| Upstream-Status: Backport |
| Signed-off-by: Emekcan Aras <emekcan.aras@arm.com> |
| |
| From a93084be95634b66b917f1c8baf403067dc75c5d Mon Sep 17 00:00:00 2001 |
| From: Sandrine Bailleux <sandrine.bailleux@arm.com> |
| Date: Thu, 21 Apr 2022 10:21:29 +0200 |
| Subject: [PATCH] build(deps): upgrade to mbed TLS 2.28.0 |
| |
| Upgrade to the latest and greatest 2.x release of Mbed TLS library |
| (i.e. v2.28.0) to take advantage of their bug fixes. |
| |
| Note that the Mbed TLS project published version 3.x some time |
| ago. However, as this is a major release with API breakages, upgrading |
| to 3.x might require some more involved changes in TF-A, which we are |
| not ready to do. We shall upgrade to mbed TLS 3.x after the v2.7 |
| release of TF-A. |
| |
| Actually, the upgrade this time simply boils down to including the new |
| source code module 'constant_time.c' into the firmware. |
| |
| To quote mbed TLS v2.28.0 release notes [1]: |
| |
| The mbedcrypto library includes a new source code module |
| constant_time.c, containing various functions meant to resist timing |
| side channel attacks. This module does not have a separate |
| configuration option, and functions from this module will be |
| included in the build as required. |
| |
| As a matter of fact, if one is attempting to link TF-A against mbed |
| TLS v2.28.0 without the present patch, one gets some linker errors |
| due to missing symbols from this new module. |
| |
| Apart from this, none of the items listed in mbed TLS release |
| notes [1] directly affect TF-A. Special note on the following one: |
| |
| Fix a bug in mbedtls_gcm_starts() when the bit length of the iv |
| exceeds 2^32. |
| |
| In TF-A, we do use mbedtls_gcm_starts() when the firmware decryption |
| feature is enabled with AES-GCM as the authenticated decryption |
| algorithm (DECRYPTION_SUPPORT=aes_gcm). However, the iv_len variable |
| which gets passed to mbedtls_gcm_starts() is an unsigned int, i.e. a |
| 32-bit value which by definition is always less than 2**32. Therefore, |
| we are immune to this bug. |
| |
| With this upgrade, the size of BL1 and BL2 binaries does not appear to |
| change on a standard sample test build (with trusted boot and measured |
| boot enabled). |
| |
| [1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.0 |
| |
| Change-Id: Icd5dbf527395e9e22c8fd6b77427188bd7237fd6 |
| Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com> |
| --- |
| drivers/auth/mbedtls/mbedtls_common.mk | 1 + |
| 1 file changed, 1 insertion(+) |
| |
| diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk |
| index 0a4775d00..3eb41617f 100644 |
| --- a/drivers/auth/mbedtls/mbedtls_common.mk |
| +++ b/drivers/auth/mbedtls/mbedtls_common.mk |
| @@ -48,6 +48,7 @@ LIBMBEDTLS_SRCS := $(addprefix ${MBEDTLS_DIR}/library/, \ |
| rsa_internal.c \ |
| x509.c \ |
| x509_crt.c \ |
| + constant_time.c \ |
| ) |
| |
| # The platform may define the variable 'TF_MBEDTLS_KEY_ALG' to select the key |
| -- |
| 2.25.1 |
| |