The ISN algorithm from RFC 6528 doesn't need Mbed TLS, but rather the
MD5 algorithm from Mbed TLS. Therefore select MBEDTLS_MD and
MBEDTLS_MAC_MD5_ENABLED in addition to MBEDTLS.
This fixes the following build failure when using TLS version 1.2 is
selected:
zephyr/subsys/net/ip/tcp2.c:1329: undefined reference to
`mbedtls_md5_ret'
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
SRP client and server require ECDSA to be enabled otherwise the build
fails. Select OPENTHREAD_ECDSA for both OPENTHREAD_SRP_CLIENT and
OPENTHREAD_SRP_SERVER options.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
OPENTHREAD_SRP_CLIENT and OPENTHREAD_SRP_SERVER are Thread features and
not Thread configuration, so move them to Kconfig.features.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
The OPENTHREAD_MAX_CHILDREN and OPENTHREAD_MAX_IP_ADDR_PER_CHILD options
make not sense for a MTD device. Make them depend on OPENTHREAD_FTD.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Now using CONFIG_MBEDTLS_USER_CONFIG_FILE instead of
CONFIG_MBEDTLS_USER_CONFIG_ENABLE for inclusion of user config file.
The Kconfig MBEDTLS_USER_CONFIG_ENABLE setting now now determines if
MBEDTLS_USER_CONFIG_FILE is visible.
This removes the problem of MBEDTLS_USER_CONFIG_FILE to be stuck on its
first value.
Users can use MBEDTLS_USER_CONFIG_ENABLE to get the prompt and define
their own value.
As the CONFIG_MBEDTLS_USER_CONFIG_FILE is default promptless then we can
use this setting directly as it will only be defined if another Kconfig
file specifies a default value to use, or user enables:
MBEDTLS_USER_CONFIG_ENABLE.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings.
The MBEDTLS_PROMPTLESS can be set to true whenever configuration of
mbedTLS is done from a subsystem or module.
Such an example is OpenThread, which selects mbedTLS for some predefined
crypto settings using OPENTHREAD_MBEDTLS=y.
Unfortunately, extensive use of select can easily cause stuck symbol
syndrome making it harder than neccesarry for users to later reconfigure
as they easily get stuck in incompatible configurations.
Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the
MBEDTLS prompt itself when selected but avoid stuck symbol if user
select another security configuration.
Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must
explicitly select this symbol before providing a custom mbedTLS config
file.
Today, other parts the Kconfig tree may set a default value for
MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig
selections elsewhere in the tree will not adjust the value.
Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user
has provided the value.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This commit removes the prompt from MBEDTLS_USER_CONFIG_FILE unless
MBEDTLS_USER_CONFIG_ENABLE is true.
This fixes issues where other parts would specify a default value for
MBEDTLS_USER_CONFIG_FILE that would become stuck and not updated if
user re-configured the system using menuconfig.
Disabling the prompt ensures that only when a user specifically enables
MBEDTLS_USER_CONFIG_ENABLE and specify a custom user value in
MBEDTLS_USER_CONFIG_FILE the setting will be fixed.
Also updates the manifest with related change in the mbedtls project.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Fix manifest pointer for mbedtls to the main branch tip,
instead of the PR head.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
With the updates to mbedTLS Kconfig it is now possible to update the
OpenThread security configurations by disabling the mbedTLS prompt and
avoid stuck symbol selection.
As part of this, the OpenThread security selection has been reworked
into a choice which ensures only a single security selection can be
chosen.
And the OPENTHREAD_MBEDTLS itself has been made promptless to ensure
other parts of the build system can select a specific OpenThread
security implementation and disable user selection, if the module or
sample require such behavior.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
This Mbed TLS configuration option was being selected based on a
non-existent Kconfig option, and hence would never be defined. v2.1 of
PKCS1 was published in 2003. Use of v1.5 has been deprecated since
2016, and should not be used in new or existing designs.
Enable the v2.1 version in any situation where RSA is used for
signatures. In the future, we should disable v1.5 entirely, but only
after all uses have been determined and possibly corrected.
