* [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support
@ 2026-05-29 18:27 Andreas Mohr via buildroot
2026-05-30 17:40 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Andreas Mohr via buildroot @ 2026-05-29 18:27 UTC (permalink / raw)
To: buildroot
Add mbedtls crypto backend support for lightweight build
BR2_PACKAGE_TPM2_TSS_FAPI depends on openssl explicitly
Rewrite fapi -> FAPI
Signed-off-by: Andreas Mohr <and@gmx.li>
---
package/tpm2-tss/Config.in | 9 ++++++---
package/tpm2-tss/tpm2-tss.mk | 11 +++++++++--
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/package/tpm2-tss/Config.in b/package/tpm2-tss/Config.in
index 9ce3c22763..dbcad52130 100644
--- a/package/tpm2-tss/Config.in
+++ b/package/tpm2-tss/Config.in
@@ -1,8 +1,8 @@
config BR2_PACKAGE_TPM2_TSS
bool "tpm2-tss"
depends on !BR2_STATIC_LIBS # dlfcn.h
- select BR2_PACKAGE_OPENSSL
- select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL
+ select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_MBEDTLS
+ select BR2_PACKAGE_OPENSSL_FORCE_LIBOPENSSL if !BR2_PACKAGE_MBEDTLS
help
OSS implementation of the Trusted Computing Group's (TCG) TPM2
Software Stack (TSS). This stack consists of the following
@@ -35,8 +35,9 @@ config BR2_PACKAGE_TPM2_TSS
if BR2_PACKAGE_TPM2_TSS
config BR2_PACKAGE_TPM2_TSS_FAPI
- bool "fapi support"
+ bool "FAPI support"
depends on BR2_TOOLCHAIN_HAS_SYNC_4 # json-c
+ depends on !BR2_PACKAGE_MBEDTLS # configure: FAPI has to be compiled with OpenSSL
select BR2_PACKAGE_JSON_C
select BR2_PACKAGE_LIBCURL
select BR2_PACKAGE_UTIL_LINUX
@@ -54,6 +55,8 @@ config BR2_PACKAGE_TPM2_TSS_FAPI
https://trustedcomputinggroup.org/wp-content/uploads/TSS_FAPI_v0.94_r04_pubrev.pdf
https://trustedcomputinggroup.org/wp-content/uploads/TSS_JSON_Policy_v0.7_r04_pubrev.pdf
+comment "FAPI not supported with Mbed TLS backend"
+ depends on BR2_PACKAGE_MBEDTLS
endif
comment "tpm2-tss needs a toolchain w/ dynamic library"
diff --git a/package/tpm2-tss/tpm2-tss.mk b/package/tpm2-tss/tpm2-tss.mk
index 11da37a5b4..f3a63cee81 100644
--- a/package/tpm2-tss/tpm2-tss.mk
+++ b/package/tpm2-tss/tpm2-tss.mk
@@ -11,7 +11,7 @@ TPM2_TSS_LICENSE_FILES = LICENSE
TPM2_TSS_CPE_ID_VENDOR = tpm2_software_stack_project
TPM2_TSS_CPE_ID_PRODUCT = tpm2_software_stack
TPM2_TSS_INSTALL_STAGING = YES
-TPM2_TSS_DEPENDENCIES = openssl host-pkgconf
+TPM2_TSS_DEPENDENCIES = host-pkgconf
# systemd-sysusers and systemd-tmpfiles are only used at install time
# to trigger the creation of users and tmpfiles, which we do not care
@@ -25,10 +25,17 @@ TPM2_TSS_CONF_OPTS = \
ac_cv_prog_systemd_tmpfiles=no \
ac_cv_prog_useradd=yes \
ac_cv_prog_groupadd=yes \
- --with-crypto=ossl \
--disable-doxygen-doc \
--disable-defaultflags
+ifeq ($(BR2_PACKAGE_MBEDTLS),y)
+TPM2_TSS_DEPENDENCIES += mbedtls
+TPM2_TSS_CONF_OPTS += --with-crypto=mbed
+else
+TPM2_TSS_DEPENDENCIES += openssl
+TPM2_TSS_CONF_OPTS += --with-crypto=ossl
+endif
+
# uses C99 code but forgets to pass -std=c99 when --disable-defaultflags is used
TPM2_TSS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -std=c99"
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support
2026-05-29 18:27 [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support Andreas Mohr via buildroot
@ 2026-05-30 17:40 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-05-30 17:40 UTC (permalink / raw)
To: Andreas Mohr; +Cc: buildroot
Hello Andreas,
On Fri, May 29, 2026 at 06:27:27PM +0000, Andreas Mohr via buildroot wrote:
> Add mbedtls crypto backend support for lightweight build
>
> BR2_PACKAGE_TPM2_TSS_FAPI depends on openssl explicitly
>
> Rewrite fapi -> FAPI
>
> Signed-off-by: Andreas Mohr <and@gmx.li>
Thanks, applied to next, after one change.
> +ifeq ($(BR2_PACKAGE_MBEDTLS),y)
> +TPM2_TSS_DEPENDENCIES += mbedtls
> +TPM2_TSS_CONF_OPTS += --with-crypto=mbed
> +else
> +TPM2_TSS_DEPENDENCIES += openssl
> +TPM2_TSS_CONF_OPTS += --with-crypto=ossl
> +endif
Changed to:
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+TPM2_TSS_DEPENDENCIES += openssl
+TPM2_TSS_CONF_OPTS += --with-crypto=ossl
+else ifeq ($(BR2_PACKAGE_MBEDTLS),y)
+TPM2_TSS_DEPENDENCIES += mbedtls
+TPM2_TSS_CONF_OPTS += --with-crypto=mbed
+endif
My reasoning being: if a configuration exists with openssl and
mbedtls, it will continue to prefer openssl as the crypto backend for
tpm2-tss, and only configurations that only have mbedtls would use the
mbedtls backend. This preserves the existing behavior.
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-30 17:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-29 18:27 [Buildroot] [PATCH/next 1/1] package/tpm2-tss: add Mbed-TLS crypto backend support Andreas Mohr via buildroot
2026-05-30 17:40 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox