TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / b5fd7b9a54108c8437f45f200ef09bef8525fbcf^1..b5fd7b9a54108c8437f45f200ef09bef8525fbcf / .
commitb5fd7b9a54108c8437f45f200ef09bef8525fbcf[log] [tgz]
authorRonald Cron <ronald.cron@arm.com>Fri Jul 18 11:56:41 2025 +0000
committerGitHub <noreply@github.com>Fri Jul 18 11:56:41 2025 +0000
treeecf0b3be7dfeebad8fcb2d3ab368342edf51c0b5
parent4e9d91005f3e1b8823b358515f92339968acfbac [diff]
parent3c2a1cb1d61363c73fdeebb6125e0e5f85c1ba01 [diff]
Merge pull request #10295 from gilles-peskine-arm/nv-seed-only-prepare-mbedtls

Allow builds with no RNG but entropy in an NV seed: prepare Mbed TLS

diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h
index e4de8b3..163520e 100644
--- a/configs/crypto-config-ccm-psk-tls1_2.h
+++ b/configs/crypto-config-ccm-psk-tls1_2.h

@@ -31,15 +31,9 @@
 
 #define MBEDTLS_CTR_DRBG_C
 #define MBEDTLS_ENTROPY_C
+#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
 
 /* Save RAM at the expense of ROM */
 #define MBEDTLS_AES_ROM_TABLES
 
-/*
- * You should adjust this to the exact number of sources you're using: default
- * is the "platform_entropy_poll" source, but you may want to add other ones
- * Minimum is 2 for the entropy test suite.
- */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 2
-
 #endif /* PSA_CRYPTO_CONFIG_H */

diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
index dd304c1..0437bda 100644
--- a/configs/crypto-config-suite-b.h
+++ b/configs/crypto-config-suite-b.h

@@ -51,6 +51,7 @@
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
 
 /* For test certificates */
 #define MBEDTLS_BASE64_C
@@ -69,10 +70,4 @@
 /* Significant speed benefit at the expense of some ROM */
 #define MBEDTLS_ECP_NIST_OPTIM
 
-/*
- * You should adjust this to the exact number of sources you're using: default
- * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
- * Minimum is 2 for the entropy test suite.
- */
-#define MBEDTLS_ENTROPY_MAX_SOURCES 2
 #endif /* PSA_CRYPTO_CONFIG_H */

diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
index 18206e1..5475a0a 100644
--- a/configs/crypto-config-thread.h
+++ b/configs/crypto-config-thread.h

@@ -60,6 +60,7 @@
 #define MBEDTLS_MD_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
 
 /* Save RAM at the expense of ROM */
 #define MBEDTLS_AES_ROM_TABLES

diff --git a/scripts/config.py b/scripts/config.py
index a61e9f6..750ff88 100755
--- a/scripts/config.py
+++ b/scripts/config.py

@@ -89,6 +89,7 @@
     'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
     'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
     'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
+    'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY
     'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
     'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
     'MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS', # removes a feature

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 132d53e..67a3885 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py

@@ -62,6 +62,12 @@
             # https://github.com/Mbed-TLS/mbedtls/issues/9586
             'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED',
         ],
+        'test_suite_config.crypto_combinations': [
+            # New thing in crypto. Not intended to be tested separately
+            # in mbedtls.
+            # https://github.com/Mbed-TLS/mbedtls/issues/10300
+            'Config: entropy: NV seed only',
+        ],
         'test_suite_config.psa_boolean': [
             # We don't test with HMAC disabled.
             # https://github.com/Mbed-TLS/mbedtls/issues/9591