mbedtls: kconfig: created MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE

Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings. The MBEDTLS_PROMPTLESS can be set to true whenever configuration of mbedTLS is done from a subsystem or module. Such an example is OpenThread, which selects mbedTLS for some predefined crypto settings using OPENTHREAD_MBEDTLS=y. Unfortunately, extensive use of select can easily cause stuck symbol syndrome making it harder than neccesarry for users to later reconfigure as they easily get stuck in incompatible configurations. Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the MBEDTLS prompt itself when selected but avoid stuck symbol if user select another security configuration. Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must explicitly select this symbol before providing a custom mbedTLS config file. Today, other parts the Kconfig tree may set a default value for MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig selections elsewhere in the tree will not adjust the value. Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user has provided the value. Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]>
zephyrproject-rtos · May 9, 2021 · 5888428 · 5888428
1 parent c509710
commit 5888428
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig
@@ -5,9 +5,17 @@
 
 config ZEPHYR_MBEDTLS_MODULE
 	bool
+config MBEDTLS_PROMPTLESS
+	bool
+	help
+	  Symbol to disable the prompt for MBEDTLS selection.
+	  This symbol may be used internally in a Kconfig tree to hide the
+	  mbed TLS menu prompt and instead handle the selection of MBEDTLS from
+	  dependent sub-configurations and thus preven stuck symbol behavior.
+
 
 menuconfig MBEDTLS
-	bool "mbedTLS Support"
+	bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS
 	help
 	  This option enables the mbedTLS cryptography library.
 
@@ -32,8 +40,15 @@ config MBEDTLS_LIBRARY
 
 endchoice
 
+config CUSTOM_MBEDTLS_CFG_FILE
+	bool "Custom mbed TLS configuration file"
+	help
+	  Allow user defined input for the MBEDTLS_CFG_FILE setting.
+	  You can specify the actual configuration file using the
+	  MBEDTLS_CFG_FILE setting.
+
 config MBEDTLS_CFG_FILE
-	string "mbed TLS configuration file"
+	string "mbed TLS configuration file" if CUSTOM_MBEDTLS_CFG_FILE
 	depends on MBEDTLS_BUILTIN
 	default "config-tls-generic.h"
 	help

diff --git a/samples/drivers/crypto/prj_mtls_shim.conf b/samples/drivers/crypto/prj_mtls_shim.conf
@@ -3,6 +3,7 @@ CONFIG_LOG_MODE_MINIMAL=y
 CONFIG_MBEDTLS=y
 CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
+CONFIG_CUSTOM_MBEDTLS_CFG_FILE=y
 CONFIG_MBEDTLS_HEAP_SIZE=512
 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y
 CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y