Re: [TF-M] Patch to upgrade crypto service to use latest mbedTLS tag (v2.23.0) - TF-M

18 Sep 2020


      For the record, I have attached the full log of the PSA Arch Crypto test run on AN521.
The SHA of respective repositories are the test run given below:
TF-M -  8f895ab8
PSA Arch tests - ee3c463d
tf-m-tests - 7789423
mbedtls - tag: mbedtls-2.23.0
There is an additional failure for test "psa_close_key with RSA 2048 keypair" compared to the summary report below. This is due to incorrect build flag propagation for changing the ITS_MAX_ASSET_SIZE. This will be corrected in the following days.
Best Regards
Soby Mathew
From: TF-M tf-m-bounces@lists.trustedfirmware.org On Behalf Of Soby Mathew via TF-M
Sent: 21 August 2020 11:22
To: TF-M mailing list tf-m@lists.trustedfirmware.org
Subject: Re: [TF-M] Patch to upgrade crypto service to use latest mbedTLS tag (v2.23.0)
Just an update to this,
I have merged the patch which upgrades to the latest mbedTLS tag. The PSA Arch initial attestation test suite fails to build after this merge due to width change of `ecc_curve_t` type. The issue is reported here in PSA Arch test github project : https://github.com/ARM-software/psa-arch-tests/pull/232
The patch for changing the ITS_MAX_ASSET_SIZE is still outstanding and I hope to merge it after a week.
Best Regards
Soby Mathew
From: TF-M <tf-m-bounces@lists.trustedfirmware.orgmailto:tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Soby Mathew via TF-M
Sent: 11 August 2020 16:24
To: TF-M mailing list <tf-m@lists.trustedfirmware.orgmailto:tf-m@lists.trustedfirmware.org>
Subject: [TF-M] Patch to upgrade crypto service to use latest mbedTLS tag (v2.23.0)
Hi Everyone
The following patch updates the crypto service in TF-M to use the latest mbedTLS tag v2.23.0. All reviews for the same will be much appreciated.
https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/5252/1
With this update, additional PSA APIs  psa_hash_compute() and psa_hash_compare()  are now supported.
There is also another patch for platforms to update the ITS_MAX_ASSET_SIZE when testing with PSA Crypto API compliance test as one of the tests require a larger size: https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/5253/1 . Could the platform owners review the same and let me know whether the size changes are OK ?
With the above patches, the API compliance remains the same as v1.0 Beta 3 and the PSA Crypto compliance test suite gives the below results (as tested on AN521) :
************ Crypto Suite Report **********
TOTAL TESTS     : 61
TOTAL PASSED    : 42
TOTAL SIM ERROR : 0
TOTAL FAILED    : 17
TOTAL SKIPPED   : 2
******************************************
Best Regards
Soby Mathes