summaryrefslogtreecommitdiff
path: root/lib/mbedtls/Kconfig
diff options
context:
space:
mode:
Diffstat (limited to 'lib/mbedtls/Kconfig')
-rw-r--r--lib/mbedtls/Kconfig785
1 files changed, 565 insertions, 220 deletions
diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
index bb8ac5f862b..789721ee6cd 100644
--- a/lib/mbedtls/Kconfig
+++ b/lib/mbedtls/Kconfig
@@ -1,57 +1,54 @@
+# For U-Boot Proper
+
choice
- prompt "Select crypto libraries"
- default LEGACY_CRYPTO
+ prompt "Crypto libraries (U-Boot Proper)"
+ default LEGACY_HASHING_AND_CRYPTO
help
Select crypto libraries.
- LEGACY_CRYPTO for legacy crypto libraries,
+ LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
MBEDTLS_LIB for MbedTLS libraries.
-config LEGACY_CRYPTO
+config LEGACY_HASHING_AND_CRYPTO
bool "legacy crypto libraries"
- select LEGACY_CRYPTO_BASIC
- select LEGACY_CRYPTO_CERT
+ select LEGACY_HASHING
+ select LEGACY_CRYPTO
config MBEDTLS_LIB
bool "MbedTLS libraries"
select MBEDTLS_LIB_X509
endchoice
-if LEGACY_CRYPTO || MBEDTLS_LIB_CRYPTO_ALT
+if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
-config LEGACY_CRYPTO_BASIC
- bool "legacy basic crypto libraries"
+config LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries"
select MD5_LEGACY if MD5
select SHA1_LEGACY if SHA1
select SHA256_LEGACY if SHA256
select SHA512_LEGACY if SHA512
select SHA384_LEGACY if SHA384
- select SPL_MD5_LEGACY if SPL_MD5
- select SPL_SHA1_LEGACY if SPL_SHA1
- select SPL_SHA256_LEGACY if SPL_SHA256
- select SPL_SHA512_LEGACY if SPL_SHA512
- select SPL_SHA384_LEGACY if SPL_SHA384
help
- Enable legacy basic crypto libraries.
+ Enable U-Boot legacy hashing libraries.
-if LEGACY_CRYPTO_BASIC
+if LEGACY_HASHING
config SHA1_LEGACY
bool "Enable SHA1 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA1
+ depends on LEGACY_HASHING && SHA1
help
This option enables support of hashing using SHA1 algorithm
with legacy crypto library.
config SHA256_LEGACY
bool "Enable SHA256 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA256
+ depends on LEGACY_HASHING && SHA256
help
This option enables support of hashing using SHA256 algorithm
with legacy crypto library.
config SHA512_LEGACY
bool "Enable SHA512 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA512
+ depends on LEGACY_HASHING && SHA512
default y if TI_SECURE_DEVICE && FIT_SIGNATURE
help
This option enables support of hashing using SHA512 algorithm
@@ -59,7 +56,7 @@ config SHA512_LEGACY
config SHA384_LEGACY
bool "Enable SHA384 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SHA384
+ depends on LEGACY_HASHING && SHA384
select SHA512_LEGACY
help
This option enables support of hashing using SHA384 algorithm
@@ -67,96 +64,16 @@ config SHA384_LEGACY
config MD5_LEGACY
bool "Enable MD5 support with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && MD5
- help
- This option enables support of hashing using MD5 algorithm
- with legacy crypto library.
-
-if SPL
-
-config SPL_SHA1_LEGACY
- bool "Enable SHA1 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with legacy crypto library.
-
-config SPL_SHA256_LEGACY
- bool "Enable SHA256 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with legacy crypto library.
-
-config SPL_SHA512_LEGACY
- bool "Enable SHA512 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with legacy crypto library.
-
-config SPL_SHA384_LEGACY
- bool "Enable SHA384 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_SHA384
- select SPL_SHA512_LEGACY
- help
- This option enables support of hashing using SHA384 algorithm
- with legacy crypto library.
-
-config SPL_MD5_LEGACY
- bool "Enable MD5 support in SPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && SPL_MD5
- help
- This option enables support of hashing using MD5 algorithm
- with legacy crypto library.
-
-endif # SPL
-
-if VPL
-
-config VPL_SHA1_LEGACY
- bool "Enable SHA1 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with legacy crypto library.
-
-config VPL_SHA256_LEGACY
- bool "Enable SHA256 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with legacy crypto library.
-
-config VPL_SHA512_LEGACY
- bool "Enable SHA512 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with legacy crypto library.
