Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support
@ 2026-05-29 18:27 Andreas Mohr via buildroot
  2026-05-30 17:40 ` Thomas Petazzoni via buildroot
  0 siblings, 1 reply; 2+ messages in thread
From: Andreas Mohr via buildroot @ 2026-05-29 18:27 UTC (permalink / raw)
  To: buildroot

Add mbedtls crypto backend support for lightweight build

BR2_PACKAGE_TPM2_TSS_FAPI depends on openssl explicitly

Rewrite fapi -> FAPI

Signed-off-by: Andreas Mohr <and@gmx.li>
---
 package/tpm2-tss/Config.in   |  9 ++++++---
 package/tpm2-tss/tpm2-tss.mk | 11 +++++++++--
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/package/tpm2-tss/Config.in b/package/tpm2-tss/Config.in
index 9ce3c22763..dbcad52130 100644
--- a/package/tpm2-tss/Config.in
+++ b/package/tpm2-tss/Config.in
@@ -1,8 +1,8 @@
 config BR2_PACKAGE_TPM2_TSS
 	bool "tpm2-tss"
 	depends on !BR2_STATIC_LIBS # dlfcn.h
-	select BR2_PACKAGE_OPENSSL
-	select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
+	select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_MBEDTLS
+	select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL if !BR2_PACKAGE_MBEDTLS
 	help
 	  OSS implementation of the Trusted Computing Group's (TCG) TPM2
 	  Software Stack (TSS). This stack consists of the following
@@ -35,8 +35,9 @@ config BR2_PACKAGE_TPM2_TSS
 if BR2_PACKAGE_TPM2_TSS
 
 config BR2_PACKAGE_TPM2_TSS_FAPI
-	bool "fapi support"
+	bool "FAPI support"
 	depends on BR2_TOOLCHAIN_HAS_SYNC_4 # json-c
+	depends on !BR2_PACKAGE_MBEDTLS # configure: FAPI has to be compiled with OpenSSL
 	select BR2_PACKAGE_JSON_C
 	select BR2_PACKAGE_LIBCURL
 	select BR2_PACKAGE_UTIL_LINUX
@@ -54,6 +55,8 @@ config BR2_PACKAGE_TPM2_TSS_FAPI
 	  https://trustedcomputinggroup.org/wp-content/uploads/TSS_FAPI_v0.94_r04_pubrev.pdf
 	  https://trustedcomputinggroup.org/wp-content/uploads/TSS_JSON_Policy_v0.7_r04_pubrev.pdf
 
+comment "FAPI not supported with Mbed TLS backend"
+	depends on BR2_PACKAGE_MBEDTLS
 endif
 
 comment "tpm2-tss needs a toolchain w/ dynamic library"
diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk
index 11da37a5b4..f3a63cee81 100644
--- a/package/tpm2-tss/tpm2-tss.mk
+++ b/package/tpm2-tss/tpm2-tss.mk
@@ -11,7 +11,7 @@ TPM2_TSS_LICENSE_FILES = LICENSE
 TPM2_TSS_CPE_ID_VENDOR = tpm2_software_stack_project
 TPM2_TSS_CPE_ID_PRODUCT = tpm2_software_stack
 TPM2_TSS_INSTALL_STAGING = YES
-TPM2_TSS_DEPENDENCIES = openssl host-pkgconf
+TPM2_TSS_DEPENDENCIES = host-pkgconf
 
 # systemd-sysusers and systemd-tmpfiles are only used at install time
 # to trigger the creation of users and tmpfiles, which we do not care
@@ -25,10 +25,17 @@ TPM2_TSS_CONF_OPTS = \
 	ac_cv_prog_systemd_tmpfiles=no \
 	ac_cv_prog_useradd=yes \
 	ac_cv_prog_groupadd=yes \
-	--with-crypto=ossl \
 	--disable-doxygen-doc \
 	--disable-defaultflags
 
+ifeq ($(BR2_PACKAGE_MBEDTLS),y)
+TPM2_TSS_DEPENDENCIES += mbedtls
+TPM2_TSS_CONF_OPTS += --with-crypto=mbed
+else
+TPM2_TSS_DEPENDENCIES += openssl
+TPM2_TSS_CONF_OPTS += --with-crypto=ossl
+endif
+
 # uses C99 code but forgets to pass -std=c99 when --disable-defaultflags is used
 TPM2_TSS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
 
-- 
2.53.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support
  2026-05-29 18:27 [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support Andreas Mohr via buildroot
@ 2026-05-30 17:40 ` Thomas Petazzoni via buildroot
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-05-30 17:40 UTC (permalink / raw)
  To: Andreas Mohr; +Cc: buildroot

Hello Andreas,

On Fri, May 29, 2026 at 06:27:27PM +0000, Andreas Mohr via buildroot wrote:
> Add mbedtls crypto backend support for lightweight build
> 
> BR2_PACKAGE_TPM2_TSS_FAPI depends on openssl explicitly
> 
> Rewrite fapi -> FAPI
> 
> Signed-off-by: Andreas Mohr <and@gmx.li>

Thanks, applied to next, after one change.

> +ifeq ($(BR2_PACKAGE_MBEDTLS),y)
> +TPM2_TSS_DEPENDENCIES += mbedtls
> +TPM2_TSS_CONF_OPTS += --with-crypto=mbed
> +else
> +TPM2_TSS_DEPENDENCIES += openssl
> +TPM2_TSS_CONF_OPTS += --with-crypto=ossl
> +endif

Changed to:

+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+TPM2_TSS_DEPENDENCIES += openssl
+TPM2_TSS_CONF_OPTS += --with-crypto=ossl
+else ifeq ($(BR2_PACKAGE_MBEDTLS),y)
+TPM2_TSS_DEPENDENCIES += mbedtls
+TPM2_TSS_CONF_OPTS += --with-crypto=mbed
+endif

My reasoning being: if a configuration exists with openssl and
mbedtls, it will continue to prefer openssl as the crypto backend for
tpm2-tss, and only configurations that only have mbedtls would use the
mbedtls backend. This preserves the existing behavior.

Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-30 17:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-29 18:27 [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support Andreas Mohr via buildroot
2026-05-30 17:40 ` Thomas Petazzoni via buildroot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox