Create a library file for libmbedtls
TF Makefile was linking all the objects files generated for the
Mbed TLS library instead of creating a static library that could be
used in the linking stage.
Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index 41ee1a7..9a46a34 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -14,9 +14,7 @@
lib/el3_runtime/${ARCH}/context_mgmt.c \
plat/common/plat_bl1_common.c \
plat/common/${ARCH}/platform_up_stack.S \
- ${MBEDTLS_COMMON_SOURCES} \
- ${MBEDTLS_CRYPTO_SOURCES} \
- ${MBEDTLS_X509_SOURCES}
+ ${MBEDTLS_SOURCES}
ifeq (${ARCH},aarch64)
BL1_SOURCES += lib/el3_runtime/aarch64/context.S
diff --git a/bl2/bl2.mk b/bl2/bl2.mk
index a856fb7..7e33703 100644
--- a/bl2/bl2.mk
+++ b/bl2/bl2.mk
@@ -8,9 +8,7 @@
bl2/${ARCH}/bl2_arch_setup.c \
lib/locks/exclusive/${ARCH}/spinlock.S \
plat/common/${ARCH}/platform_up_stack.S \
- ${MBEDTLS_COMMON_SOURCES} \
- ${MBEDTLS_CRYPTO_SOURCES} \
- ${MBEDTLS_X509_SOURCES}
+ ${MBEDTLS_SOURCES}
ifeq (${ARCH},aarch64)
BL2_SOURCES += common/aarch64/early_exceptions.S
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index a5d19e6..67a5da2 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -20,15 +20,79 @@
MBEDTLS_CONFIG_FILE := "<mbedtls_config.h>"
$(eval $(call add_define,MBEDTLS_CONFIG_FILE))
-MBEDTLS_COMMON_SOURCES := drivers/auth/mbedtls/mbedtls_common.c \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- asn1parse.c \
- asn1write.c \
- memory_buffer_alloc.c \
- oid.c \
- platform.c \
- platform_util.c \
- rsa_internal.c \
- )
+MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c
+
+
+LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \
+ asn1parse.c \
+ asn1write.c \
+ memory_buffer_alloc.c \
+ oid.c \
+ platform.c \
+ platform_util.c \
+ bignum.c \
+ md.c \
+ md_wrap.c \
+ pk.c \
+ pk_wrap.c \
+ pkparse.c \
+ pkwrite.c \
+ sha256.c \
+ sha512.c \
+ ecdsa.c \
+ ecp_curves.c \
+ ecp.c \
+ rsa.c \
+ rsa_internal.c \
+ x509.c \
+ x509_crt.c \
+ )
+
+# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
+# algorithm to use. If the variable is not defined, select it based on algorithm
+# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
+# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
+ifeq (${TF_MBEDTLS_KEY_ALG},)
+ ifeq (${KEY_ALG}, ecdsa)
+ TF_MBEDTLS_KEY_ALG := ecdsa
+ else
+ TF_MBEDTLS_KEY_ALG := rsa
+ endif
+endif
+
+# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
+# backward compatibility
+ifdef MBEDTLS_KEY_ALG
+ ifeq (${ERROR_DEPRECATED},1)
+ $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+ endif
+ $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+ TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG}
+endif
+
+ifeq (${HASH_ALG}, sha384)
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
+else ifeq (${HASH_ALG}, sha512)
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
+else
+ TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
+endif
+
+ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
+ TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA
+else
+ $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
+endif
+
+# Needs to be set to drive mbed TLS configuration correctly
+$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
+
+
+$(eval $(call MAKE_LIB,mbedtls))
endif
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk
index 6b15e71..2a9fbbf 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.mk
+++ b/drivers/auth/mbedtls/mbedtls_crypto.mk
@@ -6,86 +6,6 @@
include drivers/auth/mbedtls/mbedtls_common.mk
-# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
-# algorithm to use. If the variable is not defined, select it based on algorithm
-# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
-# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
-ifeq (${TF_MBEDTLS_KEY_ALG},)
- ifeq (${KEY_ALG}, ecdsa)
- TF_MBEDTLS_KEY_ALG := ecdsa
- else
- TF_MBEDTLS_KEY_ALG := rsa
- endif
-endif
+MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_crypto.c
-# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
-# backward compatibility
-ifdef MBEDTLS_KEY_ALG
- ifeq (${ERROR_DEPRECATED},1)
- $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
- endif
- $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
- TF_MBEDTLS_KEY_ALG := ${MBEDTLS_KEY_ALG}
-endif
-
-MBEDTLS_CRYPTO_SOURCES := drivers/auth/mbedtls/mbedtls_crypto.c \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- bignum.c \
- md.c \
- md_wrap.c \
- pk.c \
- pk_wrap.c \
- pkparse.c \
- pkwrite.c \
- )
-
-ifeq (${HASH_ALG}, sha384)
- MBEDTLS_CRYPTO_SOURCES += \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- sha256.c \
- sha512.c \
- )
- TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384
-else ifeq (${HASH_ALG}, sha512)
- MBEDTLS_CRYPTO_SOURCES += \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- sha256.c \
- sha512.c \
- )
- TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512
-else
- MBEDTLS_CRYPTO_SOURCES += \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- sha256.c \
- )
- TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256
-endif
-
-# Key algorithm specific files
-MBEDTLS_ECDSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \
- ecdsa.c \
- ecp_curves.c \
- ecp.c \
- )
-
-MBEDTLS_RSA_CRYPTO_SOURCES += $(addprefix ${MBEDTLS_DIR}/library/, \
- rsa.c \
- )
-
-ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
- MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES)
- TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA
-else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
- MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES)
- TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA
-else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
- MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_ECDSA_CRYPTO_SOURCES)
- MBEDTLS_CRYPTO_SOURCES += $(MBEDTLS_RSA_CRYPTO_SOURCES)
- TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA
-else
- $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
-endif
-# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
diff --git a/drivers/auth/mbedtls/mbedtls_x509.mk b/drivers/auth/mbedtls/mbedtls_x509.mk
index a6f72e6..a0557e2 100644
--- a/drivers/auth/mbedtls/mbedtls_x509.mk
+++ b/drivers/auth/mbedtls/mbedtls_x509.mk
@@ -6,8 +6,4 @@
include drivers/auth/mbedtls/mbedtls_common.mk
-MBEDTLS_X509_SOURCES := drivers/auth/mbedtls/mbedtls_x509_parser.c \
- $(addprefix ${MBEDTLS_DIR}/library/, \
- x509.c \
- x509_crt.c \
- )
+MBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_x509_parser.c