Create a library file for libmbedtls

TF Makefile was linking all the objects files generated for the
Mbed TLS library instead of creating a static library that could be
used in the linking stage.

Change-Id: I8e4cd843ef56033c9d3faeee71601d110b7e4c12
Signed-off-by: Roberto Vargas <roberto.vargas@arm.com>
diff --git a/bl1/bl1.mk b/bl1/bl1.mk
index 41ee1a7..9a46a34 100644
--- a/bl1/bl1.mk
+++ b/bl1/bl1.mk
@@ -14,9 +14,7 @@
 				lib/el3_runtime/${ARCH}/context_mgmt.c	\
 				plat/common/plat_bl1_common.c		\
 				plat/common/${ARCH}/platform_up_stack.S \
-				${MBEDTLS_COMMON_SOURCES}		\
-				${MBEDTLS_CRYPTO_SOURCES}		\
-				${MBEDTLS_X509_SOURCES}
+				${MBEDTLS_SOURCES}
 
 ifeq (${ARCH},aarch64)
 BL1_SOURCES		+=	lib/el3_runtime/aarch64/context.S
diff --git a/bl2/bl2.mk b/bl2/bl2.mk
index a856fb7..7e33703 100644
--- a/bl2/bl2.mk
+++ b/bl2/bl2.mk
@@ -8,9 +8,7 @@
 				bl2/${ARCH}/bl2_arch_setup.c		\
 				lib/locks/exclusive/${ARCH}/spinlock.S	\
 				plat/common/${ARCH}/platform_up_stack.S	\
-				${MBEDTLS_COMMON_SOURCES}               \
-				${MBEDTLS_CRYPTO_SOURCES}		\
-				${MBEDTLS_X509_SOURCES}
+				${MBEDTLS_SOURCES}
 
 ifeq (${ARCH},aarch64)
 BL2_SOURCES		+=	common/aarch64/early_exceptions.S
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index a5d19e6..67a5da2 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -20,15 +20,79 @@
 MBEDTLS_CONFIG_FILE	:=	"<mbedtls_config.h>"
 $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
 
-MBEDTLS_COMMON_SOURCES	:=	drivers/auth/mbedtls/mbedtls_common.c	\
-				$(addprefix ${MBEDTLS_DIR}/library/,	\
-				asn1parse.c 				\
-				asn1write.c 				\
-				memory_buffer_alloc.c			\
-				oid.c 					\
-				platform.c 				\
-				platform_util.c				\
-				rsa_internal.c				\
-				)
+MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_common.c
+
+
+LIBMBEDTLS_SRCS		:= $(addprefix ${MBEDTLS_DIR}/library/,	\
+					asn1parse.c 				\
+					asn1write.c 				\
+					memory_buffer_alloc.c			\
+					oid.c 					\
+					platform.c 				\
+					platform_util.c				\
+					bignum.c				\
+					md.c					\
+					md_wrap.c				\
+					pk.c 					\
+					pk_wrap.c 				\
+					pkparse.c 				\
+					pkwrite.c 				\
+					sha256.c            			\
+					sha512.c            			\
+					ecdsa.c					\
+					ecp_curves.c				\
+					ecp.c					\
+					rsa.c					\
+					rsa_internal.c				\
+					x509.c 					\
+					x509_crt.c 				\
+					)
+
+# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
+# algorithm to use. If the variable is not defined, select it based on algorithm
+# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
+# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
+ifeq (${TF_MBEDTLS_KEY_ALG},)
+    ifeq (${KEY_ALG}, ecdsa)
+        TF_MBEDTLS_KEY_ALG		:=	ecdsa
+    else
+        TF_MBEDTLS_KEY_ALG		:=	rsa
+    endif
+endif
+
+# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
+# backward compatibility
+ifdef MBEDTLS_KEY_ALG
+    ifeq (${ERROR_DEPRECATED},1)
+        $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+    endif
+    $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
+    TF_MBEDTLS_KEY_ALG	:= ${MBEDTLS_KEY_ALG}
+endif
+
+ifeq (${HASH_ALG}, sha384)
+    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
+else ifeq (${HASH_ALG}, sha512)
+   TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
+else
+    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
+endif
+
+ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
+    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
+    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
+else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
+    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
+else
+    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
+endif
+
+# Needs to be set to drive mbed TLS configuration correctly
+$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
+$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
+
+
+$(eval $(call MAKE_LIB,mbedtls))
 
 endif
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.mk b/drivers/auth/mbedtls/mbedtls_crypto.mk
index 6b15e71..2a9fbbf 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.mk
+++ b/drivers/auth/mbedtls/mbedtls_crypto.mk
@@ -6,86 +6,6 @@
 
 include drivers/auth/mbedtls/mbedtls_common.mk
 
-# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
-# algorithm to use. If the variable is not defined, select it based on algorithm
-# used for key generation `KEY_ALG`. If `KEY_ALG` is not defined or is
-# defined to `rsa`/`rsa_1_5`, then set the variable to `rsa`.
-ifeq (${TF_MBEDTLS_KEY_ALG},)
-    ifeq (${KEY_ALG}, ecdsa)
-        TF_MBEDTLS_KEY_ALG		:=	ecdsa
-    else
-        TF_MBEDTLS_KEY_ALG		:=	rsa
-    endif
-endif
+MBEDTLS_SOURCES	+=		drivers/auth/mbedtls/mbedtls_crypto.c
 
