Let crypto own its part of the makefiles #10544
Open
+110
−312
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…dencies Signed-off-by: Gilles Peskine <[email protected]>
We put that in 3.6.0 because we wanted to minimize changes in a minor release, and in particular we wanted users to be able to build the library if they were checking out a release tag without checking out submodules recursively. That was possible because 3.6.x release tags contain the generated files. Since 4.0.0, it's completely impossible to build Mbed TLS without the `tf-psa-crypto` submodule. So there's no point in trying to allow a build without the `framework` submodule. In the libtestdriver1 build, where we copy part of the framework, copy the framework makefile as well, which is what we use to check for the presence of the framework (even though the framework makefile doesn't do anything useful after all). Signed-off-by: Gilles Peskine <[email protected]>
If we don't have submodules, we can't do anything. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Except in psasim, which I am not touching at this time. Signed-off-by: Gilles Peskine <[email protected]>
Signed-off-by: Gilles Peskine <[email protected]>
Currently, Mbed TLS can be built with make, and we rely on this in many `all.sh` components. Mbed TLS knows how to build TF-PSA-Crypto, but this changes from time to time, and it's hard to do the necessary changes in both repositories at the same time. Create a file that Mbed TLS can consume to find out some information needed to build TF-PSA-Crypto, such as the locations of various files. Create this file in Mbed TLS. Once we have finished moving code to it, the file will move to TF-PSA-Crypto. Signed-off-by: Gilles Peskine <[email protected]>
…on.make No behavior change. Signed-off-by: Gilles Peskine <[email protected]>
…CFLAGS Define these intermediate variables in the crypto helper file. No behavior change except possibly an inconsequential reordering of compiler options. Signed-off-by: Gilles Peskine <[email protected]>
Define variables that are meant to be possibly overridden on the make command line (or in a parent makefile) at the top. In particular, define them before including the crypto and framework makefiles, so these makefiles can use the default values if there's no parent setting. Also move some internal variables earlier or later, so that a subsequent refactoring step can have things in the right order in the mbedtls per-directory makefile: 1. Define variables consumed by the per-directory crypto makefile. 2. Include the per-directory crypto makefile. 3. Use variables defined by the per-directory crypto makefile. Signed-off-by: Gilles Peskine <[email protected]>
When running the preprocessor to determine whether pthread is enabled, only use TF-PSA-Crypto include paths. Don't use the rest of `LOCAL_CFLAGS`, including Mbed TLS include paths, which aren't really useful here. This will simplify later refactorings, because it simplifies a dependency chain [crypto paths] → `LOCAL_CFLAGS` → `THREADING` → `LOCAL_LDFLAGS` into just [crypto paths] → `THREADING` → `LOCAL_LDFLAGS`. Signed-off-by: Gilles Peskine <[email protected]>
Note that `THREADING` detection must be done after `TF_PSA_CRYPTO_LIBRARY_PUBLIC_INCLUDE` is defined. Otherwise it won't detect whether pthread is needed, and will never link with `-lpthread`. Signed-off-by: Gilles Peskine <[email protected]>
Use separate variables for the crypto part of lists of generated C files, generated objects, sample programs and test data files. No behavior change. Signed-off-by: Gilles Peskine <[email protected]> Signed-off-by: Gilles Peskine <[email protected]>
The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of object files from crypto * List of generated .c files in crypto * Rules to build generated .c files in crypto Signed-off-by: Gilles Peskine <[email protected]>
The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of generated .c files in crypto * Rules to build generated .c files in crypto * List of apps in crypto * Rules to build apps in crypto Signed-off-by: Gilles Peskine <[email protected]>
The new file is in Mbed TLS for now. Once we have finished moving code to it, it will move to TF-PSA-Crypto. What got moved: * List of generated .data files in crypto * Rules to generate .data files in crypto * List of test suites in crypto * List of generated .h files in crypto * Rules to generate .h in crypto What didn't get moved: * Rules to generate the crypto part of `$(GENERATED_CONFIG_DATA_FILES)`, because they are currently mixed with the rule for the mbedtls part. This will be done in a subsequent commit. * Rules to generate .c files from .function files, and to compile the resulting .c files. At least for now, we let Mbed TLS decide how to do that on its own. Signed-off-by: Gilles Peskine <[email protected]>
Have crypto handle the crypto part and tls handle the tls part. Signed-off-by: Gilles Peskine <[email protected]>
…DFLAGS Fix a bug whereby `crypto-common.make` was appending to `LOCAL_LDFLAGS` before `common.make` set the initial value. This broke the build with pthread enabled: `THREADING` was correctly getting autodetected, but the addition of `-lpthread` to `LOCAL_LDFLAGS` didn't work. Signed-off-by: Gilles Peskine <[email protected]>
Now that the crypto files have been moved to the crypto repository, consume them there. Signed-off-by: Gilles Peskine <[email protected]>
gilles-peskine-arm
added
needs-preceding-pr
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
This was referenced Dec 18, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the makefiles, include files from the tf-psa-crypto submodule to do the things that the tf-psa-crypto submodule knows. Resolves #10535.
Note to reviewers: this should be reviewed together with Mbed-TLS/TF-PSA-Crypto#616. This pull request is correct if the files that get removed from Mbed TLS are identical to the files that get added to TF-PSA-Crypto, and the build works as before.
Needs preceding PR:
PR checklist
basic-build-test.shwhich still uses make. Run on 2d6ad2a passed