Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mbedtls integration #499

Open
wants to merge 24 commits into
base: master
Choose a base branch
from
Open

Mbedtls integration #499

wants to merge 24 commits into from

Conversation

raymo200915
Copy link
Contributor

Please do not submit a Pull Request via github. Our project makes use of
mailing lists for patch submission and review. For more details please
see https://u-boot.readthedocs.io/en/latest/develop/sending_patches.html

The only exception to this is in order to trigger a CI loop on Azure prior
to posting of patches.

@raymo200915
mbedtls: add mbedtls as a submodule
58520d7 
Add mbedtls as a submodule.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
mbedtls: switch mbedtls to v3.5.1
4c172dd 
Take latest mbedtls release from tag v3.5.1

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
makefile: add git submodule init and update
315ec1f 
Retrieve all git submodules before building

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
mbedtls: add mbedtls into the build system
4c2f0d3 
Port mbedtls with dummy libc header files.
Add mbedtls default config header file.
Add mbedtls kbuild makefile.
Add Kconfig and mbedtls config submenu.
Add a patch file to fix multiple definitions errors when linking
mbedtls.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
makefile: apply MbedTLS patches
ec29a3a 
Apply MbedTLS patch if any exist before building.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
arm: EFI linker script text section alignment
6fc0ba2 
Add text section alignment to fix sbsign signing warning
'gaps in the section table may result in different checksums'
which causes a failure of efi_image_verify_diges()

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
test: py: add sudo for virt-make-fs
92fd553 
Fix a permission issue when running virt-make-fs

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
image: remove redundant hash includes
f5dd9d6 
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
efi_loader: remove redundant hash includes
f4731f6 
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
mbedtls: add hash shim layer
9436fed 
Create a hash shim layer on top of mbedtls crypto library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
hash: integrate hash on mbedtls
ed3d602 
Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
makefile: add mbedtls include directories
9f8ea94 
Add the mbedtls include directories into the build system.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
efi_loader: switch sha256 to mbedtls
c26362a 
When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
hash shim layer instead.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
image: switch sha256 to mbedtls
86772f8 
When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
hash shim layer instead.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
mbedtls: add PKCS7 parser patch for MBedTLS
ad2d134 
Added patch for MBedTLS PKCS7 parser to support MicroSoft
Authenticate Code with Authenticate Attributes.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
lib/crypto: Port public_key on MbedTLS
8134cb5 
Integrate function public_key_verify_signature on top of MbedTLS
pk library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
lib/crypto: Port x509_cert_parser on MbedTLS
7384394 
Integrate x509_cert_parser on top of MbedTLS x509 library.
Add API x509_populate_cert and x509_populate_pubkey for code
reusability between x509 and pkcs7 parsers.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
lib/crypto: port PKCS7 parser on MbedTLS
8ab80f7 
Integrate PKCS7 parser on top of MbedTLS PKCS7 library.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
lib/crypto: port MSCode parser on MbedTLS
ca700f4 
Integrate MicroSoft Authenticate Code parser on top of MbedTLS
ASN.1 decoder.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
lib/crypto: remove dependence on ASN1 decoder
86308bf 
When building with MbedTLS,  we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode. So we can remove the dependence on ASN1
decoder when MBEDTLS_LIB_X509 is enabled.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
mbedtls: disable the unused features
c3cdde3 
Disable the unused features of MbedTLS to reduce the target size.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915
configs: enable MbedTLS as default setting
5d04b9e 
Enable MbedTLS as default setting for qemu arm64

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
@raymo200915 raymo200915 force-pushed the mbedtls_integration branch 2 times, most recently from 9073cbf to 99a2c5a Compare March 12, 2024 19:39
@raymo200915 raymo200915 force-pushed the mbedtls_integration branch 2 times, most recently from 7bf8008 to ead41e5 Compare March 13, 2024 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@raymo200915