From 588842854189921d1a37ed98469e588366d2eb3d Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Fri, 23 Apr 2021 17:50:45 +0200 Subject: [PATCH] mbedtls: kconfig: created MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings. The MBEDTLS_PROMPTLESS can be set to true whenever configuration of mbedTLS is done from a subsystem or module. Such an example is OpenThread, which selects mbedTLS for some predefined crypto settings using OPENTHREAD_MBEDTLS=y. Unfortunately, extensive use of select can easily cause stuck symbol syndrome making it harder than neccesarry for users to later reconfigure as they easily get stuck in incompatible configurations. Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the MBEDTLS prompt itself when selected but avoid stuck symbol if user select another security configuration. Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must explicitly select this symbol before providing a custom mbedTLS config file. Today, other parts the Kconfig tree may set a default value for MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig selections elsewhere in the tree will not adjust the value. Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user has provided the value. Signed-off-by: Torsten Rasmussen Signed-off-by: Ioannis Glaropoulos --- modules/mbedtls/Kconfig | 19 +++++++++++++++++-- samples/drivers/crypto/prj_mtls_shim.conf | 1 + 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/modules/mbedtls/Kconfig b/modules/mbedtls/Kconfig index e8ebc8bca0b2fc..8ebc079bae56f7 100644 --- a/modules/mbedtls/Kconfig +++ b/modules/mbedtls/Kconfig @@ -5,9 +5,17 @@ config ZEPHYR_MBEDTLS_MODULE bool +config MBEDTLS_PROMPTLESS + bool + help + Symbol to disable the prompt for MBEDTLS selection. + This symbol may be used internally in a Kconfig tree to hide the + mbed TLS menu prompt and instead handle the selection of MBEDTLS from + dependent sub-configurations and thus preven stuck symbol behavior. + menuconfig MBEDTLS - bool "mbedTLS Support" + bool "mbed TLS Support" if !MBEDTLS_PROMPTLESS help This option enables the mbedTLS cryptography library. @@ -32,8 +40,15 @@ config MBEDTLS_LIBRARY endchoice +config CUSTOM_MBEDTLS_CFG_FILE + bool "Custom mbed TLS configuration file" + help + Allow user defined input for the MBEDTLS_CFG_FILE setting. + You can specify the actual configuration file using the + MBEDTLS_CFG_FILE setting. + config MBEDTLS_CFG_FILE - string "mbed TLS configuration file" + string "mbed TLS configuration file" if CUSTOM_MBEDTLS_CFG_FILE depends on MBEDTLS_BUILTIN default "config-tls-generic.h" help diff --git a/samples/drivers/crypto/prj_mtls_shim.conf b/samples/drivers/crypto/prj_mtls_shim.conf index a36eda07d5e4bd..37d41ef72b4777 100644 --- a/samples/drivers/crypto/prj_mtls_shim.conf +++ b/samples/drivers/crypto/prj_mtls_shim.conf @@ -3,6 +3,7 @@ CONFIG_LOG_MODE_MINIMAL=y CONFIG_MBEDTLS=y CONFIG_MBEDTLS_BUILTIN=y CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h" +CONFIG_CUSTOM_MBEDTLS_CFG_FILE=y CONFIG_MBEDTLS_HEAP_SIZE=512 CONFIG_MBEDTLS_CIPHER_CCM_ENABLED=y CONFIG_MBEDTLS_CIPHER_GCM_ENABLED=y