LEGACY > + bool "Enable SHA512 support with legacy crypto library (VPL)" > + depends on VPL_LEGACY_HASHING && VPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with legacy crypto library in VPL. > + > +config VPL_SHA384_LEGACY > + bool "Enable SHA384 support with legacy crypto library (VPL)" > + depends on VPL_LEGACY_HASHING && VPL_SHA384 > + select VPL_SHA512_LEGACY > + help > + This option enables support of hashing using SHA384 algorithm > + with legacy crypto library in VPL. > + > +config VPL_MD5_LEGACY > + bool "Enable MD5 support with legacy crypto library (VPL)" > + depends on VPL_LEGACY_HASHING && VPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with legacy crypto library in VPL. > + > +endif # VPL_LEGACY_HASHING > + > +endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT > + > +if VPL_MBEDTLS_LIB > + > +config VPL_MBEDTLS_LIB_HASHING_ALT > + bool "Replace MbedTLS native hashing with U-Boot legacy libraries > (VPL)" > + depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO > + select VPL_LEGACY_HASHING > + default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO > + help > + Enable MbedTLS hashing alternatives and replace them with legacy > hashing > + libraries in VPL. > + This allows user to use U-Boot legacy hashing algorithms together > with > + other MbedTLS modules. > + Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO. > + > +config VPL_MBEDTLS_LIB_CRYPTO > + bool "Use MbedTLS native crypto libraries for hashing (VPL)" > + default y if VPL_MBEDTLS_LIB > + select VPL_MD5_MBEDTLS if VPL_MD5 > + select VPL_SHA1_MBEDTLS if VPL_SHA1 > + select VPL_SHA256_MBEDTLS if VPL_SHA256 > + select VPL_SHA512_MBEDTLS if VPL_SHA512 > + select VPL_SHA384_MBEDTLS if VPL_SHA384 > + help > + Enable MbedTLS native crypto libraries in VPL. > + > +if VPL_MBEDTLS_LIB_CRYPTO > + > +config VPL_SHA1_MBEDTLS > + bool "Enable SHA1 support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with MbedTLS crypto library in VPL. > + > +config VPL_SHA256_MBEDTLS > + bool "Enable SHA256 support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with MbedTLS crypto library in VPL. > + > +config VPL_SHA512_MBEDTLS > + bool "Enable SHA512 support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512 > + help > + This option enables support of hashing using SHA512 algorithm > + with MbedTLS crypto library in VPL. > + > +config VPL_SHA384_MBEDTLS > + bool "Enable SHA384 support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384 > + select VPL_SHA512 > + help > + This option enables support of hashing using SHA384 algorithm > + with MbedTLS crypto library in VPL. > + > +config VPL_MD5_MBEDTLS > + bool "Enable MD5 support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with MbedTLS crypto library in VPL. > + > +config VPL_HKDF_MBEDTLS > + bool "Enable HKDF support with MbedTLS crypto library (VPL)" > + depends on VPL_MBEDTLS_LIB_CRYPTO > + help > + This option enables support of key derivation using HKDF algorithm > + with MbedTLS crypto library in VPL. > + > +endif # VPL_MBEDTLS_LIB_CRYPTO > + > +endif # VPL_MBEDTLS_LIB > + > +endif # VPL > diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile > index e66c2018d97..4bbe7ceec45 100644 > --- a/lib/mbedtls/Makefile > +++ b/lib/mbedtls/Makefile > @@ -6,60 +6,60 @@ > MBEDTLS_LIB_DIR = external/mbedtls/library > > # shim layer for hash > -obj-$(CONFIG_$(SPL_)MD5_MBEDTLS) += md5.o > -obj-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += sha1.o > -obj-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += sha256.o > -obj-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += sha512.o > +obj-$(CONFIG_$(XPL_)MD5_MBEDTLS) += md5.o > +obj-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += sha1.o > +obj-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += sha256.o > +obj-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += sha512.o > > # x509 libraries > -obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ > +obj-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ > public_key.o > -obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ > +obj-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ > x509_cert_parser.o > -obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o > -obj-$(CONFIG_$(SPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o > -obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o > +obj-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += pkcs7_parser.o > +obj-$(CONFIG_$(XPL_)MSCODE_PARSER_MBEDTLS) += mscode_parser.o > +obj-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += rsa_helper.o > > # MbedTLS crypto library > -obj-$(CONFIG_MBEDTLS_LIB) += mbedtls_lib_crypto.o > +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB) += mbedtls_lib_crypto.o > mbedtls_lib_crypto-y := \ > $(MBEDTLS_LIB_DIR)/platform_util.o \ > $(MBEDTLS_LIB_DIR)/constant_time.o \ > $(MBEDTLS_LIB_DIR)/md.o > > -mbedtls_lib_crypto-$(CONFIG_$(SPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o > -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o > -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA256_MBEDTLS) += \ > +mbedtls_lib_crypto-$(CONFIG_$(XPL_)MD5_MBEDTLS) += $(MBEDTLS_LIB_DIR)/md5.o > +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA1_MBEDTLS) += $(MBEDTLS_LIB_DIR)/sha1.o > +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA256_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/sha256.o > -mbedtls_lib_crypto-$(CONFIG_$(SPL_)SHA512_MBEDTLS) += \ > +mbedtls_lib_crypto-$(CONFIG_$(XPL_)SHA512_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/sha512.o > -mbedtls_lib_crypto-$(CONFIG_$(SPL_)HKDF_MBEDTLS) += \ > +mbedtls_lib_crypto-$(CONFIG_$(XPL_)HKDF_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/hkdf.o > > # MbedTLS X509 library > -obj-$(CONFIG_MBEDTLS_LIB_X509) += mbedtls_lib_x509.o > +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o > mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o > -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASN1_DECODER_MBEDTLS) += \ > +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASN1_DECODER_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/asn1parse.o \ > $(MBEDTLS_LIB_DIR)/asn1write.o \ > $(MBEDTLS_LIB_DIR)/oid.o > -mbedtls_lib_x509-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ > +mbedtls_lib_x509-$(CONFIG_$(XPL_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/bignum.o \ > $(MBEDTLS_LIB_DIR)/bignum_core.o \ > $(MBEDTLS_LIB_DIR)/rsa.o \ > $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o > -mbedtls_lib_x509-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ > +mbedtls_lib_x509-$(CONFIG_$(XPL_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/pk.o \ > $(MBEDTLS_LIB_DIR)/pk_wrap.o \ > $(MBEDTLS_LIB_DIR)/pkparse.o > -mbedtls_lib_x509-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ > +mbedtls_lib_x509-$(CONFIG_$(XPL_)X509_CERTIFICATE_PARSER_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/x509_crl.o \ > $(MBEDTLS_LIB_DIR)/x509_crt.o > -mbedtls_lib_x509-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ > +mbedtls_lib_x509-$(CONFIG_$(XPL_)PKCS7_MESSAGE_PARSER_MBEDTLS) += \ > $(MBEDTLS_LIB_DIR)/pkcs7.o > > #mbedTLS TLS support > -obj-$(CONFIG_MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o > +obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_TLS) += mbedtls_lib_tls.o > mbedtls_lib_tls-y := \ > $(MBEDTLS_LIB_DIR)/mps_reader.o \ > $(MBEDTLS_LIB_DIR)/mps_trace.o \ > diff --git a/lib/mbedtls/mbedtls_def_config.h > b/lib/mbedtls/mbedtls_def_config.h > index fd440c392f9..dda3f4dd6e4 100644 > --- a/lib/mbedtls/mbedtls_def_config.h > +++ b/lib/mbedtls/mbedtls_def_config.h > @@ -11,12 +11,12 @@ > * Author: Raymond Mao <raymond....@linaro.org> > */ > > -#if defined CONFIG_MBEDTLS_LIB > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB) > > #if CONFIG_IS_ENABLED(MD5) > #define MBEDTLS_MD_C > #define MBEDTLS_MD5_C > -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) > #define MBEDTLS_MD5_ALT > #endif > #endif > @@ -24,7 +24,7 @@ > #if CONFIG_IS_ENABLED(SHA1) > #define MBEDTLS_MD_C > #define MBEDTLS_SHA1_C > -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) > #define MBEDTLS_SHA1_ALT > #endif > #endif > @@ -32,7 +32,7 @@ > #if CONFIG_IS_ENABLED(SHA256) > #define MBEDTLS_MD_C > #define MBEDTLS_SHA256_C > -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) > #define MBEDTLS_SHA256_ALT > #endif > #if CONFIG_IS_ENABLED(SHA256_SMALLER) > @@ -48,7 +48,7 @@ > #if CONFIG_IS_ENABLED(SHA512) > #define MBEDTLS_MD_C > #define MBEDTLS_SHA512_C > -#if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_HASHING_ALT) > #define MBEDTLS_SHA512_ALT > #endif > #if CONFIG_IS_ENABLED(SHA512_SMALLER) > @@ -60,7 +60,7 @@ > #define MBEDTLS_HKDF_C > #endif > > -#if defined CONFIG_MBEDTLS_LIB_X509 > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) > > #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) > #define MBEDTLS_X509_USE_C > @@ -89,9 +89,9 @@ > #define MBEDTLS_ASN1_WRITE_C > #endif > > -#endif /* #if defined CONFIG_MBEDTLS_LIB_X509 */ > +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */ > > -#if IS_ENABLED(CONFIG_MBEDTLS_LIB_TLS) > +#if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) > #include "rtc.h" > > /* Generic options */ > @@ -106,25 +106,36 @@ > #define MBEDTLS_ENTROPY_C > #define MBEDTLS_NO_PLATFORM_ENTROPY > #define MBEDTLS_SSL_PROTO_TLS1_2 > +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) > #define MBEDTLS_SSL_SERVER_NAME_INDICATION > +#endif > #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED > > /* RSA */ > +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) && \ > + CONFIG_IS_ENABLED(RSA_PUBLIC_KEY_PARSER) > #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED > #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED > #define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED > +#endif > #define MBEDTLS_GCM_C > > /* ECDSA */ > +#if CONFIG_IS_ENABLED(ASN1_DECODER) > #define MBEDTLS_ECDSA_C > +#define MBEDTLS_ECP_C > #define MBEDTLS_ECDH_C > +#endif > #define MBEDTLS_ECDSA_DETERMINISTIC > #define MBEDTLS_HMAC_DRBG_C > -#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED > -#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED > + > #define MBEDTLS_CAN_ECDH > #define MBEDTLS_PK_CAN_ECDSA_SIGN > -#define MBEDTLS_ECP_C > +#if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) > +#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED > +#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED > +#endif > + > #define MBEDTLS_ECP_DP_SECP256K1_ENABLED > #define MBEDTLS_ECP_DP_SECP192R1_ENABLED > #define MBEDTLS_ECP_DP_SECP224R1_ENABLED > @@ -138,6 +149,6 @@ > #define MBEDTLS_ECP_DP_BP384R1_ENABLED > #define MBEDTLS_ECP_DP_BP512R1_ENABLED > > -#endif /* #if defined CONFIG_MBEDTLS_LIB_TLS */ > +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS) */ > > -#endif /* #if defined CONFIG_MBEDTLS_LIB */ > +#endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB) */ > -- > 2.25.1 > Acked-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>