u-boot.git/lib/mbedtls, branch next Unnamed repository; edit this file 'description' to name the repository. lib: use lowercase hex prefix style 2025-06-14T15:09:40+00:00 E Shattow e@freeshell.de 2025-06-06T22:45:00+00:00 d1aacc9c787e67314dd24e8f104a67d773e33c98 Use consistent lowercase hex prefix style in lib/* Signed-off-by: E Shattow <e@freeshell.de> 
Use consistent lowercase hex prefix style in lib/*

Signed-off-by: E Shattow <e@freeshell.de>
Merge patch series "Switch to using $(PHASE_) in Makefiles" 2025-04-11T18:16:49+00:00 Tom Rini trini@konsulko.com 2025-04-11T18:16:49+00:00 407d68638fe32418d61681407effba2a303bb9ee Tom Rini <trini@konsulko.com> says: This series switches to always using $(PHASE_) in Makefiles when building rather than $(PHASE_) or $(XPL_). It also starts on documenting this part of the build, but as a follow-up we need to rename doc/develop/spl.rst and expand on explaining things a bit. Link: https://lore.kernel.org/r/20250401225851.1125678-1-trini@konsulko.com 
Tom Rini <trini@konsulko.com> says:

This series switches to always using $(PHASE_) in Makefiles when
building rather than $(PHASE_) or $(XPL_). It also starts on documenting
this part of the build, but as a follow-up we need to rename
doc/develop/spl.rst and expand on explaining things a bit.

Link: https://lore.kernel.org/r/20250401225851.1125678-1-trini@konsulko.com
Kbuild: Always use $(PHASE_) 2025-04-11T18:16:44+00:00 Tom Rini trini@konsulko.com 2025-04-01T22:55:23+00:00 302b41d5397e9f821d360a74335e8821d4513970 It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our Makefiles as part of the macros to determine when to do something in our Makefiles based on what phase of the build we are in. For consistency, bring this down to a single macro and use "$(PHASE_)" only. Signed-off-by: Tom Rini <trini@konsulko.com> 
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.

Signed-off-by: Tom Rini <trini@konsulko.com>
mbedtls: remove incorrect attribute type checker 2025-04-06T16:02:57+00:00 Raymond Mao raymond.mao@linaro.org 2025-04-04T14:05:25+00:00 0708d54a5697e30ea5ecb03f97360e4fcff89719 S/MIME Capabilities (OID: 1.2.840.113549.1.9.15) attributes are expected to be algorithms but neither data nor MS Inderect Data, thus the checker for data type is incorrect. This patch fixes a capsule authentication failure with PKCS#7 message that contains S/MIME capabilities, which formed by the EDK2 GenerateCapsule tool. S/MIME Capabilities are not common attributes in an EFI capsule, thus this failure cannot be reproduced with the capsules generated via mkeficapsule. Fixes: 7de0d155cce7 ("mbedtls: add PKCS7 parser porting layer") Reported-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Signed-off-by: Raymond Mao <raymond.mao@linaro.org> 
S/MIME Capabilities (OID: 1.2.840.113549.1.9.15) attributes are
expected to be algorithms but neither data nor MS Inderect Data,
thus the checker for data type is incorrect.

This patch fixes a capsule authentication failure with PKCS#7
message that contains S/MIME capabilities, which formed by the EDK2
GenerateCapsule tool.

S/MIME Capabilities are not common attributes in an EFI capsule,
thus this failure cannot be reproduced with the capsules generated
via mkeficapsule.

Fixes: 7de0d155cce7 ("mbedtls: add PKCS7 parser porting layer")
Reported-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
mbedtls: refactor mbedtls build for XPL 2025-02-27T18:11:02+00:00 Raymond Mao raymond.mao@linaro.org 2025-02-03T22:08:14+00:00 ac0b1e82ff8540bd106824ddcc8919f85469c5f8 Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile and default config file using 'XPL_', in order to have independent mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL. User can choose legacy or mbedtls libraries for them independently. Set mbedtls native hashing libraries as default when MBEDTLS_LIB, SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected. If users prefer using U-Boot legacy hashing libraries, please select MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT, TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot Proper, SPL, TPL and VPL respectively. Moreover, rename a few kconfig options and update their descriptions to improve the consistency of terminology. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Refactor the entire kconfig page for mbedtls, adapt mbedtls makefile
and default config file using 'XPL_', in order to have independent
mbedtls kconfig options in U-Boot Proper, SPL, TPL and VPL.
User can choose legacy or mbedtls libraries for them independently.

Set mbedtls native hashing libraries as default when MBEDTLS_LIB,
SPL_MBEDTLS_LIB, TPL_MBEDTLS_LIB or VPL_MBEDTLS_LIB is selected.

