modules: mbedtls: remove default-enabling of hash algorithms #72078
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomi-font
force-pushed
the
mbedtls_config_default
branch
from
6e530fd
to
214abae
Compare
|
There are some tests failing in CI due some tangled build options, but I think that is the right direction. Features should be disabled by default and explicitly requested. |
tomi-font
force-pushed
the
mbedtls_config_default
branch
from
214abae
to
d66f1b1
Compare
|
The following west manifest projects have been modified in this Pull Request:
Note: This message is automatically posted and updated by the Manifest GitHub Action. |
zephyrbot
added
manifest
manifest-mcuboot
manifest-tf-m-tests
manifest-mbedtls
manifest-trusted-firmware-m
DNM
tomi-font
force-pushed
the
mbedtls_config_default
branch
from
d66f1b1
to
ebb4f3d
Compare
ithinuel
reviewed
Apr 30, 2024
|
Changes on Zephyr looks fine for me. Lets get modules in and update it. |
tomi-font
force-pushed
the
mbedtls_config_default
branch
3 times, most recently
from
039169f
to
08602f8
Compare
Do not enable hash algorithms except SHA-256 by default. This unnecessarily inflates the final code size even if not all the enabled hash algorithms are actually used. SHA-256 is (for now) kept enabled by default because many configurations across the code base assume that there is some hash algorithm available without needing to enable it. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Explicitly enable SHA-512 now that it is not enabled by default anymore. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
force-pushed
the
mbedtls_config_default
branch
from
08602f8
to
cb3ffae
Compare
zephyrbot
removed
manifest
manifest-trusted-firmware-m
manifest-mcuboot
manifest-mbedtls
manifest-tf-m-tests
DNM
|
This is ready for review. |
SebastianBoe
approved these changes
May 3, 2024
ithinuel
approved these changes
May 3, 2024
ceolin
approved these changes
May 3, 2024
|
@tomi-font looks like some TLS tests started failing after this got merged https://github.com/zephyrproject-rtos/zephyr/runs/24575825044, could you look into it? |
tomi-font
added a commit
to tomi-font/zephyr
that referenced
this pull request
May 6, 2024
Fix the failures introduced in zephyrproject-rtos#72078 by manually enabling all the hash algorithms as they used to be. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
|
@fabiobaltieri Thanks for the heads-up. I opened a fix PR: #72334 |
|
@tomi-font would this PR warrant a line in the migration guidelines? |
Yeah, actually I started thinking about this afterwards. It does seem like a good idea. There will be other related PRs and changes made to the configuration; I'll address this point in a follow-up PR. |
aescolar
pushed a commit
that referenced
this pull request
May 6, 2024
Fix the failures introduced in #72078 by manually enabling all the hash algorithms as they used to be. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
added a commit
to tomi-font/zephyr
that referenced
this pull request
May 8, 2024
For changes brought by PRs zephyrproject-rtos#71118 and zephyrproject-rtos#72078. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
added a commit
to tomi-font/zephyr
that referenced
this pull request
May 8, 2024
For changes brought by PRs zephyrproject-rtos#71118 and zephyrproject-rtos#72078. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
tomi-font
added a commit
to tomi-font/zephyr
that referenced
this pull request
May 8, 2024
For changes brought by PRs zephyrproject-rtos#71118 and zephyrproject-rtos#72078. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
mariopaja
pushed a commit
to mariopaja/zephyr
that referenced
this pull request
May 26, 2024
Fix the failures introduced in zephyrproject-rtos#72078 by manually enabling all the hash algorithms as they used to be. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
mariopaja
pushed a commit
to mariopaja/zephyr
that referenced
this pull request
May 26, 2024
For changes brought by PRs zephyrproject-rtos#71118 and zephyrproject-rtos#72078. Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Do not enable hash algorithms except SHA-256 by default.
This unnecessarily inflates the final code size even if not all the enabled hash algorithms are actually used.
SHA-256 is (for now) kept enabled by default because many configurations across the code base assume that there is some hash algorithm available without needing to enable it.
Relates to (and will help) #71947.