Hi Simon,
On Fri, 21 Jun 2024 at 10:58, Simon Glass wrote:
> Hi Ilias,
>
> On Wed, 19 Jun 2024 at 06:41, Ilias Apalodimas
> wrote:
> >
> > Hi Simon,
> >
> > On Wed, Jun 12, 2024 at 02:24:31PM -0600, Simon Glass wrote:
> > > Hi Ilias,
> > >
> > > On Wed, 12 Jun 2024 at 00:02, Ilias Apalodimas
>
Hi Simon,
On Tue, 4 Jun 2024 at 23:27, Simon Glass wrote:
> On some boards, the bloblist is created in SPL once SDRAM is ready. It
> cannot be accessed until that point, so is not available early in SPL.
>
> Add a condition to avoid a hang in this case.
>
> This fixes a hang in chromebook_coral
Hi Andy and Ilias,
On Wed, 5 Jun 2024 at 09:31, Ilias Apalodimas
wrote:
> Hi Andy,
>
> [...]
>
> > > > > > Is this approach maintainable?
> > > > > > I don't remember if we have similar in Linux kernel, for example.
> > > > > > (There are few candidates like compression algorithms that are
>
Hi Andy,
On Tue, 4 Jun 2024 at 16:17, Andy Shevchenko <
andriy.shevche...@linux.intel.com> wrote:
> On Tue, May 28, 2024 at 07:09:14AM -0700, Raymond Mao wrote:
> > Port mbedtls with dummy libc header files.
> > Add mbedtls default config header file.
> > Opti
Hi Ilias,
On Fri, 31 May 2024 at 06:00, Ilias Apalodimas
wrote:
> Hi Raymond,
>
> [...]
>
> > +
> > +/**
> > + * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in
> the
> > + * provided struct rsa_key, pointers to the raw
> key as is,
> > + *
Hi Ilias,
On Fri, 31 May 2024 at 06:03, Ilias Apalodimas
wrote:
> On Tue, 28 May 2024 at 17:17, Raymond Mao wrote:
> >
> > Add porting layer for MSCode on top of MbedTLS ASN1 library.
> >
> > Signed-off-by: Raymond Mao
> > ---
> > Changes in v2
>
Hi Ilias,
On Fri, 31 May 2024 at 07:42, Ilias Apalodimas
wrote:
> On Tue, 28 May 2024 at 17:15, Raymond Mao wrote:
> >
> > Add porting layer for X509 cert parser on top of MbedTLS X509
> > library.
> >
> > Signed-off-by: Raymond Mao
> > ---
> &g
Hi Ilias and Tom,
On Thu, 30 May 2024 at 16:17, Ilias Apalodimas
wrote:
> Hi Tom
>
> On Wed, 29 May 2024 at 22:47, Tom Rini wrote:
> >
> > On Wed, May 29, 2024 at 03:42:04PM -0400, Raymond Mao wrote:
> > > Hi Tom,
> > >
> > > On Wed, 29 May 2024
Hi Ilias,
On Thu, 30 May 2024 at 11:48, Ilias Apalodimas
wrote:
> Hi both,
>
> [...]
>
> >> > > > > > >
> >> > > > > > > We need much more granularity here, and to re-think some
> existing
> >> > > > > > > symbols too perhaps. What we should be able to do is pick
> mbedTLS
> >> > > or
> >> > >
Hi Tom,
On Wed, 29 May 2024 at 15:47, Tom Rini wrote:
> On Wed, May 29, 2024 at 03:42:04PM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Wed, 29 May 2024 at 14:43, Tom Rini wrote:
> >
> > > On Wed, May 29, 2024 at 02:38:10PM -0400, Raymond Mao wrote:
&g
Hi Tom,
On Wed, 29 May 2024 at 14:43, Tom Rini wrote:
> On Wed, May 29, 2024 at 02:38:10PM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Wed, 29 May 2024 at 14:01, Tom Rini wrote:
> >
> > > On Wed, May 29, 2024 at 01:42:16PM -0400, Raymond Mao wrote:
&g
Hi Tom,
On Wed, 29 May 2024 at 14:01, Tom Rini wrote:
> On Wed, May 29, 2024 at 01:42:16PM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Wed, 29 May 2024 at 12:58, Tom Rini wrote:
> >
> > > On Tue, May 28, 2024 at 07:09:14AM -0700, Raymond Mao wrote:
&
Hi Tom,
On Wed, 29 May 2024 at 12:58, Tom Rini wrote:
> On Tue, May 28, 2024 at 07:09:14AM -0700, Raymond Mao wrote:
>
> > Port mbedtls with dummy libc header files.