-# If MBEDTLS_KEY_ALG build flag is defined use it to set TF_MBEDTLS_KEY_ALG for
-# backward compatibility
-ifdef MBEDTLS_KEY_ALG
-    ifeq (${ERROR_DEPRECATED},1)
-        $(error "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
-    endif
-    $(warning "MBEDTLS_KEY_ALG is deprecated. Please use the new build flag TF_MBEDTLS_KEY_ALG")
-    TF_MBEDTLS_KEY_ALG	:= ${MBEDTLS_KEY_ALG}
-endif
-
-MBEDTLS_CRYPTO_SOURCES		:=	drivers/auth/mbedtls/mbedtls_crypto.c	\
-					$(addprefix ${MBEDTLS_DIR}/library/,	\
-					bignum.c				\
-					md.c					\
-					md_wrap.c				\
-					pk.c 					\
-					pk_wrap.c 				\
-					pkparse.c 				\
-					pkwrite.c 				\
-					)
-
-ifeq (${HASH_ALG}, sha384)
-    MBEDTLS_CRYPTO_SOURCES  += \
-					$(addprefix ${MBEDTLS_DIR}/library/,	\
-						sha256.c            \
-						sha512.c            \
-					)
-    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA384
-else ifeq (${HASH_ALG}, sha512)
-    MBEDTLS_CRYPTO_SOURCES  += \
-					$(addprefix ${MBEDTLS_DIR}/library/,	\
-						sha256.c            \
-						sha512.c            \
-					)
-    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA512
-else
-    MBEDTLS_CRYPTO_SOURCES  += \
-					$(addprefix ${MBEDTLS_DIR}/library/,	\
-						sha256.c            \
-					)
-    TF_MBEDTLS_HASH_ALG_ID	:=	TF_MBEDTLS_SHA256
-endif
-
-# Key algorithm specific files
-MBEDTLS_ECDSA_CRYPTO_SOURCES	+=	$(addprefix ${MBEDTLS_DIR}/library/,	\
-					ecdsa.c					\
-					ecp_curves.c				\
-					ecp.c					\
-					)
-
-MBEDTLS_RSA_CRYPTO_SOURCES	+=	$(addprefix ${MBEDTLS_DIR}/library/,	\
-					rsa.c					\
-					)
-
-ifeq (${TF_MBEDTLS_KEY_ALG},ecdsa)
-    MBEDTLS_CRYPTO_SOURCES	+=	$(MBEDTLS_ECDSA_CRYPTO_SOURCES)
-    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_ECDSA
-else ifeq (${TF_MBEDTLS_KEY_ALG},rsa)
-    MBEDTLS_CRYPTO_SOURCES	+=	$(MBEDTLS_RSA_CRYPTO_SOURCES)
-    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA
-else ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa)
-    MBEDTLS_CRYPTO_SOURCES	+=	$(MBEDTLS_ECDSA_CRYPTO_SOURCES)
-    MBEDTLS_CRYPTO_SOURCES	+=	$(MBEDTLS_RSA_CRYPTO_SOURCES)
-    TF_MBEDTLS_KEY_ALG_ID	:=	TF_MBEDTLS_RSA_AND_ECDSA
-else
-    $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS")
-endif
 
-# Needs to be set to drive mbed TLS configuration correctly
-$(eval $(call add_define,TF_MBEDTLS_KEY_ALG_ID))
-$(eval $(call add_define,TF_MBEDTLS_HASH_ALG_ID))
diff --git a/drivers/auth/mbedtls/mbedtls_x509.mk b/drivers/auth/mbedtls/mbedtls_x509.mk
index a6f72e6..a0557e2 100644
--- a/drivers/auth/mbedtls/mbedtls_x509.mk
+++ b/drivers/auth/mbedtls/mbedtls_x509.mk
@@ -6,8 +6,4 @@
 
 include drivers/auth/mbedtls/mbedtls_common.mk
 
-MBEDTLS_X509_SOURCES	:=	drivers/auth/mbedtls/mbedtls_x509_parser.c	\
-				$(addprefix ${MBEDTLS_DIR}/library/,		\
-				x509.c 						\
-				x509_crt.c 					\
-				)
+MBEDTLS_SOURCES	+=	drivers/auth/mbedtls/mbedtls_x509_parser.c