mirror of
https://git.yoctoproject.org/meta-arm
synced 2026-05-31 00:39:57 +00:00
arm/trusted-firmware-a: remove redundant patches
These were integrated into the 2.7.0 release, but were not removed when the recipe was upgraded. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Jon Mason <jon.mason@arm.com>
This commit is contained in:
Ross Burton
Jon Mason
-72
@@ -1,72 +0,0 @@
|
|||||||
Upstream-Status: Backport
|
|
||||||
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
|
|
||||||
|
|
||||||
From a93084be95634b66b917f1c8baf403067dc75c5d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
||||||
Date: Thu, 21 Apr 2022 10:21:29 +0200
|
|
||||||
Subject: [PATCH] build(deps): upgrade to mbed TLS 2.28.0
|
|
||||||
|
|
||||||
Upgrade to the latest and greatest 2.x release of Mbed TLS library
|
|
||||||
(i.e. v2.28.0) to take advantage of their bug fixes.
|
|
||||||
|
|
||||||
Note that the Mbed TLS project published version 3.x some time
|
|
||||||
ago. However, as this is a major release with API breakages, upgrading
|
|
||||||
to 3.x might require some more involved changes in TF-A, which we are
|
|
||||||
not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7
|
|
||||||
release of TF-A.
|
|
||||||
|
|
||||||
Actually, the upgrade this time simply boils down to including the new
|
|
||||||
source code module 'constant_time.c' into the firmware.
|
|
||||||
|
|
||||||
To quote mbed TLS v2.28.0 release notes [1]:
|
|
||||||
|
|
||||||
The mbedcrypto library includes a new source code module
|
|
||||||
constant_time.c, containing various functions meant to resist timing
|
|
||||||
side channel attacks. This module does not have a separate
|
|
||||||
configuration option, and functions from this module will be
|
|
||||||
included in the build as required.
|
|
||||||
|
|
||||||
As a matter of fact, if one is attempting to link TF-A against mbed
|
|
||||||
TLS v2.28.0 without the present patch, one gets some linker errors
|
|
||||||
due to missing symbols from this new module.
|
|
||||||
|
|
||||||
Apart from this, none of the items listed in mbed TLS release
|
|
||||||
notes [1] directly affect TF-A. Special note on the following one:
|
|
||||||
|
|
||||||
Fix a bug in mbedtls_gcm_starts() when the bit length of the iv
|
|
||||||
exceeds 2^32.
|
|
||||||
|
|
||||||
In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption
|
|
||||||
feature is enabled with AES-GCM as the authenticated decryption
|
|
||||||
algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable
|
|
||||||
which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a
|
|
||||||
32-bit value which by definition is always less than 2**32. Therefore,
|
|
||||||
we are immune to this bug.
|
|
||||||
|
|
||||||
With this upgrade, the size of BL1 and BL2 binaries does not appear to
|
|
||||||
change on a standard sample test build (with trusted boot and measured
|
|
||||||
boot enabled).
|
|
||||||
|
|
||||||
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0
|
|
||||||
|
|
||||||
Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6
|
|
||||||
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
|
|
||||||
---
|
|
||||||
drivers/auth/mbedtls/mbedtls_common.mk | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
|
|
||||||
index 0a4775d00..3eb41617f 100644
|
|
||||||
--- a/drivers/auth/mbedtls/mbedtls_common.mk
|
|
||||||
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
|
|
||||||
@@ -48,6 +48,7 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
|
|
||||||
rsa_internal.c \
|
|
||||||
x509.c \
|
|
||||||
x509_crt.c \
|
|
||||||
+ constant_time.c \
|
|
||||||
)
|
|
||||||
|
|
||||||
# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
|
|
||||||
--
|
|
||||||
2.25.1
|
|
||||||
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
fiptool: respect OPENSSL_DIR
|
|
||||||
|
|
||||||
fiptool links to libcrypto, so as with the other tools it should respect
|
|
||||||
OPENSSL_DIR for include/library paths.
|
|
||||||
|
|
||||||
Upstream-Status: Submitted
|
|
||||||
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
|
||||||
index ec6f88585..2d3b9fc26 100644
|
|
||||||
--- a/Makefile
|
|
||||||
+++ b/Makefile
|
|
||||||
@@ -1388,7 +1388,7 @@ fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME}
|
|
||||||
|
|
||||||
${FIPTOOL}: FORCE
|
|
||||||
ifdef UNIX_MK
|
|
||||||
- ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH}
|
|
||||||
+ ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH}
|
|
||||||
else
|
|
||||||
# Clear the MAKEFLAGS as we do not want
|
|
||||||
# to pass the gnumake flags to nmake.
|
|
||||||
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
|
|
||||||
index 11d2e7b0b..7c2a08379 100644
|
|
||||||
--- a/tools/fiptool/Makefile
|
|
||||||
+++ b/tools/fiptool/Makefile
|
|
||||||
@@ -12,6 +12,8 @@ FIPTOOL ?= fiptool${BIN_EXT}
|
|
||||||
PROJECT := $(notdir ${FIPTOOL})
|
|
||||||
OBJECTS := fiptool.o tbbr_config.o
|
|
||||||
V ?= 0
|
|
||||||
+OPENSSL_DIR := /usr
|
|
||||||
+
|
|
||||||
|
|
||||||
override CPPFLAGS += -D_GNU_SOURCE -D_XOPEN_SOURCE=700
|
|
||||||
HOSTCCFLAGS := -Wall -Werror -pedantic -std=c99
|
|
||||||
@@ -20,7 +22,7 @@ ifeq (${DEBUG},1)
|
|
||||||
else
|
|
||||||
HOSTCCFLAGS += -O2
|
|
||||||
endif
|
|
||||||
-LDLIBS := -lcrypto
|
|
||||||
+LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto
|
|
||||||
|
|
||||||
ifeq (${V},0)
|
|
||||||
Q := @
|
|
||||||
@@ -28,7 +30,7 @@ else
|
|
||||||
Q :=
|
|
||||||
endif
|
|
||||||
|
|
||||||
-INCLUDE_PATHS := -I../../include/tools_share
|
|
||||||
+INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include
|
|
||||||
|
|
||||||
HOSTCC ?= gcc
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user