No significant weaknesses have been found in v1.5, however v2.1 has a
significant security proof. However, v2.1 does require an entropy
source, which may be an issue in some embedded device situations (which
likely are problematic for other cryptographic reasons).
Signed-off-by: David Brown <david.brown@linaro.org>
The contents of mbedtls_ecdh_context have changed in newer versions of
the library. For now, we can work with the old version by adding a
configuration define. It is unclear how long this will continue to
work.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of exposing publicly the TF-M NS interface include
directories, we include them when we build relevant projects.
This is required, as the TF-M include directories contains
psa crypto sources that are also provided by the mbedtls
crypto module. The downside of this solution is that the
TF-M includes need to be added explicitly in each application
that uses TF-M APIs.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Define the MBEDCRYPTO_PATH variable for the TF-M build,
so the latter can used a checked-out version of mbedtls,
instead of pulling an external tree during build time.
This will make Zephyr builds with TF-M must faster.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
In Mbed TLS:
commit eccd88871767e2fba5f3a079cfdfcb77c376cf20
Author: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue Mar 10 12:19:08 2020 +0100
Rename identifiers containing double-underscore
changes the name of a symbol we use. As part of upgrading to newer
versions of Mbed TLS, change the name of the symbol we use.
A better fix would be to not use this symbol at all, and perhaps define
our own symbol the same way this internal symbol is defined within the
library.
Signed-off-by: David Brown <david.brown@linaro.org>
Updates in CMakeLists.txt to reflect the restructuring
in the module directory. This also bumps mbetls version
to 2.26.0.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Update the mbedtls module pointer, effectively
cleaning up the zephyr files from the module
repository and moving them to zephyr module
directory.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
We move the Zephyr-specific CMakeLists.txt file into
the main Zephyr tree. We also move the zephyr_init.c
source file.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
After enabled FPU context switch, one condvar testcase failed due to
the order of spawning thread cannot be guaranteed. Add a delay to
make sure the thread which initializing the condvar run first.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
The newly added testcase test_nop failed the CI. Give RISCV more
arch_nop() instructions to archieve one cycle.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
The AT instruction gives the corresponding physical address directly.
Much faster than the default implementation.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
STM32 internal temperature sensor driver.
This sensor can be used to measure the temperature of the CPU
and its surroundings.
Signed-off-by: Eug Krashtan <eug.krashtan@gmail.com>
The nrf5340 cpunet based builds are excluded from this test and a new
platform bl5340_dvk_cpunet was added that needs to be excluded.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
In the power mgmt conversion of void *context to uint32_t *state this
driver got missed and shows build errors with power mgmt is enabled.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
new test failed which means we missed something in CI or the failing
platform changed after CI was initially run. skip it for now while we
investigate.
Do some minor cleanup in the metadata.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
File zephyr/lib/os/cbprintf_nano.c had operands with different types.
It caused Rule 10.4 violation.
Both operands of an operator in which the usual arithmetic conversions
are performed shall have the same essential type category.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
coding guidelines 10.4: casting operands to have same types
File zephyr/lib/os/cbprintf_nano.c had operands with different types.
It caused Rule 10.4 violation.
Both operands of an operator in which the usual arithmetic conversions
are performed shall have the same essential type category.
Signed-off-by: Maksim Masalski <maksim.masalski@intel.com>
removed cast to int
With the updates to mbedTLS Kconfig it is now possible to update the
OpenThread security configurations by disabling the mbedTLS prompt and
avoid stuck symbol selection.
As part of this, the OpenThread security selection has been reworked
into a choice which ensures only a single security selection can be
chosen.
And the OPENTHREAD_MBEDTLS itself has been made promptless to ensure
other parts of the build system can select a specific OpenThread
security implementation and disable user selection, if the module or
sample require such behavior.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit removes the prompt from MBEDTLS_USER_CONFIG_FILE unless
MBEDTLS_USER_CONFIG_ENABLE is true.