If users prefer using U-Boot legacy hashing libraries, please select
MBEDTLS_LIB_HASHING_ALT, SPL_MBEDTLS_LIB_HASHING_ALT,
TPL_MBEDTLS_LIB_HASHING_ALT or VPL_MBEDTLS_LIB_HASHING_ALT for U-Boot
Proper, SPL, TPL and VPL respectively.

Moreover, rename a few kconfig options and update their descriptions to
improve the consistency of terminology.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: access mbedtls private members in mscode and pkcs7 parser 2025-02-27T18:11:02+00:00 Raymond Mao raymond.mao@linaro.org 2025-02-03T22:08:13+00:00 f13cd90762247661f9bd508303d830055e135ec0 U-Boot requires to access x509_internal.h, mbedtls_sha256_context and mbedtls_sha1_context in the porting layer, and this requires to enable MBEDTLS_ALLOW_PRIVATE_ACCESS. Enable it to mscode and pkcs7_parser to fix a mbedtls internal building error when X509 is selected. Moreover, Move it to a separate file to avoid enabling it in multiple places. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
U-Boot requires to access x509_internal.h, mbedtls_sha256_context and
mbedtls_sha1_context in the porting layer, and this requires to
enable MBEDTLS_ALLOW_PRIVATE_ACCESS.

Enable it to mscode and pkcs7_parser to fix a mbedtls internal building
error when X509 is selected.

Moreover, Move it to a separate file to avoid enabling it in multiple
places.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls: fix incorrect kconfig dependencies on mbedtls 2025-02-27T18:11:02+00:00 Raymond Mao raymond.mao@linaro.org 2025-02-03T22:08:12+00:00 a26e957381ecba59603a3ca455c30d6f8eae0ce7 Fixed the building failures when WGET_HTTPS,NET_LWIP and MBEDTLS_LIB are selected due to a few incorrect kconfig dependencies. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> 
Fixed the building failures when WGET_HTTPS,NET_LWIP and MBEDTLS_LIB
are selected due to a few incorrect kconfig dependencies.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
mbedtls/external: remove broken git submodule 2025-02-13T15:53:18+00:00 ZHANG Yuntian yt@radxa.com 2025-02-11T07:30:27+00:00 f9edd081b11b5eda06581b4f0c4f738359895507 When we squash imported mbedtls, the git submodule "framework" was preserved in the commit. However, U-Boot itself does not use git submodule, and provides no .gitmodules file to specify the submodule repository. This is normally not an issue when cloning U-Boot repository. However, when U-Boot is imported as a submodule, this will break git option `--recurse-submodules` as it fails to resolve "framework". As we do not use the submodule, remove it to unbreak existing workflows. Fixes: 12f1212e95fe ("Merge commit '0344c602eadc0802776b65ff90f0a02c856cf53c' as 'lib/mbedtls/external/mbedtls'") Signed-off-by: ZHANG Yuntian <yt@radxa.com> 
When we squash imported mbedtls, the git submodule "framework" was
preserved in the commit. However, U-Boot itself does not use git
submodule, and provides no .gitmodules file to specify the submodule
repository.

This is normally not an issue when cloning U-Boot repository. However,
when U-Boot is imported as a submodule, this will break git option
`--recurse-submodules` as it fails to resolve "framework".

As we do not use the submodule, remove it to unbreak existing workflows.

Fixes: 12f1212e95fe ("Merge commit '0344c602eadc0802776b65ff90f0a02c856cf53c' as 'lib/mbedtls/external/mbedtls'")
Signed-off-by: ZHANG Yuntian <yt@radxa.com>
mbedtls: Add SHA symbols for VPL 2025-02-03T22:00:42+00:00 Simon Glass sjg@chromium.org 2025-01-26T18:43:11+00:00 117e7cb9f8a27be205be6f8107092e0b866a844a Add some symbols for supporting SHA1 etc. for VPL. Signed-off-by: Simon Glass <sjg@chromium.org> 
Add some symbols for supporting SHA1 etc. for VPL.

Signed-off-by: Simon Glass <sjg@chromium.org>
lib: mbedtls: sha256: add support of key derivation 2025-01-18T23:12:47+00:00 Philippe Reynes philippe.reynes@softathome.com 2024-12-19T13:05:52+00:00 12e841114db54bd2021b7c96002a0d2bd24fa646 Adds the support of key derivation using the scheme hkdf. This scheme is defined in rfc5869. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Raymond Mao <raymond.mao@linaro.org> 
Adds the support of key derivation using the scheme hkdf.
This scheme is defined in rfc5869.

Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Raymond Mao <raymond.mao@linaro.org>