-
-config VPL_SHA384_LEGACY
- bool "Enable SHA384 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_SHA384
- select VPL_SHA512_LEGACY
- help
- This option enables support of hashing using SHA384 algorithm
- with legacy crypto library.
-
-config VPL_MD5_LEGACY
- bool "Enable MD5 support in VPL with legacy crypto library"
- depends on LEGACY_CRYPTO_BASIC && VPL_MD5
+ depends on LEGACY_HASHING && MD5
help
This option enables support of hashing using MD5 algorithm
with legacy crypto library.
-endif # VPL
-
-endif # LEGACY_CRYPTO_BASIC
+endif # LEGACY_HASHING
-config LEGACY_CRYPTO_CERT
+config LEGACY_CRYPTO
bool "legacy certificate libraries"
- depends on LEGACY_CRYPTO
+ depends on LEGACY_HASHING_AND_CRYPTO
select ASN1_DECODER_LEGACY if ASN1_DECODER
select ASYMMETRIC_PUBLIC_KEY_LEGACY if \
ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -164,24 +81,20 @@ config LEGACY_CRYPTO_CERT
select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_LEGACY if MSCODE_PARSER
- select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
- select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
help
Enable legacy certificate libraries.
-if LEGACY_CRYPTO_CERT
+if LEGACY_CRYPTO
config ASN1_DECODER_LEGACY
bool "ASN1 decoder with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && ASN1_DECODER
+ depends on LEGACY_CRYPTO && ASN1_DECODER
help
This option chooses legacy certificate library for ASN1 decoder.
config ASYMMETRIC_PUBLIC_KEY_LEGACY
bool "Asymmetric public key crypto with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
help
This option chooses legacy certificate library for asymmetric public
key crypto algorithm.
@@ -212,68 +125,41 @@ config PKCS7_MESSAGE_PARSER_LEGACY
config MSCODE_PARSER_LEGACY
bool "MS authenticode parser with legacy certificate library"
- depends on LEGACY_CRYPTO_CERT && MSCODE_PARSER
+ depends on LEGACY_CRYPTO && MSCODE_PARSER
select ASN1_DECODER_LEGACY
help
This option chooses legacy certificate library for MS authenticode
parser.
-if SPL
-
-config SPL_ASN1_DECODER_LEGACY
- bool "ASN1 decoder with legacy certificate library in SPL"
- depends on LEGACY_CRYPTO_CERT && SPL_ASN1_DECODER
- help
- This option chooses legacy certificate library for ASN1 decoder in
- SPL.
-
-config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
- bool "Asymmetric public key crypto with legacy certificate library in SPL"
- depends on LEGACY_CRYPTO_CERT && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- help
- This option chooses legacy certificate library for asymmetric public
- key crypto algorithm in SPL.
-
-config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
- bool "RSA public key parser with legacy certificate library in SPL"
- depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
- select SPL_ASN1_DECODER_LEGACY
- help
- This option chooses legacy certificate library for RSA public key
- parser in SPL.
-
-endif # SPL
-
-endif # LEGACY_CRYPTO_CERT
-
endif # LEGACY_CRYPTO
+endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
+
if MBEDTLS_LIB
-config MBEDTLS_LIB_CRYPTO_ALT
- bool "MbedTLS crypto alternatives"
+config MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries"
depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
- select LEGACY_CRYPTO_BASIC
+ select LEGACY_HASHING
default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
help
- Enable MbedTLS crypto alternatives.
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
Mutually incompatible with MBEDTLS_LIB_CRYPTO.
config MBEDTLS_LIB_CRYPTO
- bool "MbedTLS crypto libraries"
+ bool "Use MbedTLS native crypto libraries for hashing"
+ default y if MBEDTLS_LIB
select MD5_MBEDTLS if MD5
select SHA1_MBEDTLS if SHA1
select SHA256_MBEDTLS if SHA256
select SHA512_MBEDTLS if SHA512
select SHA384_MBEDTLS if SHA384
- select SPL_MD5_MBEDTLS if SPL_MD5
- select SPL_SHA1_MBEDTLS if SPL_SHA1
- select SPL_SHA256_MBEDTLS if SPL_SHA256
- select SPL_SHA512_MBEDTLS if SPL_SHA512
- select SPL_SHA384_MBEDTLS if SPL_SHA384
help
- Enable MbedTLS crypto libraries.
- Mutually incompatible with MBEDTLS_LIB_CRYPTO_ALT.
+ Enable MbedTLS native crypto libraries.
