Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / e71c689b0034a68d173d308dc66c31b6325ae2aa / . / meta-arm / meta-arm-bsp / recipes-security / trusted-services / secure-partitions / corstone1000 / 0033-Enhance-mbedtls-fetch-process.patch
blob: 02130b56d6168b99490f2a1529609642833fe5d4 [file] [log] [blame]
Brad Bishopbec4ebc2022-08-03 09:55:16 -0400[diff] [blame]1From 47db072e9ec749c6be7c0a27d64d7fbd75748d60 Mon Sep 17 00:00:00 2001
2From: Gyorgy Szing <Gyorgy.Szing@arm.com>
3Date: Wed, 8 Dec 2021 04:20:34 +0100
4Subject: [PATCH] Enhance mbedtls fetch process
5
6Update management of MbedTLS external component to be optimized
7for download speed insted of availability.
8The updated process is:
9 - check if binary is available. If yes configure build to use it
10 and stop.
11 - if not, check is source is available. If yes, build it and use
12 the resulting binary.
13 - if not, then download the source using git, compile it and use
14 the resulting binary
15
16The following variables can be set on the command line to alter the
17behavior of the module:
18 - MBEDTLS_URL git repo URL to fetch from.
19 - MBEDTLS_REFSPEC revision to fetch
20 - MBEDTLS_SOURCE_DIR to specify location of source code in
21 local file syetem.
22 - MBEDTLS_INSTALL_DIR to specify location of binary.
23
24I.e. cmake -S <...> -B <...> -DMBEDTLS_INSTALL_DIR=~/mbedtls
25will make the resulting binary installed to ~/mbedtls. This can be
26used later to speed up a clean build an use the prebuilt binary.
27
28Change-Id: I8a9ad8b3303e6dfa0a7c9c3d7e4b4787b94d925a
29Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
30
31Upstream-Status: Pending [Not submitted to upstream yet]
32Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
33
34
35---
36 external/MbedTLS/MbedTLS.cmake | 192 ++++++++++++++++++++-------------
37 1 file changed, 119 insertions(+), 73 deletions(-)
38
39diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
40index 3cbaed15..935be765 100644
41--- a/external/MbedTLS/MbedTLS.cmake
42+++ b/external/MbedTLS/MbedTLS.cmake
43@@ -1,96 +1,142 @@
44 #-------------------------------------------------------------------------------
45-# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
46+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
47 #
48 # SPDX-License-Identifier: BSD-3-Clause
49 #
50 #-------------------------------------------------------------------------------
51
52-# Determine the number of processes to run while running parallel builds.
53-# Pass -DPROCESSOR_COUNT=<n> to cmake to override.
54-if(NOT DEFINED PROCESSOR_COUNT)
55- include(ProcessorCount)
56- ProcessorCount(PROCESSOR_COUNT)
57- set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.")
58-endif()
59+set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git"
60+ CACHE STRING "Mbed TLS repository URL")
61+set(MBEDTLS_REFSPEC "mbedtls-3.0.0"
62+ CACHE STRING "Mbed TLS git refspec")
63+set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src"
64+ CACHE PATH "MbedTLS source directory")
65+set(MBEDTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install"
66+ CACHE PATH "Mbed TLS installation directory")
67
68-set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "Mbed TLS repository URL")
69-set(MBEDTLS_REFSPEC "mbedtls-3.0.0" CACHE STRING "Mbed TLS git refspec")
70-set(MBEDTLS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" CACHE PATH "Mbed TLS installation directory")
71-set(MBEDTLS_PACKAGE_PATH "${MBEDTLS_INSTALL_PATH}/lib/mbedtls/cmake" CACHE PATH "Mbed TLS CMake package directory")
72+find_library(MBEDCRYPTO_LIB_FILE
73+ NAMES libmbedcrypto.a mbedcrypto.a libmbedcrypto.lib mbedcrypto.lib
74+ PATHS ${MBEDTLS_INSTALL_DIR}
75+ PATH_SUFFIXES "lib"
76+ DOC "Location of mberdrypto library."
77+ NO_DEFAULT_PATH
78+)
79
80-include(FetchContent)
81+set(MBEDCRYPTO_LIB_FILE ${MBEDCRYPTO_LIB_FILE})
82+unset(MBEDCRYPTO_LIB_FILE CACHE)
83
84-# Checking git
85-find_program(GIT_COMMAND "git")
86-if (NOT GIT_COMMAND)
87- message(FATAL_ERROR "Please install git")
88-endif()
89+set(MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-build")
90
91-# Fetching Mbed TLS
92-FetchContent_Declare(
93- mbedtls
94- GIT_REPOSITORY ${MBEDTLS_URL}
95- GIT_TAG ${MBEDTLS_REFSPEC}
96- GIT_SHALLOW TRUE
97-)
98+# Binary not found and it needs to be built.
99+if (NOT MBEDCRYPTO_LIB_FILE)
100+ # Determine the number of processes to run while running parallel builds.
101+ # Pass -DPROCESSOR_COUNT=<n> to cmake to override.
102+ if(NOT DEFINED PROCESSOR_COUNT)
103+ include(ProcessorCount)
104+ ProcessorCount(PROCESSOR_COUNT)
105+ set(PROCESSOR_COUNT ${PROCESSOR_COUNT}
106+ CACHE STRING "Number of cores to use for parallel builds.")
107+ endif()
108
109-# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables
110-FetchContent_GetProperties(mbedtls)
111-if(NOT mbedtls_POPULATED)
112- message(STATUS "Fetching Mbed TLS")
113- FetchContent_Populate(mbedtls)
114-endif()
115+ # See if the source is available locally
116+ find_file(MBEDCRYPTO_HEADER_FILE
117+ NAMES crypto.h
118+ PATHS ${MBEDTLS_SOURCE_DIR}
119+ PATH_SUFFIXES "include/psa"
120+ NO_DEFAULT_PATH
121+ )
122+ set(MBEDCRYPTO_HEADER_FILE ${MBEDCRYPTO_HEADER_FILE})
123+ unset(MBEDCRYPTO_HEADER_FILE CACHE)
124
125-# Convert the include path list to a string. Needed to make parameter passing to
126-# Mbed TLS build work fine.
127-string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}")
128+ # Source not found, fetch it.
129+ if (NOT MBEDCRYPTO_HEADER_FILE)
130+ include(FetchContent)
131
132-find_package(Python3 COMPONENTS Interpreter)
133-if (NOT Python3_Interpreter_FOUND)
134- message(FATAL_ERROR "Python 3 interpreter not found.")
135-endif()
136+ # Checking git
137+ find_program(GIT_COMMAND "git")
138+ if (NOT GIT_COMMAND)
139+ message(FATAL_ERROR "Please install git")
140+ endif()
141
142-#Configure Mbed TLS to build only mbedcrypto lib
143-execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR})
144-
145-# Advertise Mbed TLS as the provider of the psa crypto API
146-set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_PATH}/include" CACHE STRING "PSA Crypto API include path")
147-
148-#Configure the library
149-execute_process(COMMAND
150- ${CMAKE_COMMAND}
151- -DENABLE_PROGRAMS=OFF
152- -DENABLE_TESTING=OFF
153- -DUNSAFE_BUILD=ON
154- -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH}
155- -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
156- -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY
157- -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
158- -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES}
159- -GUnix\ Makefiles
160- ${mbedtls_SOURCE_DIR}
161- WORKING_DIRECTORY
162- ${mbedtls_BINARY_DIR}
163- RESULT_VARIABLE _exec_error
164-)
165+ # Fetching Mbed TLS
166+ FetchContent_Declare(
167+ mbedtls
168+ SOURCE_DIR ${MBEDTLS_SOURCE_DIR}
169+ BINARY_DIR ${MBEDTLS_BINARY_DIR}
170+ GIT_REPOSITORY ${MBEDTLS_URL}
171+ GIT_TAG ${MBEDTLS_REFSPEC}
172+ GIT_SHALLOW TRUE
173+ )
174
175-if (_exec_error)
176- message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.")
177-endif()
178+ # FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables
179+ FetchContent_GetProperties(mbedtls)
180+ # FetchContent_Populate will fail if the source directory is removed since it will try to
181+ # do an "update" and not a "populate" action. As a workaround, remove the subbuild directory.
182+ # Note: this fix assumes, the default subbuild location is used.
183+ file(REMOVE_RECURSE "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-subbuild")
184+
185+ # If the source directory has been moved, the binary dir must be regenerated from scratch.
186+ file(REMOVE_RECURSE "${MBEDTLS_BINARY_DIR}")
187
188-#TODO: add dependency to generated project on this file!
189-#TODO: add custom target to rebuild Mbed TLS
190+ if (NOT mbedtls_POPULATED)
191+ message(STATUS "Fetching Mbed TLS")
192+ FetchContent_Populate(mbedtls)
193+ endif()
194+ set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDTLS_SOURCE_DIR})
195+ endif()
196
197-#Build the library
198-execute_process(COMMAND
199- ${CMAKE_COMMAND} --build ${mbedtls_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install
200+ # Build mbedcrypto library
201+
202+ # Convert the include path list to a string. Needed to make parameter passing to
203+ # Mbed TLS build work fine.
204+ string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}")
205+
206+ find_package(Python3 REQUIRED COMPONENTS Interpreter)
207+
208+ #Configure Mbed TLS to build only mbedcrypto lib
209+ execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${MBEDTLS_SOURCE_DIR})
210+
211+ # Advertise Mbed TLS as the provider of the psa crypto API
212+ set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_DIR}/include" CACHE STRING "PSA Crypto API include path")
213+
214+ #Configure the library
215+ execute_process(COMMAND
216+ ${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE}
217+ ${CMAKE_COMMAND}
218+ -DENABLE_PROGRAMS=OFF
219+ -DENABLE_TESTING=OFF
220+ -DUNSAFE_BUILD=ON
221+ -DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_DIR}
222+ -DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
223+ -DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY
224+ -DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
225+ -DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES}
226+ -GUnix\ Makefiles
227+ ${MBEDTLS_SOURCE_DIR}
228+ WORKING_DIRECTORY
229+ ${MBEDTLS_BINARY_DIR}
230 RESULT_VARIABLE _exec_error
231 )
232-if (_exec_error)
233- message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.")
234+
235+ if (_exec_error)
236+ message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.")
237+ endif()
238+
239+ #Build the library
240+ execute_process(COMMAND
241+ ${CMAKE_COMMAND} --build ${MBEDTLS_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install
242+ RESULT_VARIABLE _exec_error
243+ )
244+
245+ if (_exec_error)
246+ message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.")
247+ endif()
248+
249+ set(MBEDCRYPTO_LIB_FILE "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}")
250 endif()
251
252 #Create an imported target to have clean abstraction in the build-system.
253 add_library(mbedcrypto STATIC IMPORTED)
254-set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION "${MBEDTLS_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}")
255-set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_PATH}/include")
256+set_property(DIRECTORY ${CMAKE_SOURCE_DIR} APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDCRYPTO_LIB_FILE})
257+set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION ${MBEDCRYPTO_LIB_FILE})
258+set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_DIR}/include")