> > Add mbedtls default config header file.
> > Optimize mbedtls default config by disabling unuse
Enable MbedTLS as default setting for qemu arm64
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- None.
configs/qemu_arm64_defconfig | 5 +
configs/sandbox_defconfig| 4
2 files changed, 9 insertions(+)
diff --git a/configs/qemu_arm64_defconfig b/configs
With MBEDTLS_LIB_X509 enabled, we don't build the original ASN1 lib,
So remove it from test.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
Changes in v3
- None.
test/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Kconfig b/test/Kconfig
index
When building with MbedTLS, we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode. So we can remove asn1_decoder when
MBEDTLS_LIB_X509 is enabled.
Signed-off-by: Raymond Mao
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- Initial patch.
Changes in v3
- None.
lib/Makefile | 2
Previous patch has introduced MbedTLS porting layer for RSA helper,
here to adjust the makefile accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
Changes in v3
- Update commit message.
lib/crypto/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/crypto
Add RSA helper layer on top on MbedTLS PK and RSA library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
Changes in v3
- None.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/rsa_helper.c | 99
2 files changed, 100 insertions(+)
create
Previous patch has introduced MbedTLS porting layer for mscode parser,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
include/crypto/mscode.h | 4
lib/crypto
Add porting layer for MSCode on top of MbedTLS ASN1 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
lib/mbedtls/Makefile| 1 +
lib/mbedtls/mscode_parser.c | 111
2 files changed
Previous patch has introduced MbedTLS porting layer for PKCS7 parser,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
include/crypto/pkcs7_parser.h | 56
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
- Fix EFI Capsule CI test failures.
Changes in v3
- None.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/pkcs7_parser.c | 533
Previous patch has introduced MbedTLS porting layer for x509 cert parser,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
include/crypto/x509_parser.h | 36
Add porting layer for X509 cert parser on top of MbedTLS X509
library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/x509_cert_parser.c | 497 +
2
Previous patch has introduced MbedTLS porting layer for public key,
here to adjust the header and makefiles accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- Update commit message.
include/crypto/public_key.h | 6 ++
lib
Add porting layer for public key on top of MbedTLS X509 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
Changes in v3
- None.
lib/mbedtls/Makefile | 4 ++
lib/mbedtls/public_key.c | 105 +++
2 files
-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- Update commit message.
.../external/mbedtls/tests/suites/test_suite_pkcs7.data | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7.data
b/lib/mbedtls
MbedTLS LTS release.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- Update commit message.
lib/mbedtls/external/mbedtls/library/pkcs7.c | 75
1 file changed, 47 insertions(+), 28 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/library/pkcs7.c
b
need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- Update commit message.
.../external/mbedtls/include/mbedtls/oid.h| 5 +
.../external/mbedtls/include/mbedtls/pkcs7.h | 11
PKCS7 features with MbedTLS build,
we need this patch on top of MbedTLS v3.6.0 before it is merged into
the next MbedTLS LTS release.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- Update commit message.
.../external/mbedtls/include/mbedtls/oid.h| 30
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Changes in v3
- Remove changes for PLATFORM_CPPFLAGS.
Makefile | 6 ++
1 file changed, 6 insertions(+)
diff --git a/Makefile b/Makefile
index 79b28c2d81f..2e7eb51401f 100644
Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao
---
Changes in v2
- Use the original head files instead of creating new ones.
Changes in v3
- Add handle checkers for malloc.
common/hash.c
Implement digest shim layer on top of MbedTLS crypto library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Split the shim layer into separated files and use the original head
files instead of creating new ones.
Changes in v3
- Refactored sha1_hmac and removed non-watchdog md5 function
We don't need an API specially for non-watchdog since md5_wd supports
it by enabling CONFIG_HW_WATCHDOG or CONFIG_WATCHDOG.
Set 0x1 as default chunk size for MD5.
Signed-off-by: Raymond Mao
---
Changes in v3
- Initial patch.
board/friendlyarm/nanopi2/board.c | 3 ++-
board/intel/edison
`CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule() are
defined in sandbox build.
`#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` is a workaround.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
Changes in v3
- Remove the changes that were done in previous clean-up patch set.
include/u-boot/md5.h
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree
commands.
Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull
$ ./lib/mbedtls/update-mbedtls-subtree.sh pick
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
Changes in v3
- None
Since MbedTLS is an external repo with its own coding style,
exclude it from Azure and gitlab CI CONFIG checks.
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- Initial patch.
Changes in v3
- None.
.azure-pipelines.yml | 3 ++-
.gitlab-ci.yml
480
MD5Transform2552 - -2552
Total: Before=836401, After=874454, chg +4.55%
```
Raymond Mao (25):
CI: Exclude MbedTLS subtree for CONFIG checks
mbedtls: Add script to update MbedTLS subtree
mbedtls: add mbedtls into the build system
lib: Adapt digest hea
Move snprintf to stdio.h since it is needed by exteranl libraries.
Signed-off-by: Raymond Mao
---
Changes in v2
- New patch.
Changes in v3
- Move comments and attributes of snprintf.
arch/arc/lib/cpu.c | 2 +-
board/Synology/common/legacy.c | 1 +
board/ti/common/fdt_ops.c
Use of typedef is beneficial for porting with other crypto libs
without changing the API callers.
Secondly, it is for the code consistency with other digest libs.
SHA1, SHA256 and SHA512 are all using typedef for their context.
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Ilias
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- None.
Changes in v3
- None.
lib/efi_loader/efi_signature.c | 1 -
lib/efi_loader/efi_tcg2.c | 3 ---
2
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Igor Opaniuk
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- None.
Changes in v3
- None.
boot/image-fit.c | 4
boot/image.c
one patch
to move the snprintf to stdio.h
Raymond Mao (4):
image: remove redundant hash includes
efi_loader: remove redundant hash includes
md5: Use typedef for MD5 context
include: Move snprintf to stdio.h
arch/arc/lib/cpu.c | 2 +-
board/Synology/common/legacy.c | 1 +
board
Move snprintf to stdio.h since it is needed by exteranl libraries.
Signed-off-by: Raymond Mao
---
Changes in v2
- New patch.
arch/arc/lib/cpu.c | 2 +-
board/Synology/common/legacy.c | 1 +
board/ti/common/fdt_ops.c | 2 +-
cmd/part.c | 2 +-
common
Use of typedef is beneficial for porting with other crypto libs
without changing the API callers.
Secondly, it is for the code consistency with other digest libs.
SHA1, SHA256 and SHA512 are all using typedef for their context.
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Ilias
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- None.
lib/efi_loader/efi_signature.c | 1 -
lib/efi_loader/efi_tcg2.c | 3 ---
2 files changed, 4
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h
Signed-off-by: Raymond Mao
Reviewed-by: Tom Rini
Reviewed-by: Igor Opaniuk
Reviewed-by: Ilias Apalodimas
---
Changes in v2
- None.
boot/image-fit.c | 4
boot/image.c | 2 --
2 files
one patch
to move the snprintf to stdio.h
Raymond Mao (4):
image: remove redundant hash includes
efi_loader: remove redundant hash includes
md5: Use typedef for MD5 context
include: Move snprintf to stdio.h
arch/arc/lib/cpu.c | 2 +-
board/Synology/common/legacy.c | 1 +
board
Hi Tom,
On Thu, 9 May 2024 at 11:43, Tom Rini wrote:
> On Thu, May 09, 2024 at 11:36:37AM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Thu, 9 May 2024 at 11:31, Tom Rini wrote:
> >
> > > On Thu, May 09, 2024 at 11:23:11AM -0400, Raymond Mao wrote:
>
Hi Ilias,
On Thu, 9 May 2024 at 14:15, Ilias Apalodimas
wrote:
> Hi Raymond,
>
> Try not to post the same patches without the fixes that were asked
> [0], at least not without an explanation.
>
> On Thu, 9 May 2024 at 17:38, Raymond Mao wrote:
> >
> > Add text s
Hi Tom,
On Thu, 9 May 2024 at 11:31, Tom Rini wrote:
> On Thu, May 09, 2024 at 11:23:11AM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Thu, 9 May 2024 at 11:11, Tom Rini wrote:
> >
> > > On Thu, May 09, 2024 at 11:04:07AM -0400, Raymond Mao wrote:
>
Hi Tom,
On Thu, 9 May 2024 at 11:11, Tom Rini wrote:
> On Thu, May 09, 2024 at 11:04:07AM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Tue, 7 May 2024 at 17:16, Tom Rini wrote:
> >
> > > On Tue, May 07, 2024 at 10:50:45AM -0700, Raymond Mao wrote:
> &
Hi Ilias,
On Wed, 8 May 2024 at 06:30, Ilias Apalodimas
wrote:
> On Tue, 7 May 2024 at 20:54, Raymond Mao wrote:
> >
> > Adapt digest header files to support both original libs and MbedTLS
> > by switching on/off MBEDTLS_LIB_CRYPTO
> >
> > FIXME:
>
Hi Tom,
On Tue, 7 May 2024 at 17:16, Tom Rini wrote:
> On Tue, May 07, 2024 at 10:50:45AM -0700, Raymond Mao wrote:
>
> > Port mbedtls with dummy libc header files.