+ Mutually incompatible with MBEDTLS_LIB_HASHING_ALT.
if MBEDTLS_LIB_CRYPTO
@@ -345,53 +231,6 @@ config HKDF_MBEDTLS
This option enables support of key derivation using HKDF algorithm
with MbedTLS crypto library.
-if SPL
-
-config SPL_SHA1_MBEDTLS
- bool "Enable SHA1 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA1
- help
- This option enables support of hashing using SHA1 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA256_MBEDTLS
- bool "Enable SHA256 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA256
- help
- This option enables support of hashing using SHA256 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA512_MBEDTLS
- bool "Enable SHA512 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA512
- help
- This option enables support of hashing using SHA512 algorithm
- with MbedTLS crypto library.
-
-config SPL_SHA384_MBEDTLS
- bool "Enable SHA384 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_SHA384
- select SPL_SHA512
- help
- This option enables support of hashing using SHA384 algorithm
- with MbedTLS crypto library.
-
-config SPL_MD5_MBEDTLS
- bool "Enable MD5 support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO && SPL_MD5
- help
- This option enables support of hashing using MD5 algorithm
- with MbedTLS crypto library.
-
-config SPL_HKDF_MBEDTLS
- bool "Enable HKDF support in SPL with MbedTLS crypto library"
- depends on MBEDTLS_LIB_CRYPTO
- help
- This option enables support of key derivation using HKDF algorithm
- with MbedTLS crypto library.
-
-endif # SPL
-
endif # MBEDTLS_LIB_CRYPTO
config MBEDTLS_LIB_X509
@@ -403,10 +242,6 @@ config MBEDTLS_LIB_X509
select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER
select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER
select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER
- select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
- select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
help
Enable MbedTLS certificate libraries.
@@ -457,44 +292,554 @@ config MSCODE_PARSER_MBEDTLS
This option chooses MbedTLS certificate library for MS authenticode
parser.
+endif # MBEDTLS_LIB_X509
+
+config MBEDTLS_LIB_TLS
+ bool "MbedTLS TLS library"
+ depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS
+ depends on X509_CERTIFICATE_PARSER_MBEDTLS
+ depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+ depends on ASN1_DECODER_MBEDTLS
+ depends on MBEDTLS_LIB
+ help
+ Enable MbedTLS TLS library. Required for HTTPs support
+ in wget
+
+endif # MBEDTLS_LIB
+
+# For SPL
+
if SPL
+choice
+ prompt "Crypto libraries (SPL)"
+ default SPL_LEGACY_HASHING_AND_CRYPTO
+ help
+ Select crypto libraries in SPL.
+ SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ SPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config SPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select SPL_LEGACY_HASHING
+ select SPL_LEGACY_CRYPTO
+
+config SPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+ select SPL_MBEDTLS_LIB_X509
+endchoice
+
+if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+config SPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (SPL)"
+ select SPL_MD5_LEGACY if SPL_MD5
+ select SPL_SHA1_LEGACY if SPL_SHA1
+ select SPL_SHA256_LEGACY if SPL_SHA256
+ select SPL_SHA512_LEGACY if SPL_SHA512
+ select SPL_SHA384_LEGACY if SPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in SPL.
+
+if SPL_LEGACY_HASHING
+
+config SPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_SHA384
+ select SPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in SPL.
+
+config SPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (SPL)"
+ depends on SPL_LEGACY_HASHING && SPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in SPL.
+
+endif # SPL_LEGACY_HASHING
+
+config SPL_LEGACY_CRYPTO
+ bool "legacy certificate libraries (SPL)"
+ depends on SPL_LEGACY_HASHING_AND_CRYPTO
+ select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
+ select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
+ SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ Enable legacy certificate libraries in SPL.
+
+if SPL_LEGACY_CRYPTO
+
+config SPL_ASN1_DECODER_LEGACY
+ bool "ASN1 decoder with legacy certificate library (SPL)"
+ depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER
+ help
+ This option chooses legacy certificate library for ASN1 decoder in
+ SPL.
+
+config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+ bool "Asymmetric public key crypto with legacy certificate library (SPL)"
+ depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ help
+ This option chooses legacy certificate library for asymmetric public
+ key crypto algorithm in SPL.
+
+config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
+ bool "RSA public key parser with legacy certificate library (SPL)"
+ depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
+ select SPL_ASN1_DECODER_LEGACY
+ help
+ This option chooses legacy certificate library for RSA public key
+ parser in SPL.
