u-boot.git/lib/mbedtls/Makefile, branch master Unnamed repository; edit this file 'description' to name the repository. Kbuild: Always use $(PHASE_) 2025-04-11T18:16:44+00:00 Tom Rini trini@konsulko.com 2025-04-01T22:55:23+00:00 302b41d5397e9f821d360a74335e8821d4513970 It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our Makefiles as part of the macros to determine when to do something in our Makefiles based on what phase of the build we are in. For consistency, bring this down to a single macro and use "$(PHASE_)" only. Signed-off-by: Tom Rini <trini@konsulko.com> 
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.

Signed-off-by: Tom Rini <trini@konsulko.com>
mbedtls: refactor mbedtls build for XPL 2025-02-27T18:11:02+00:00 Raymond Mao raymond.mao@linaro.org 2025-02-03T22:08:14+00:00 ac0b1e82ff8540bd106824ddcc8919f85469c5f8 Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile and default config file using 'XPL_', in order to have independent mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL. User can choose legacy or mbedtls libraries for them independently. Set mbedtls native hashing libraries as default when MBEDTLS_LIB, SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected. If users prefer using U-Boot legacy hashing libraries, please select MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT, TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot Proper, SPL, TPL and VPL respectively. Moreover, rename a few kconfig options and update their descriptions to improve the consistency of terminology. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile
and default config file using 'XPL_', in order to have independent
mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL.
User can choose legacy or mbedtls libraries for them independently.

Set mbedtls native hashing libraries as default when MBEDTLS_LIB,
SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected.

If users prefer using U-Boot legacy hashing libraries, please select
MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT,
TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot
Proper, SPL, TPL and VPL respectively.

Moreover, rename a few kconfig options and update their descriptions to
improve the consistency of terminology.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: enable support of hkdf 2025-01-18T23:12:47+00:00 Philippe Reynes philippe.reynes@softathome.com 2024-12-19T13:05:48+00:00 70a42bf2170eadd2b8b99175785435f209faca0a Adds the support of key derivation using the scheme hkdf. Reviewed-by: Raymond Mao <raymond.mao@linaro.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
Adds the support of key derivation using
the scheme hkdf.

Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
mbedtls: Enable TLS 1.2 support 2024-11-13T01:09:52+00:00 Ilias Apalodimas ilias.apalodimas@linaro.org 2024-11-10T08:28:37+00:00 a564f5094f62e40cf758e391b5213e3924d56f4d Since lwIP and mbedTLS have been merged we can tweak the config options and enable TLS1.2 support. Add RSA and ECDSA by default and enable enough block cipher modes of operation to be comatible with modern TLS requirements and webservers Reviewed-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Since lwIP and mbedTLS have been merged we can tweak the config options
and enable TLS1.2 support. Add RSA and ECDSA by default and enable
enough block cipher modes of operation to be comatible with modern
TLS requirements and webservers

Reviewed-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
asn1_decoder: add build options for ASN1 decoder 2024-10-14T23:58:51+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:38+00:00 ab58c46584f3aafd47f7c3c123ef96e7c44e873a When building with MbedTLS, we are using MbedTLS to decode ASN1 data for x509, pkcs7 and mscode. Introduce _LEGACY and _MBEDTLS kconfigs for ASN1 decoder legacy and MbedTLS implementations respectively. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
When building with MbedTLS, we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode.
Introduce _LEGACY and _MBEDTLS kconfigs for ASN1 decoder legacy and
MbedTLS implementations respectively.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: add RSA helper layer on MbedTLS 2024-10-14T23:58:50+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:36+00:00 1df80a4f5f7868101692c371b9185c01a99714b5 Add RSA helper layer on top on MbedTLS PK and RSA library. Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and MbedTLS implementations respectively. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add RSA helper layer on top on MbedTLS PK and RSA library.
Introduce _LEGACY and _MBEDTLS kconfigs for RSA helper legacy and
MbedTLS implementations respectively.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: add MSCode parser porting layer 2024-10-14T23:58:48+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:34+00:00 65a7b48d5a1abb9439e8f5afaaf1b9643b08ed27 Add porting layer for MSCode on top of MbedTLS ASN1 library. Introduce _MBEDTLS kconfigs for MSCode MbedTLS implementation. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add porting layer for MSCode on top of MbedTLS ASN1 library.
Introduce _MBEDTLS kconfigs for MSCode MbedTLS implementation.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: add PKCS7 parser porting layer 2024-10-14T23:58:46+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:32+00:00 7de0d155cce7006167089b753abb14c0dc83c0e4 Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library. Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and MbedTLS implementations respectively. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library.
Introduce _LEGACY and _MBEDTLS kconfigs for PKCS7 parser legacy and
MbedTLS implementations respectively.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: add X509 cert parser porting layer 2024-10-14T23:58:44+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:30+00:00 70002cec5f1c43c4a57c802b5149a1f320c5eaac Add porting layer for X509 cert parser on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy and MbedTLS implementations respectively. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> 
Add porting layer for X509 cert parser on top of MbedTLS X509
library.
Introduce _LEGACY and _MBEDTLS kconfigs for X509 cert parser legacy
and MbedTLS implementations respectively.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
mbedtls: add public key porting layer 2024-10-14T23:58:43+00:00 Raymond Mao raymond.mao@linaro.org 2024-10-03T21:50:28+00:00 bfbf3ab6151ff22e2c6f90cf4cff92758b84e66a Add porting layer for public key on top of MbedTLS X509 library. Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and MbedTLS implementations respectively. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Add porting layer for public key on top of MbedTLS X509 library.
Introduce _LEGACY and _MBEDTLS kconfigs for public key legacy and
MbedTLS implementations respectively.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>