diff mbox series

mbedtls: add option to use PSA for X.509/TLS operations

Message ID 20230117145126.2926331-1-ross.burton@arm.com
State Under Review
Headers show
Series mbedtls: add option to use PSA for X.509/TLS operations | expand

Commit Message

Ross Burton Jan. 17, 2023, 2:51 p.m. UTC 
Add an option to use Platform Security Architecture for the X.509 and TLS
operations.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .../recipes-connectivity/mbedtls/mbedtls_2.28.1.bb          | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
index 742414dd8a..b178f5785b 100644
--- a/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
+++ b/meta-networking/recipes-connectivity/mbedtls/mbedtls_2.28.1.bb
@@ -32,9 +32,15 @@  PACKAGECONFIG ??= "shared-libs programs"
 PACKAGECONFIG[shared-libs] = "-DUSE_SHARED_MBEDTLS_LIBRARY=ON,-DUSE_SHARED_MBEDTLS_LIBRARY=OFF"
 PACKAGECONFIG[programs] = "-DENABLE_PROGRAMS=ON,-DENABLE_PROGRAMS=OFF"
 PACKAGECONFIG[werror] = "-DMBEDTLS_FATAL_WARNINGS=ON,-DMBEDTLS_FATAL_WARNINGS=OFF"
+# Make X.509 and TLS calls use PSA
+# https://github.com/Mbed-TLS/mbedtls/blob/development/docs/use-psa-crypto.md
+PACKAGECONFIG[psa] = ""
 
 EXTRA_OECMAKE = "-DENABLE_TESTING=OFF -DLIB_INSTALL_DIR:STRING=${libdir}"
 
+# For now the only way to enable PSA is to explicitly pass a -D via CFLAGS
+CFLAGS:append = "${@bb.utils.contains('PACKAGECONFIG', 'psa', ' -DMBEDTLS_USE_PSA_CRYPTO', '', d)}"
+
 PROVIDES += "polarssl"
 RPROVIDES:${PN} = "polarssl"