> > Add mbedtls default config header file.
> > Optimize mbedtls default config by disabling unuse
Add text section alignment to fix sbsign signing warning
'gaps in the section table may result in different checksums'
which causes a failure of efi_image_verify_diges()
Signed-off-by: Raymond Mao
---
arch/arm/lib/elf_aarch64_efi.lds | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm
Use of typedef is beneficial for porting with other crypto libs
without changing the API callers.
Secondly, it is for the code consistency with other digest libs.
SHA1, SHA256 and SHA512 are all using typedef for their context.
Signed-off-by: Raymond Mao
---
drivers/crypto/hash/hash_sw.c | 8
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h
Signed-off-by: Raymond Mao
---
lib/efi_loader/efi_signature.c | 1 -
lib/efi_loader/efi_tcg2.c | 3 ---
2 files changed, 4 deletions(-)
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h
Signed-off-by: Raymond Mao
---
boot/image-fit.c | 4
boot/image.c | 2 --
2 files changed, 6 deletions(-)
diff --git a/boot/image-fit.c b/boot/image-fit.c
index 89e377563ce..1efc39f4408
This patch set is picked from the previously posted serie:
"[RFC] Integrate MbedTLS v3.6 LTS with U-Boot"
They are not directly related to MbedTLS integration, but the
prerequisite for a few clean-up, refactoring and minor fixes.
Raymond Mao (4):
image: remove redundant has
Hi Ilias,
On Wed, 8 May 2024 at 06:14, Ilias Apalodimas
wrote:
> On Tue, 7 May 2024 at 20:54, Raymond Mao wrote:
> >
> > Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
> > u-boot/sha256.h and u-boot/sha512.h
> >
> > Signed-off-by: Raymo
Hi Ilias,
On Wed, 8 May 2024 at 10:33, Ilias Apalodimas
wrote:
> Hi Raymond,
>
> On Tue, 7 May 2024 at 20:58, Raymond Mao wrote:
> >
> > Update the PKCS7 test suites for multiple certs.
>
> Please explain why. Does this belong to U-Boot or the patch should be
Hi Ilias,
On Wed, 8 May 2024 at 10:35, Ilias Apalodimas
wrote:
> Hi Raymond
>
> On Tue, 7 May 2024 at 20:57, Raymond Mao wrote:
> >
> > Support decoding multiple signer's cert in the signed data within
> > a PKCS7 message.
>
> For all similar external mbed
Hi Ilias,
On Wed, 8 May 2024 at 10:32, Ilias Apalodimas
wrote:
> Hi Raymond
>
> On Tue, 7 May 2024 at 20:57, Raymond Mao wrote:
> >
> > Populate MicroSoft Authentication Code from the content data
> > into PKCS7 decoding context if it exists in a PKCS7 message.
