-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mbedtls integration #499
Open
raymo200915
wants to merge
24
commits into
u-boot:master
Choose a base branch
from
raymo200915:mbedtls_integration
base: master
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Mbedtls integration #499
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add mbedtls as a submodule. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Take latest mbedtls release from tag v3.5.1 Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Retrieve all git submodules before building Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Port mbedtls with dummy libc header files. Add mbedtls default config header file. Add mbedtls kbuild makefile. Add Kconfig and mbedtls config submenu. Add a patch file to fix multiple definitions errors when linking mbedtls. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Apply MbedTLS patch if any exist before building. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Add text section alignment to fix sbsign signing warning 'gaps in the section table may result in different checksums' which causes a failure of efi_image_verify_diges() Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Fix a permission issue when running virt-make-fs Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h, u-boot/sha256.h and u-boot/sha512.h Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h and u-boot/sha512.h Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Create a hash shim layer on top of mbedtls crypto library. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Integrate common/hash.c on the hash shim layer so that hash APIs from mbedtls can be leveraged by boot/image and efi_loader. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Add the mbedtls include directories into the build system. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from hash shim layer instead. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from hash shim layer instead. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Added patch for MBedTLS PKCS7 parser to support MicroSoft Authenticate Code with Authenticate Attributes. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Integrate function public_key_verify_signature on top of MbedTLS pk library. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Integrate x509_cert_parser on top of MbedTLS x509 library. Add API x509_populate_cert and x509_populate_pubkey for code reusability between x509 and pkcs7 parsers. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Integrate PKCS7 parser on top of MbedTLS PKCS7 library. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Integrate MicroSoft Authenticate Code parser on top of MbedTLS ASN.1 decoder. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
When building with MbedTLS, we are using MbedTLS to decode ASN1 data for x509, pkcs7 and mscode. So we can remove the dependence on ASN1 decoder when MBEDTLS_LIB_X509 is enabled. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Disable the unused features of MbedTLS to reduce the target size. Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Enable MbedTLS as default setting for qemu arm64 Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
raymo200915
force-pushed
the
mbedtls_integration
branch
2 times, most recently
from
March 12, 2024 19:39
9073cbf
to
99a2c5a
Compare
raymo200915
force-pushed
the
mbedtls_integration
branch
2 times, most recently
from
March 13, 2024 17:23
7bf8008
to
ead41e5
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please do not submit a Pull Request via github. Our project makes use of
mailing lists for patch submission and review. For more details please
see https://u-boot.readthedocs.io/en/latest/develop/sending_patches.html
The only exception to this is in order to trigger a CI loop on Azure prior
to posting of patches.