Migrate configuration-crypto components to cmake #10507
Open
+141
−87
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
minosgalanakis
added
needs-work
needs-ci
ronald-cron-arm
changed the title
ronald-cron-arm
changed the title
minosgalanakis
force-pushed
the
rework/component-configuration-crypto-cmake
branch
2 times, most recently
from
78aec57 to
a39dc79
Compare
minosgalanakis
force-pushed
the
rework/component-configuration-crypto-cmake
branch
3 times, most recently
from
9a7e3aa to
006d758
Compare
Contributor
Author
minosgalanakis
force-pushed
the
rework/component-configuration-crypto-cmake
branch
2 times, most recently
from
35af1d8 to
dab67bd
Compare
minosgalanakis
added
needs-review
Migrate all straightfoward components from using $ASAN_CFLAGS to CMAKE_BUILD_TYPE:String=Asan Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…o cmake Optimization for size (-Os) is required. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…r_accel_ec to cmake Compilation flags, and spe include directories have been adjusted Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…onents to cmake - By default all unspecified build-type components should be release - CMAKE_BUILD_TYPE:String=Release enables the following CFLAGS: "-O2 -Werror -Wall -Wextra" Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…se components to cmake Moved the following components to CMAKE_BUILD_TYPE:String=Release and adjusted the include paths for cmake: * component_build_psa_crypto_spm * component_test_tfm_config_no_p256m Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…d_light_only to cmake Use compilation directory for object discovery in out-of-source CMake builds. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
…_BUILD_TYPE:String=None Improve compilation flag granularity by disabling CMAKE_BUILD_TYPE defaults and asserting test-specific flags manually. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The original make -C tests, contains a perl inliner to generate the alt-headers. Replicated that logic in sed regex. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Update the previously modified component to use consistent syntax: * make -> cmake --build . * make test -> ctest * Removed redudant CC=$ASAN_CC for BUILD_TYPE:String=Asan Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
minosgalanakis
force-pushed
the
rework/component-configuration-crypto-cmake
branch
from
51266d8 to
61f5ab1
Compare
ronald-cron-arm
removed
the
needs-reviewer
github-project-automation
bot
moved this to In Development
in Roadmap pull requests (new board)
ronald-cron-arm
moved this from In Development
to In Review
in Roadmap pull requests (new board)
ronald-cron-arm
requested changes
Dec 12, 2025
Contributor
ronald-cron-arm
left a comment
ronald-cron-arm
left a comment
There was a problem hiding this comment.
This looks quit good to me. I have a few questions and suggestions. Regarding completeness, although we discuss to discard it at some point, we should be able to migrate test_psa_crypto_drivers as well I'd say.
|
|
||
| # Build crypto library | ||
| $MAKE_COMMAND CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS" | ||
| CFLAGS="$ASAN_CFLAGS -I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . |
Contributor
There was a problem hiding this comment.
Suggested change
| CFLAGS="$ASAN_CFLAGS -I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . | |
| CC=$ASAN_CC CFLAGS="-I$PWD/framework/tests/include/spe" cmake -D CMAKE_BUILD_TYPE:String=Asan . |
|
|
||
| # Note: Creating a directory, ensures cmake will not use a random name to | ||
| # place the compilation object files. | ||
| mkdir mdtest && cd mdtest |
Contributor
There was a problem hiding this comment.
We rather use $OUT_OF_SOURCE_DIR usually like in component_test_cmake_out_of_source
| $MAKE_COMMAND clean | ||
| $MAKE_COMMAND CFLAGS="-O2 $cflags" LDFLAGS="$ldflags" | ||
|
|
||
| make -f ./scripts/legacy.make clean |
Contributor
There was a problem hiding this comment.
We want to stop using legacy.make.
Comment on lines
+2067
to
+2068
| #define PSA_WANT_ALG_GCM 1 | ||
| #define PSA_WANT_ALG_HKDF 1 |
Contributor
There was a problem hiding this comment.
Why do you need to add that?
| msg "all loops unrolled" | ||
| $MAKE_COMMAND clean | ||
| make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" | ||
| CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" cmake -D CMAKE_BUILD_TYPE:String=None . |
Contributor
There was a problem hiding this comment.
Suggested change
| CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" cmake -D CMAKE_BUILD_TYPE:String=None . | |
| CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1" cmake -D CMAKE_BUILD_TYPE:String=Release . |
?
| component_build_psa_alt_headers () { | ||
| msg "build: make with PSA alt headers" # ~20s | ||
|
|
||
| PSA_ALT_HDRS="$PWD/framework/tests/include/alt-extra" |
Contributor
There was a problem hiding this comment.
Suggested change
| PSA_ALT_HDRS="$PWD/framework/tests/include/alt-extra" | |
| PSA_ALT_HEADERS_PATH="$PWD/framework/tests/include/alt-extra" |
?
Contributor
There was a problem hiding this comment.
While at it, would you mind not generating the alt headers in the framework but rather in tests/alt-dummy/psa?
| scripts/config.py unset MBEDTLS_HMAC_DRBG_C | ||
| scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG | ||
| CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan . | ||
| cmake -D CMAKE_BUILD_TYPE:String=Asan . |
Contributor
There was a problem hiding this comment.
"CMAKE_BUILD_TYPE:String=Asan" does not select the compiler thus CC=$ASAN_CC is not redundant and should be kept.
| scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC | ||
| $MAKE_COMMAND CC=clang CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" | ||
|
|
||
| CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake -D CMAKE_BUILD_TYPE:String=None . |
Contributor
There was a problem hiding this comment.
Suggested change
| CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake -D CMAKE_BUILD_TYPE:String=None . | |
| CFLAGS="$ASAN_CFLAGS -Os" LDFLAGS="$ASAN_CFLAGS" cmake . |
seems to be enough
| msg "build: make, crypto only, baremetal config" | ||
| scripts/config.py crypto_baremetal | ||
| $MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/" | ||
| CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake -D CMAKE_BUILD_TYPE:String=None . |
Contributor
There was a problem hiding this comment.
Suggested change
| CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake -D CMAKE_BUILD_TYPE:String=None . | |
| CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake . |
seems enough.
| scripts/config.py unset MBEDTLS_PK_PARSE_C | ||
| scripts/config.py unset MBEDTLS_PK_WRITE_C | ||
| $MAKE_COMMAND CFLAGS='-O1 -Werror' all test | ||
| CFLAGS="-O1" cmake -D CMAKE_BUILD_TYPE:String=None . |
Contributor
There was a problem hiding this comment.
Suggested change
| CFLAGS="-O1" cmake -D CMAKE_BUILD_TYPE:String=None . | |
| CFLAGS="-O1" cmake . |
seems enough.
github-project-automation
bot
moved this from In Review
to In Development
in Roadmap pull requests (new board)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Migrates a series of components from the configuration-crypto on mbedtls to cmake. One of many pr's required for #10472
PR checklist
Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.