+
+endif # SPL_LEGACY_CRYPTO
+
+endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
+
+if SPL_MBEDTLS_LIB
+
+config SPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)"
+ depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+ select SPL_LEGACY_HASHING
+ default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in SPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO.
+
+config SPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (SPL)"
+ default y if SPL_MBEDTLS_LIB
+ select SPL_MD5_MBEDTLS if SPL_MD5
+ select SPL_SHA1_MBEDTLS if SPL_SHA1
+ select SPL_SHA256_MBEDTLS if SPL_SHA256
+ select SPL_SHA512_MBEDTLS if SPL_SHA512
+ select SPL_SHA384_MBEDTLS if SPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in SPL.
+
+if SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384
+ select SPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in SPL.
+
+config SPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (SPL)"
+ depends on SPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in SPL.
+
+endif # SPL_MBEDTLS_LIB_CRYPTO
+
+config SPL_MBEDTLS_LIB_X509
+ bool "MbedTLS certificate libraries (SPL)"
+ select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
+ select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
+ SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ Enable MbedTLS certificate libraries in SPL.
+
+if SPL_MBEDTLS_LIB_X509
+
config SPL_ASN1_DECODER_MBEDTLS
- bool "ASN1 decoder with MbedTLS certificate library in SPL"
- depends on MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
+ bool "ASN1 decoder with MbedTLS certificate library (SPL)"
+ depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
help
This option chooses MbedTLS certificate library for ASN1 decoder in
SPL.
config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- bool "Asymmetric public key crypto with MbedTLS certificate library in SPL"
- depends on MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)"
+ depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
help
This option chooses MbedTLS certificate library for asymmetric public
key crypto algorithm in SPL.
config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
- bool "RSA public key parser with MbedTLS certificate library in SPL"
+ bool "RSA public key parser with MbedTLS certificate library (SPL)"
depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
select SPL_ASN1_DECODER_MBEDTLS
help
This option chooses MbedTLS certificate library for RSA public key
parser in SPL.
+endif # SPL_MBEDTLS_LIB_X509
+
+config SPL_MBEDTLS_LIB_TLS
+ bool "MbedTLS TLS library (SPL)"
+ depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
+ depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS
+ depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
+ depends on SPL_ASN1_DECODER_MBEDTLS
+ depends on SPL_MBEDTLS_LIB
+ help
+ Enable MbedTLS TLS library in SPL. Required for HTTPs support
+ in wget
+
+endif # SPL_MBEDTLS_LIB
+
endif # SPL
-endif # MBEDTLS_LIB_X509
+# For TPL
-config MBEDTLS_LIB_TLS
- bool "MbedTLS TLS library"
- depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS
- depends on X509_CERTIFICATE_PARSER_MBEDTLS
- depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- depends on ASN1_DECODER_MBEDTLS
- depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
- depends on MBEDTLS_LIB
+if TPL
+
+choice
+ prompt "Crypto libraries (TPL)"
+ default TPL_LEGACY_HASHING_AND_CRYPTO
help
- Enable MbedTLS TLS library. Required for HTTPs support
- in wget
+ Select crypto libraries in TPL.
+ TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ TPL_MBEDTLS_LIB for MbedTLS libraries.
-endif # MBEDTLS_LIB
+config TPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select TPL_LEGACY_HASHING
+ select TPL_LEGACY_CRYPTO
+
+config TPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+
+endchoice
+
+if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+config TPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (TPL)"
+ select TPL_MD5_LEGACY if TPL_MD5
+ select TPL_SHA1_LEGACY if TPL_SHA1
+ select TPL_SHA256_LEGACY if TPL_SHA256
+ select TPL_SHA512_LEGACY if TPL_SHA512
+ select TPL_SHA384_LEGACY if TPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in TPL.
+
+if TPL_LEGACY_HASHING
+
+config TPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_SHA384
+ select TPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in TPL.
+
+config TPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (TPL)"
+ depends on TPL_LEGACY_HASHING && TPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in TPL.
+
+endif # TPL_LEGACY_HASHING
+
+endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
+
+if TPL_MBEDTLS_LIB
+
+config TPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)"
+ depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+ select TPL_LEGACY_HASHING
+ default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in TPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO.
+
+config TPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (TPL)"
+ default y if TPL_MBEDTLS_LIB
+ select TPL_MD5_MBEDTLS if TPL_MD5
+ select TPL_SHA1_MBEDTLS if TPL_SHA1
+ select TPL_SHA256_MBEDTLS if TPL_SHA256
+ select TPL_SHA512_MBEDTLS if TPL_SHA512
+ select TPL_SHA384_MBEDTLS if TPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in TPL.
