Open JLReitz opened 1 year ago
I think this is happening because you're requiring ITS (via MBEDTLS_PSA_CRYPTO_STORAGE_C
), but disabling our implementation of ITS and not providing an alternative implementation. Disabling MBEDTLS_PSA_CRYPTO_STORAGE_C
resolves this, assuming you don't need this feature.
I'm not sure this is a bug, although arguably the documentation for the options could be improved. @gilles-peskine-arm WDYT?
Indeed this is working as intended. Persistent keys (MBEDTLS_PSA_CRYPTO_STORAGE_C
) require a storage implementation which can either be a standard PSA storage implementation or the implementation that we provide over stdio (MBEDTLS_PSA_ITS_FILE_C
). This is documented in mbedtls_config.h
.
We should document this in the porting guide, which hasn't been updated since before PSA.
There's no entry in check_config.h
because if MBEDTLS_PSA_CRYPTO_STORAGE_C
is enabled but MBEDTLS_PSA_ITS_FILE_C
is disabled, it might still be ok if "psa/internal_trusted_storage.h"
is available, and we can't portably check that with a preprocessor directive. The only improvement I can think of is that we could use __has_include
on supported compilers.
Summary
I started setting my MbedTLS configurations according to the paragraph mentioning bare-metal at the bottom of the overview section in the porting guide. After commenting out
MBEDTLS_FS_IO
from mymbedtls_config.h
, I got the following build error frominclude/mbedtls/check_config.h
.If I also comment out
MBEDTLS_PSA_ITS_FILE_C
, I receive an error thatpsa/error.h
can not be found. The offending include directive is frompsa_crypto_storage.c
, copied below:There are no files named
error.h
orinternal_trusted_storage.h
under theinclude/psa
directory.System information
Mbed TLS version (number or commit id): 3.4.0 (1873d3bfc) Operating system and version: FreeRTOS 10.4.4 Configuration (if not default, please attach
mbedtls_config.h
): attached Compiler and options (if you used a pre-built binary, please indicate how you obtained it): gcc-arm-none-eabi 10-2020-q4-major -x assembler-with-cpp -mthumb -mno-thumb-interwork -mfloat-abi=hard -fno-rtti -fno-exceptions -specs=nosys.specs -specs=nano.specs -nostartfiles -lc -lm -lgcc -fdata-sections -ffunction-sections Additional environment information:Expected behavior
Per the porting guide, it should be possible to disable
MBEDTLS_FS_IO
without further implications to the other submodules and overall build.Actual behavior
Disabling
MBEDTLS_FS_IO
breaks the build.Steps to reproduce
Apply provided
mbedtls_config.h
to build while using gcc-arm-none-eabi and the included options.Additional information
mbedtls_config.h.zip