Enable MbedTLS as default setting for qemu arm64
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
configs/qemu_arm64_defconfig | 5 +
configs/sandbox_defconfig| 4
2 files changed, 9 insertions(+)
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index
With MBEDTLS_LIB_X509 enabled, we don't build the original ASN1 lib,
So remove it from test.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
test/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/Kconfig b/test/Kconfig
index e2ec0994a2e..558a9cd49b4
When building with MbedTLS, we are using MbedTLS to decode ASN1 data
for x509, pkcs7 and mscode. So we can remove asn1_decoder when
MBEDTLS_LIB_X509 is enabled.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
lib/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib
Adapt rsa_helper to build with MbedTLS
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
lib/crypto/Makefile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index e3232019df2..866a9a3f059 100644
--- a/lib/crypto/Makefile
+++ b/lib
Add RSA helper layer on top on MbedTLS PK and RSA library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/rsa_helper.c | 99
2 files changed, 100 insertions(+)
create mode 100644 lib/mbedtls
Adapt mscode_parser to build with MbedTLS
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
include/crypto/mscode.h | 4
lib/crypto/Makefile | 2 ++
2 files changed, 6 insertions(+)
diff --git a/include/crypto/mscode.h b/include/crypto/mscode.h
Add porting layer for MSCode on top of MbedTLS ASN1 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
lib/mbedtls/Makefile| 1 +
lib/mbedtls/mscode_parser.c | 111
2 files changed, 112 insertions
Adapt PKCS7 parser to build with MbedTLS
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
include/crypto/pkcs7_parser.h | 56 +++
lib/crypto/Makefile | 4 ++-
2 files changed, 59 insertions(+), 1 deletion(-)
diff
Add porting layer for PKCS7 parser on top of MbedTLS PKCS7 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
- Fix EFI Capsule CI test failures.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/pkcs7_parser.c | 533
Adapt x509_cert_parser and x509_public_key for building with MbedTLS
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
include/crypto/x509_parser.h | 36
lib/crypto/Makefile | 2 ++
lib/crypto/x509_public_key.c
Add porting layer for X509 cert parser on top of MbedTLS X509
library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
lib/mbedtls/Makefile | 1 +
lib/mbedtls/x509_cert_parser.c | 497 +
2 files changed, 498
Adapt the public_key header file with MbedTLS
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
include/crypto/public_key.h | 6 ++
lib/crypto/Makefile | 2 ++
lib/crypto/asymmetric_type.c | 2 +-
3 files changed, 9 insertions(+), 1 deletion
Add porting layer for public key on top of MbedTLS X509 library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Move the porting layer to MbedTLS dir.
lib/mbedtls/Makefile | 4 ++
lib/mbedtls/public_key.c | 105 +++
2 files changed, 109 insertions
Update the PKCS7 test suites for multiple certs.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
.../external/mbedtls/tests/suites/test_suite_pkcs7.data | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/mbedtls/external/mbedtls/tests/suites/test_suite_pkcs7
Support decoding multiple signer's cert in the signed data within
a PKCS7 message.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
lib/mbedtls/external/mbedtls/library/pkcs7.c | 75
1 file changed, 47 insertions(+), 28 deletions(-)
diff --git a/lib/mbedtls/external
Populate PKCS9 Authenticate Attributes from signer info if it exists
in a PKCS7 message.
Add OIDs for describing objects using for Authenticate Attributes.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
.../external/mbedtls/include/mbedtls/oid.h| 5 +
.../external/mbedtls
Populate MicroSoft Authentication Code from the content data
into PKCS7 decoding context if it exists in a PKCS7 message.
Add OIDs for describing objects using for MicroSoft Authentication
Code.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
.../external/mbedtls/include/mbedtls/oid.h
Add the mbedtls include directories into the build system.
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
Makefile | 13 +
1 file changed, 13 insertions(+)
diff --git a/Makefile b/Makefile
index 7321fe1499e..80db1dfd8ec 100644
--- a/Makefile
+++ b/Makefile
@@ -829,6 +829,12
Integrate common/hash.c on the hash shim layer so that hash APIs
from mbedtls can be leveraged by boot/image and efi_loader.
Signed-off-by: Raymond Mao
---
Changes in v2
- Use the original head files instead of creating new ones.
common/hash.c | 134
Implement digest shim layer on top of MbedTLS crypto library.
Signed-off-by: Raymond Mao
---
Changes in v2
- Split the shim layer into separated files and use the original head
files instead of creating new ones.
lib/mbedtls/Makefile | 7 +++
lib/mbedtls/md5.c| 68
The md5 header is updated to adapt to both original lib and MbedTLS.
Now we need to change the API callers accordingly.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
drivers/crypto/hash/hash_sw.c | 8
lib/md5.c | 10 +-
2 files changed, 9
`CONFIG_HW_WATCHDOG` and `CONFIG_WATCHDOG` but no schedule() are
defined in sandbox build.
`#if defined(CONFIG_MBEDTLS_LIB_CRYPTO)` is a workaround.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
include/u-boot/md5.h| 17 -
include/u-boot/sha1.h | 21
Remove the redundant includes of u-boot/sha1.h, u-boot/sha256.h
and u-boot/sha512.h
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
lib/efi_loader/efi_signature.c | 1 -
lib/efi_loader/efi_tcg2.c | 3 ---
2 files changed, 4 deletions(-)
diff --git a/lib/efi_loader/efi_signature.c b
Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
u-boot/sha256.h and u-boot/sha512.h
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
boot/image-fit.c | 4
boot/image.c | 2 --
2 files changed, 6 deletions(-)
diff --git a/boot/image-fit.c b/boot/image-fit.c
index
Add text section alignment to fix sbsign signing warning
'gaps in the section table may result in different checksums'
which causes a failure of efi_image_verify_diges()
Signed-off-by: Raymond Mao
---
Changes in v2
- None.
arch/arm/lib/elf_aarch64_efi.lds | 1 +
1 file changed, 1 insertion
lib/mbedtls/update-mbedtls-subtree.sh is a wrapper of git subtree
commands.
