17d37aa17SJuan Castillo# 2*14db963fSManish V Badarkhe# Copyright (c) 2015-2021, Arm Limited. All rights reserved. 37d37aa17SJuan Castillo# 482cb2c1aSdp-arm# SPDX-License-Identifier: BSD-3-Clause 57d37aa17SJuan Castillo# 67d37aa17SJuan Castillo 77d37aa17SJuan Castilloifneq (${MBEDTLS_COMMON_MK},1) 87d37aa17SJuan CastilloMBEDTLS_COMMON_MK := 1 97d37aa17SJuan Castillo 107d37aa17SJuan Castillo# MBEDTLS_DIR must be set to the mbed TLS main directory (it must contain 117d37aa17SJuan Castillo# the 'include' and 'library' subdirectories). 127d37aa17SJuan Castilloifeq (${MBEDTLS_DIR},) 137d37aa17SJuan Castillo $(error Error: MBEDTLS_DIR not set) 147d37aa17SJuan Castilloendif 157d37aa17SJuan Castillo 16ea7a57a3SRoberto VargasMBEDTLS_INC = -I${MBEDTLS_DIR}/include 177d37aa17SJuan Castillo 187d37aa17SJuan Castillo# Specify mbed TLS configuration file 1909d40e0eSAntonio Nino DiazMBEDTLS_CONFIG_FILE := "<drivers/auth/mbedtls/mbedtls_config.h>" 20649dbf6fSJuan Castillo$(eval $(call add_define,MBEDTLS_CONFIG_FILE)) 217d37aa17SJuan Castillo 22180c4bc2SRoberto VargasMBEDTLS_SOURCES += drivers/auth/mbedtls/mbedtls_common.c 23180c4bc2SRoberto Vargas 24180c4bc2SRoberto Vargas 25180c4bc2SRoberto VargasLIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ 267cda17bbSSumit Garg aes.c \ 277d37aa17SJuan Castillo asn1parse.c \ 287d37aa17SJuan Castillo asn1write.c \ 297cda17bbSSumit Garg cipher.c \ 307cda17bbSSumit Garg cipher_wrap.c \ 317d37aa17SJuan Castillo memory_buffer_alloc.c \ 327d37aa17SJuan Castillo oid.c \ 337d37aa17SJuan Castillo platform.c \ 34d25b527cSJeenu Viswambharan platform_util.c \ 35180c4bc2SRoberto Vargas bignum.c \ 367cda17bbSSumit Garg gcm.c \ 37180c4bc2SRoberto Vargas md.c \ 38180c4bc2SRoberto Vargas pk.c \ 39180c4bc2SRoberto Vargas pk_wrap.c \ 40180c4bc2SRoberto Vargas pkparse.c \ 41180c4bc2SRoberto Vargas pkwrite.c \ 42180c4bc2SRoberto Vargas sha256.c \ 43180c4bc2SRoberto Vargas sha512.c \ 44180c4bc2SRoberto Vargas ecdsa.c \ 45180c4bc2SRoberto Vargas ecp_curves.c \ 46180c4bc2SRoberto Vargas ecp.c \ 47180c4bc2SRoberto Vargas rsa.c \ 48d25b527cSJeenu Viswambharan rsa_internal.c \ 49180c4bc2SRoberto Vargas x509.c \ 50180c4bc2SRoberto Vargas x509_crt.c \ 517d37aa17SJuan Castillo ) 527d37aa17SJuan Castillo 53180c4bc2SRoberto Vargas# The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key 546a415a50SJustin Chadwell# algorithm to use. If the variable is not defined, select it based on 556a415a50SJustin Chadwell# algorithm used for key generation `KEY_ALG`. If `KEY_ALG` is not defined, 566a415a50SJustin Chadwell# then it is set to `rsa`. 57180c4bc2SRoberto Vargasifeq (${TF_MBEDTLS_KEY_ALG},) 58180c4bc2SRoberto Vargas ifeq (${KEY_ALG}, ecdsa) 59180c4bc2SRoberto Vargas TF_MBEDTLS_KEY_ALG := ecdsa 60180c4bc2SRoberto Vargas else 61180c4bc2SRoberto Vargas TF_MBEDTLS_KEY_ALG := rsa 62180c4bc2SRoberto Vargas endif 63180c4bc2SRoberto Vargasendif 64180c4bc2SRoberto Vargas 65aacff749SJustin Chadwellifeq (${TF_MBEDTLS_KEY_SIZE},) 66aacff749SJustin Chadwell ifneq ($(findstring rsa,${TF_MBEDTLS_KEY_ALG}),) 67aacff749SJustin Chadwell ifeq (${KEY_SIZE},) 68aacff749SJustin Chadwell TF_MBEDTLS_KEY_SIZE := 2048 69aacff749SJustin Chadwell else 70aacff749SJustin Chadwell TF_MBEDTLS_KEY_SIZE := ${KEY_SIZE} 71aacff749SJustin Chadwell endif 72aacff749SJustin Chadwell endif 73aacff749SJustin Chadwellendif 74aacff749SJustin Chadwell 75180c4bc2SRoberto Vargasifeq (${HASH_ALG}, sha384) 76180c4bc2SRoberto Vargas TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA384 77180c4bc2SRoberto Vargaselse ifeq (${HASH_ALG}, sha512) 78180c4bc2SRoberto Vargas TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA512 79180c4bc2SRoberto Vargaselse 80180c4bc2SRoberto Vargas TF_MBEDTLS_HASH_ALG_ID := TF_MBEDTLS_SHA256 81180c4bc2SRoberto Vargasendif 82180c4bc2SRoberto Vargas 83180c4bc2SRoberto Vargasifeq (${TF_MBEDTLS_KEY_ALG},ecdsa) 84180c4bc2SRoberto Vargas TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_ECDSA 85180c4bc2SRoberto Vargaselse ifeq (${TF_MBEDTLS_KEY_ALG},rsa) 86180c4bc2SRoberto Vargas TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA 87180c4bc2SRoberto Vargaselse ifeq (${TF_MBEDTLS_KEY_ALG},rsa+ecdsa) 88180c4bc2SRoberto Vargas TF_MBEDTLS_KEY_ALG_ID := TF_MBEDTLS_RSA_AND_ECDSA 89180c4bc2SRoberto Vargaselse 90180c4bc2SRoberto Vargas $(error "TF_MBEDTLS_KEY_ALG=${TF_MBEDTLS_KEY_ALG} not supported on mbed TLS") 91180c4bc2SRoberto Vargasendif 92180c4bc2SRoberto Vargas 937cda17bbSSumit Gargifeq (${DECRYPTION_SUPPORT}, aes_gcm) 947cda17bbSSumit Garg TF_MBEDTLS_USE_AES_GCM := 1 957cda17bbSSumit Gargelse 967cda17bbSSumit Garg TF_MBEDTLS_USE_AES_GCM := 0 977cda17bbSSumit Gargendif 987cda17bbSSumit Garg 99*14db963fSManish V Badarkheifeq ($(MEASURED_BOOT),1) 100*14db963fSManish V Badarkhe ifeq (${TPM_HASH_ALG}, sha256) 101*14db963fSManish V Badarkhe TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA256 102*14db963fSManish V Badarkhe else ifeq (${TPM_HASH_ALG}, sha384) 103*14db963fSManish V Badarkhe TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA384 104*14db963fSManish V Badarkhe else ifeq (${TPM_HASH_ALG}, sha512) 105*14db963fSManish V Badarkhe TF_MBEDTLS_TPM_HASH_ALG_ID := TF_MBEDTLS_SHA512 106*14db963fSManish V Badarkhe else 107*14db963fSManish V Badarkhe $(error "TPM_HASH_ALG not defined.") 108*14db963fSManish V Badarkhe endif 109*14db963fSManish V Badarkheendif 110*14db963fSManish V Badarkhe 111180c4bc2SRoberto Vargas# Needs to be set to drive mbed TLS configuration correctly 112327131c4SLeonardo Sandoval$(eval $(call add_defines,\ 113327131c4SLeonardo Sandoval $(sort \ 114327131c4SLeonardo Sandoval TF_MBEDTLS_KEY_ALG_ID \ 115327131c4SLeonardo Sandoval TF_MBEDTLS_KEY_SIZE \ 116327131c4SLeonardo Sandoval TF_MBEDTLS_HASH_ALG_ID \ 117327131c4SLeonardo Sandoval TF_MBEDTLS_USE_AES_GCM \ 118327131c4SLeonardo Sandoval))) 119180c4bc2SRoberto Vargas 120*14db963fSManish V Badarkheifeq ($(MEASURED_BOOT),1) 121*14db963fSManish V Badarkhe $(eval $(call add_define,TF_MBEDTLS_TPM_HASH_ALG_ID)) 122*14db963fSManish V Badarkheendif 123*14db963fSManish V Badarkhe 124180c4bc2SRoberto Vargas$(eval $(call MAKE_LIB,mbedtls)) 125180c4bc2SRoberto Vargas 1267d37aa17SJuan Castilloendif 127