+
+if TPL_MBEDTLS_LIB_CRYPTO
+
+config TPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384
+ select TPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in TPL.
+
+config TPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (TPL)"
+ depends on TPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in TPL.
+
+endif # TPL_MBEDTLS_LIB_CRYPTO
+
+endif # TPL_MBEDTLS_LIB
+
+endif # TPL
+
+# For VPL
+
+if VPL
+
+choice
+ prompt "Crypto libraries (VPL)"
+ default VPL_LEGACY_HASHING_AND_CRYPTO
+ help
+ Select crypto libraries in VPL.
+ VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
+ VPL_MBEDTLS_LIB for MbedTLS libraries.
+
+config VPL_LEGACY_HASHING_AND_CRYPTO
+ bool "legacy crypto libraries"
+ select VPL_LEGACY_HASHING
+
+config VPL_MBEDTLS_LIB
+ bool "MbedTLS libraries"
+
+endchoice
+
+if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+config VPL_LEGACY_HASHING
+ bool "Use U-Boot legacy hashing libraries (VPL)"
+ select VPL_MD5_LEGACY if VPL_MD5
+ select VPL_SHA1_LEGACY if VPL_SHA1
+ select VPL_SHA256_LEGACY if VPL_SHA256
+ select VPL_SHA512_LEGACY if VPL_SHA512
+ select VPL_SHA384_LEGACY if VPL_SHA384
+ help
+ Enable U-Boot legacy hashing libraries in VPL.
+
+if VPL_LEGACY_HASHING
+
+config VPL_SHA1_LEGACY
+ bool "Enable SHA1 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA256_LEGACY
+ bool "Enable SHA256 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA512_LEGACY
+ bool "Enable SHA512 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_SHA384_LEGACY
+ bool "Enable SHA384 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_SHA384
+ select VPL_SHA512_LEGACY
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with legacy crypto library in VPL.
+
+config VPL_MD5_LEGACY
+ bool "Enable MD5 support with legacy crypto library (VPL)"
+ depends on VPL_LEGACY_HASHING && VPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with legacy crypto library in VPL.
+
+endif # VPL_LEGACY_HASHING
+
+endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
+
+if VPL_MBEDTLS_LIB
+
+config VPL_MBEDTLS_LIB_HASHING_ALT
+ bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)"
+ depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+ select VPL_LEGACY_HASHING
+ default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
+ help
+ Enable MbedTLS hashing alternatives and replace them with legacy hashing
+ libraries in VPL.
+ This allows user to use U-Boot legacy hashing algorithms together with
+ other MbedTLS modules.
+ Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO.
+
+config VPL_MBEDTLS_LIB_CRYPTO
+ bool "Use MbedTLS native crypto libraries for hashing (VPL)"
+ default y if VPL_MBEDTLS_LIB
+ select VPL_MD5_MBEDTLS if VPL_MD5
+ select VPL_SHA1_MBEDTLS if VPL_SHA1
+ select VPL_SHA256_MBEDTLS if VPL_SHA256
+ select VPL_SHA512_MBEDTLS if VPL_SHA512
+ select VPL_SHA384_MBEDTLS if VPL_SHA384
+ help
+ Enable MbedTLS native crypto libraries in VPL.
+
+if VPL_MBEDTLS_LIB_CRYPTO
+
+config VPL_SHA1_MBEDTLS
+ bool "Enable SHA1 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1
+ help
+ This option enables support of hashing using SHA1 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA256_MBEDTLS
+ bool "Enable SHA256 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256
+ help
+ This option enables support of hashing using SHA256 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA512_MBEDTLS
+ bool "Enable SHA512 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512
+ help
+ This option enables support of hashing using SHA512 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_SHA384_MBEDTLS
+ bool "Enable SHA384 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384
+ select VPL_SHA512
+ help
+ This option enables support of hashing using SHA384 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_MD5_MBEDTLS
+ bool "Enable MD5 support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5
+ help
+ This option enables support of hashing using MD5 algorithm
+ with MbedTLS crypto library in VPL.
+
+config VPL_HKDF_MBEDTLS
+ bool "Enable HKDF support with MbedTLS crypto library (VPL)"
+ depends on VPL_MBEDTLS_LIB_CRYPTO
+ help
+ This option enables support of key derivation using HKDF algorithm
+ with MbedTLS crypto library in VPL.
+
+endif # VPL_MBEDTLS_LIB_CRYPTO
+
+endif # VPL_MBEDTLS_LIB
+
+endif # VPL