Usage from U-Boot top directory, run:
$ ./lib/mbedtls/update-mbedtls-subtree.sh pull
$ ./lib/mbedtls/update-mbedtls-subtree.sh pick
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
lib/mbedtls/update
Since MbedTLS is an external repo with its own coding style,
exclude it from Azure and gitlab CI CONFIG checks.
Signed-off-by: Raymond Mao
---
Changes in v2
- Initial patch.
.azure-pipelines.yml | 3 ++-
.gitlab-ci.yml | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git
1480 - -1480
MD5Transform2552 - -2552
Total: Before=835065, After=873946, chg +4.66%
```
Raymond Mao (28):
CI: Exclude MbedTLS subtree for CONFIG checks
mbedtls: Add script to update MbedTLS subtree
mbedtls: add mbedtls into the build
Hi Tom,
On Tue, 16 Apr 2024 at 15:23, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 11:59:56AM -0700, Raymond Mao wrote:
>
> > Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
> >
> > Patch 01 and 02 are for introducing MbedTLS release package.
> > I hav
Hi Tom,
On Tue, 16 Apr 2024 at 15:22, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 12:00:07PM -0700, Raymond Mao wrote:
>
> > When MBEDTLS_LIB_CRYPTO is enabled, use the APIs of sha256 from
> > hash shim layer instead.
> >
> > Signed-off-by: Raymond Mao
> > --
Hi Tom,
On Tue, 16 Apr 2024 at 15:19, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 12:00:02PM -0700, Raymond Mao wrote:
>
> > Remove the redundant includes of u-boot/md5.h, u-boot/sha1.h,
> > u-boot/sha256.h and u-boot/sha512.h
> >
> > Signed-off-by: Raymond Mao
>
Hi Tom,
On Tue, 16 Apr 2024 at 19:50, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 07:47:44PM -0400, Raymond Mao wrote:
> > Hi Tom,
> >
> > On Tue, 16 Apr 2024 at 19:12, Tom Rini wrote:
> >
> > > On Tue, Apr 16, 2024 at 11:59:56AM -0700, Raymond Mao wrote:
>
Hi Tom,
On Tue, 16 Apr 2024 at 15:19, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 12:00:01PM -0700, Raymond Mao wrote:
>
> > Fix a permission issue when running virt-make-fs
> >
> > Signed-off-by: Raymond Mao
> > ---
> > test/py/tests/test_efi_secboot/conftes
Hi Tom,
On Tue, 16 Apr 2024 at 19:12, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 11:59:56AM -0700, Raymond Mao wrote:
>
> [snip]
> > [1]: bloat-o-meter output between disabling/enabling MbedTLS
> > ```
> > add/remove: 231/69 grow/shrink: 12/5 up/down: 60196/-111
Hi Tom,
On Tue, 16 Apr 2024 at 16:26, Tom Rini wrote:
> On Tue, Apr 16, 2024 at 11:59:56AM -0700, Raymond Mao wrote:
>
> > Integrate MbedTLS v3.6 LTS (currently v3.6.0-RC1) with U-Boot.
>
> Please look in to:
> https://source.denx.de/u-boot/u-boot/-/jobs/818534
Yes. I
Integrate MicroSoft Authenticate Code parser on top of MbedTLS
ASN.1 decoder.
Signed-off-by: Raymond Mao
---
include/crypto/mscode.h| 4 ++
lib/crypto/mscode_parser.c | 104 +
2 files changed, 108 insertions(+)
diff --git a/include/crypto/mscode.h b
Enable MbedTLS as default setting for qemu arm64
Signed-off-by: Raymond Mao
---
configs/qemu_arm64_defconfig | 5 +
configs/sandbox_defconfig| 4
2 files changed, 9 insertions(+)
diff --git a/configs/qemu_arm64_defconfig b/configs/qemu_arm64_defconfig
index 7e166f4390..587a3fb912
1 - 100 of 354 matches
Mail list logo
