From patchwork Tue Nov 11 12:41:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 674 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864928; bh=FcKWeaCeTLatAnofhy3DcY9h53UXgCftaLmCMPoRQrQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=bY5HuAkktO9vLQoaQPMBc7CSZ0nMmNTgyEwPv0wFcnyDwbsHU0tuDlC0oOcOJxTAG sGmwhNUPgsFq0egpcHUKuyvHXLVUgOJVZE5VWkr6PKy1Tel01w9t8roMCN/rymdLX0 kjQoSMUiJbyOmI5MMLd2mZw3kz05zjcvEuIO+yMx8LRWz/E1aD4PrgCuOgobNGKvJw O0PdOA+4Chl6xphFKNOhJgPBJOR5tyv+PIkhtcilwwaG4kOx1LSOMftoPcrlxLIuK+ j3bJNfOAo4flVyBk2K54wzo1KTLHwE2zVnB+qvek5VxkZ9e7uJby5AlEGAks5JCT7b sXmGr4DfZOJnw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 7C96B684E0 for ; Tue, 11 Nov 2025 05:42:08 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 6qoWIUQK3rk0 for ; Tue, 11 Nov 2025 05:42:08 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864928; bh=FcKWeaCeTLatAnofhy3DcY9h53UXgCftaLmCMPoRQrQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=bY5HuAkktO9vLQoaQPMBc7CSZ0nMmNTgyEwPv0wFcnyDwbsHU0tuDlC0oOcOJxTAG sGmwhNUPgsFq0egpcHUKuyvHXLVUgOJVZE5VWkr6PKy1Tel01w9t8roMCN/rymdLX0 kjQoSMUiJbyOmI5MMLd2mZw3kz05zjcvEuIO+yMx8LRWz/E1aD4PrgCuOgobNGKvJw O0PdOA+4Chl6xphFKNOhJgPBJOR5tyv+PIkhtcilwwaG4kOx1LSOMftoPcrlxLIuK+ j3bJNfOAo4flVyBk2K54wzo1KTLHwE2zVnB+qvek5VxkZ9e7uJby5AlEGAks5JCT7b sXmGr4DfZOJnw== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 6CE7F6846C for ; Tue, 11 Nov 2025 05:42:08 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864927; bh=Oqwm8j3K3oDAkuU3aOPT22QZQbcAdPoJteP88A5W/Xc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=At/DXRTs8sWe6+t0+c0qICLIaVHCVSkUDCRFvIoCrCPkCJKwLgR8T23hOd8VytYh1 7sryWXehhFpQlhzK0U3FiB/jY09T/Ew5QRR19nV6m/jLZ/6m/VPQUgZ71r/7uEViFA CY+2t2nCgVVVEwdShiAXl36B1dGvZ0lKuPbzCR58ZjzqG+QHPWGDWkJf3UxUkVcTGP 6z+nq06+s8PUzzW5OOYstUO9MTT6T3t0UU2+EgrDT4Acb+NDRxKqYpFDG1GKMHnbRD 0hOzcYye60WYv+0FGb/xMPT5xtWYk0ffUpKk7Rw15UtyJG1IEpr234H2HZ2iluFRe7 63/8v0lmeWWxw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 646776841A; Tue, 11 Nov 2025 05:42:07 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id FcQzl86cTmU8; Tue, 11 Nov 2025 05:42:07 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1762864923; bh=YWdprSSLyIgATvbm3CiEa11IaX53oU6La/BXLvqsE9s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QbHdtdosGq5vN3W00j6MI0Ctooa8+x5jD8YZy3FgEOGWzH39kmjeBhxSRHisP7Ua4 ufpb9lKy4yKAKNaAP3Nep4bpjjlsmjWZGGPhmMQiV3PkpBXdnyByggh0JYalfGA08U AGxlmZTjIrkFFfqjsGBXGW89hneMCJIVk2wZ21fJtRFSvK2KOEgCANsk2hIODk9yDT 7GegkP7aO6LsW8IYo8ifiQj6KXDm1vlhgmV6Lz78ZTOeHi081zGYguqZ0LPgno5xJe Cwc5rTBWGObjDPKUaqCulr0OcuIwvU52lfOXxcod3acmw7SkOXlwP4MPywX7zauYSY IQz9hGMZ2+7JQ== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 0DC2F6846C; Tue, 11 Nov 2025 05:42:02 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Tue, 11 Nov 2025 05:41:07 -0700 Message-ID: <20251111124131.1198930-2-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251111124131.1198930-1-sjg@u-boot.org> References: <20251111124131.1198930-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: T6HXFSGFDYZOVISXD76PH2GSWZB7TJCP X-Message-ID-Hash: T6HXFSGFDYZOVISXD76PH2GSWZB7TJCP X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 01/15] mbedtls: Allow use of XTS functions List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Add a few Kconfig options to support XTS (XEX Tweakable Block Ciphertext Stealing). Co-developed-by: Claude Signed-off-by: Simon Glass --- lib/mbedtls/Makefile | 4 ++++ lib/mbedtls/mbedtls_def_config.h | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile index 0506a5a6b3e..257f585c013 100644 --- a/lib/mbedtls/Makefile +++ b/lib/mbedtls/Makefile @@ -37,6 +37,10 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/hkdf.o mbedtls_lib_crypto-$(CONFIG_$(PHASE_)PKCS5_MBEDTLS) += \ $(MBEDTLS_LIB_DIR)/pkcs5.o +mbedtls_lib_crypto-$(CONFIG_$(PHASE_)BLK_LUKS) += \ + $(MBEDTLS_LIB_DIR)/aes.o \ + $(MBEDTLS_LIB_DIR)/cipher.o \ + $(MBEDTLS_LIB_DIR)/cipher_wrap.o # MbedTLS X509 library obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h index 9e3beed07f4..a0578d33ba6 100644 --- a/lib/mbedtls/mbedtls_def_config.h +++ b/lib/mbedtls/mbedtls_def_config.h @@ -64,6 +64,12 @@ #define MBEDTLS_PKCS5_C #endif +#if CONFIG_IS_ENABLED(BLK_LUKS) +#define MBEDTLS_CIPHER_C +#define MBEDTLS_CIPHER_MODE_XTS +#define MBEDTLS_AES_C +#endif + #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) #if CONFIG_IS_ENABLED(X509_CERTIFICATE_PARSER) @@ -104,6 +110,7 @@ #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_CIPHER_C +#define MBEDTLS_CIPHER_MODE_XTS #define MBEDTLS_MD_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_AES_C