Skip to content

Allow builds with no RNG but entropy in an NV seed: adopt in Mbed TLS #10296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: development
Choose a base branch
from
Open

Allow builds with no RNG but entropy in an NV seed: adopt in Mbed TLS #10296

wants to merge 4 commits into from
+12 −15

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Jul 10, 2025
edited
Loading

Adopt Mbed-TLS/TF-PSA-Crypto#369 and minor cleanups. Cleans up after Mbed-TLS/TF-PSA-Crypto#307, fixes #10300.

Status: currently this is just #10295 plus Mbed-TLS/TF-PSA-Crypto#369. Once Mbed-TLS/TF-PSA-Crypto#369 is merged, I will use this PR for #10300.

Needs preceding PR: https://github.com/Mbed-TLS/mbedtls-framework#178, Mbed-TLS/TF-PSA-Crypto#369. See Mbed-TLS/TF-PSA-Crypto#369 for the merge order.

PR checklist

@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Jul 10, 2025
Open
4 tasks
@gilles-peskine-arm gilles-peskine-arm added needs-ci Needs to pass CI tests needs-preceding-pr Requires another PR to be merged first priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) labels Jul 10, 2025
@gilles-peskine-arm gilles-peskine-arm force-pushed the nv-seed-only-integrate-mbedtls branch 2 times, most recently from ee7eb16 to 1f1ae1a Compare July 11, 2025 16:36
@gilles-peskine-arm
Update submodules with MBEDTLS_PSA_DRIVER_GET_ENTROPY
1edd046 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Explicitly enable built-in entropy in sample and test configs
a123993 
Now that built-in entropy is a positive option
`MBEDTLS_PSA_BUILTIN_GET_ENTROPY` instead of a negative option
`MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES`, it needs to be enabled explicitly in
sample and test configurations.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm force-pushed the nv-seed-only-integrate-mbedtls branch from 1f1ae1a to a123993 Compare July 15, 2025 11:11
@gilles-peskine-arm gilles-peskine-arm removed the needs-ci Needs to pass CI tests label Jul 16, 2025
@valeriosetti valeriosetti self-requested a review July 17, 2025 10:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@valeriosetti valeriosetti Awaiting requested review from valeriosetti

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
needs-preceding-pr Requires another PR to be merged first priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)
Projects
Roadmap pull requests (new board)
Status: In Development
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clean up
1 participant
@gilles-peskine-arm