feat(mbedtls-psa): introduce PSA_CRYPTO build option This is a preparatory patch to provide MbedTLS PSA Crypto API support, with below changes - 1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA Crypto API support in the subsequent patches. 2. Compile necessary PSA crypto files from MbedTLS source code when PSA_CRYPTO=1. Also, marked PSA_CRYPTO as an experimental feature. Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

commit: 78e14f8ae2ef32a8aa811413cbd66fea262dfa17 [log] [tgz]
author: Manish V Badarkhe <Manish.Badarkhe@arm.com> Wed Sep 06 09:08:28 2023 +0100
committer: Manish V Badarkhe <Manish.Badarkhe@arm.com> Wed Oct 04 08:51:40 2023 +0100
tree: aa50701052fad5e5dc3bf3b55d404157a15c2fbf
parent: 538d5926bf073d572338b7c927fc004b1b6d08cb [diff]
diff --git a/Makefile b/Makefile
index 8e8fba9..1e6dd90 100644
--- a/Makefile
+++ b/Makefile

@@ -1036,6 +1036,10 @@
 # Determine if FEAT_SB is supported
 ENABLE_FEAT_SB		=	$(if $(findstring sb,${arch-features}),1,0)
 
+ifeq ($(PSA_CRYPTO),1)
+        $(info PSA_CRYPTO is an experimental feature)
+endif
+
 ################################################################################
 # Process platform overrideable behaviour
 ################################################################################
@@ -1217,6 +1221,7 @@
 	ERRATA_NON_ARM_INTERCONNECT \
 	CONDITIONAL_CMO \
 	RAS_FFH_SUPPORT \
+	PSA_CRYPTO	\
 )))
 
 # Numeric_Flags
@@ -1407,6 +1412,7 @@
 	IMPDEF_SYSREG_TRAP \
 	SVE_VECTOR_LEN \
 	ENABLE_SPMD_LP \
+	PSA_CRYPTO	\
 )))
 
 ifeq (${SANITIZE_UB},trap)

diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 7c84ef1..34d83f2 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst

@@ -1185,6 +1185,12 @@
   errata mitigation for platforms with a non-arm interconnect using the errata
   ABI. By default its disabled (``0``).
 
+- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
+  The platform will use PSA compliant Crypto APIs during authentication and
+  image measurement process by enabling this option. It uses APIs defined as
+  per the `PSA Crypto API specification`_. This feature is only supported if
+  using MbedTLS 3.x version. By default it is disabled (``0``).
+
 GICv3 driver options
 --------------------
 
@@ -1306,3 +1312,4 @@
 .. _GCC: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
 .. _Clang: https://clang.llvm.org/docs/DiagnosticsReference.html
 .. _Firmware Handoff specification: https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v0.9
+.. _PSA Crypto API specification: https://armmbed.github.io/mbed-crypto/html/

diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 79c4512..376b6b7 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk

@@ -23,7 +23,11 @@
 ifeq (${MBEDTLS_MAJOR}, 2)
 	MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-2.h>"
 else ifeq (${MBEDTLS_MAJOR}, 3)
-	MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-3.h>"
+	ifeq (${PSA_CRYPTO},1)
+		MBEDTLS_CONFIG_FILE     ?=      "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
+	else
+		MBEDTLS_CONFIG_FILE	?=	"<drivers/auth/mbedtls/mbedtls_config-3.h>"
+	endif
 endif
 
 $(eval $(call add_define,MBEDTLS_CONFIG_FILE))
@@ -77,6 +81,18 @@
 	LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
 endif
 
+ifeq (${PSA_CRYPTO},1)
+LIBMBEDTLS_SRCS         += $(addprefix ${MBEDTLS_DIR}/library/,    	\
+					psa_crypto.c                   	\
+					psa_crypto_client.c            	\
+					psa_crypto_driver_wrappers.c   	\
+					psa_crypto_hash.c              	\
+					psa_crypto_rsa.c               	\
+					psa_crypto_ecp.c               	\
+					psa_crypto_slot_management.c   	\
+					)
+endif
+
 # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key
 # algorithm to use. If the variable is not defined, select it based on
 # algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined,

diff --git a/include/drivers/auth/mbedtls/psa_mbedtls_config.h b/include/drivers/auth/mbedtls/psa_mbedtls_config.h
new file mode 100644
index 0000000..65df2d4
--- /dev/null
+++ b/include/drivers/auth/mbedtls/psa_mbedtls_config.h

@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2023, Arm Ltd. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PSA_MBEDTLS_CONFIG_H
+#define PSA_MBEDTLS_CONFIG_H
+
+#include "mbedtls_config-3.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+
+#endif /* PSA_MBEDTLS_CONFIG_H */

diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index b7e6f99..321ae9f 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk

@@ -359,3 +359,6 @@
 
 # By default, disable SPMD Logical partitions
 ENABLE_SPMD_LP			:= 0
+
+# By default, disable PSA crypto (use MbedTLS legacy crypto API).
+PSA_CRYPTO			:= 0
commit	78e14f8ae2ef32a8aa811413cbd66fea262dfa17	[log] [tgz]
author	Manish V Badarkhe <Manish.Badarkhe@arm.com>	Wed Sep 06 09:08:28 2023 +0100
committer	Manish V Badarkhe <Manish.Badarkhe@arm.com>	Wed Oct 04 08:51:40 2023 +0100
tree	aa50701052fad5e5dc3bf3b55d404157a15c2fbf
parent	538d5926bf073d572338b7c927fc004b1b6d08cb [diff]