This fixes issues where other parts would specify a default value for
MBEDTLS_USER_CONFIG_FILE that would become stuck and not updated if
user re-configured the system using menuconfig.
Disabling the prompt ensures that only when a user specifically enables
MBEDTLS_USER_CONFIG_ENABLE and specify a custom user value in
MBEDTLS_USER_CONFIG_FILE the setting will be fixed.
Also updates the manifest with related change in the mbedtls project.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Introducing MBEDTLS_PROMPTLESS and CUSTOM_MBEDTLS_CFG_FILE settings.
The MBEDTLS_PROMPTLESS can be set to true whenever configuration of
mbedTLS is done from a subsystem or module.
Such an example is OpenThread, which selects mbedTLS for some predefined
crypto settings using OPENTHREAD_MBEDTLS=y.
Unfortunately, extensive use of select can easily cause stuck symbol
syndrome making it harder than neccesarry for users to later reconfigure
as they easily get stuck in incompatible configurations.
Providing a MBEDTLS_PROMPTLESS allows such configurations to disable the
MBEDTLS prompt itself when selected but avoid stuck symbol if user
select another security configuration.
Similar with CUSTOM_MBEDTLS_CFG_FILE which ensures that user must
explicitly select this symbol before providing a custom mbedTLS config
file.
Today, other parts the Kconfig tree may set a default value for
MBEDTLS_CFG_FILE but that value is stuck and thus changed Kconfig
selections elsewhere in the tree will not adjust the value.
Introducing CUSTOM_MBEDTLS_CFG_FILE ensures it is known when the user
has provided the value.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Move the code responsible for aligning the flash write by writing fill
values - from stream_flash_buffered_write to flash_sync. This avoids
having to correct buf_bytes/buf_written after the write and thus
simplifies error handling.
This commit also fixes an issue where the write length passed to the
callback in flash_sync includes the fill length.
Signed-off-by: Jonathan Nilsen <Jonathan.Nilsen@nordicsemi.no>
The cache API currently shipped in Zephyr is assuming that the cache
controller is always on-core thus managed at the arch level. This is not
always the case because many SoCs rely on external cache controllers as
a peripheral external to the core (for example PL310 cache controller
and the L2Cxxx family). In some cases you also want a single driver to
control a whole set of cache controllers.
Rework the cache code introducing support for external cache
controllers.
Signed-off-by: Carlo Caione <ccaione@baylibre.com>
Record benchmark results into a CSV file that can be used for tracking.
The data will be available in recording.csv in the build directory.
For example:
cat recording.csv
metric,cycles,nanoseconds
Average thread context switch using yield,11654,11654
Average context switch time between threads (coop),21149,21149
Switch from ISR back to interrupted thread,4928,4927
Time from ISR to executing a different thread,3872,3871
Time to create a thread (without start),4224,4223
Time to start a thread,10784,10783
Time to suspend a thread,10400,10399
Time to resume a thread,10688,10687
Time to abort a thread (not running),1536,1535
Average semaphore signal time,3424,3424
Average semaphore test time,1344,1344
Semaphore take time (context switch),12736,12735
Semaphore give time (context switch),17568,17567
Average time to lock a mutex,1632,1632
Average time to unlock a mutex,4738,4738
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Add test cases of direct interrupt for arch x86 and posix.
We register two direct interrupt at build time, then triggering
interrupt and check if ISR handler has executed or not. We also
check irq_enable and irq_disable works.
Why we add an extra compiler option "-mgeneral-regs-only" to make
it works in arch x86. because there might be some existing x87
instructions executing inside interrupt context.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
Add test cases of regular interrupt for arch x86. This tests basic
functionailty of IRQ_CONNECT(), irq_enable(), irq_disable(),
irq_lock(), irq_unlock().
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
Add a test case to test arch interface arch_nop(), the main focus here
is for coverage of the code. arch_nop() is a special implementation
and it will behave differently on different platforms. By the way, this
also measures how many cycles it spends for platforms that support it.
Signed-off-by: Enjia Mai <enjiax.mai@intel.com>
